Title: PREVALENCE

Prevalence

Few studies have focused on identity fraud as such. Three reports should be mentioned because they provide an overview of the current state of identity-related fraud. The first, the ‘Informative Report on the new generation of identity documents and document fraud’, presented to the Senate in June 2005, focuses on identification document fraud. The report aimed to comprehend the phenomenon of document fraud in France, to identify its main origins and to formulate the relevant recommendations in view of making a contribution to the public debate surrounding the introduction of a national electronic identification card. The second report relates to the origins and forms of credit card fraud and is issued on a yearly basis by the Observatory for Payment Card Security. Finally, the third report, issued by the Observatory for Cyber-Consumerism [Observatoire de la cyber-consommation], under the resort of the Forum of Rights on Internet, issued in May 2005, assessed the reality of consumers’ fears towards on-line payment fraud.

Document fraud

Measurement of the phenomenon

The Report “on the new generation of identity documents and document fraud” provides an overview of the current state of document fraud in France on the basis of the available data. This report identifies four types of identity fraud: use of false identity, identity theft, exchange of identity and use of a dead person’s identity. The means used to perpetrate such crimes usually include stolen blank identity tokens, counterfeit tokens, forgery, fraudulently obtained identity tokens and fraudulent use of another person’ identity token.

This Report notices an important increase in document fraud over the last few years. The use of false identity documents, for example, appears to have increased by 7,71% between 2001 and 2003, as illustrated by .

Table 3.. Document Fraud – Continental France (extract of « état 4001”)

The figures relative to breaches of the law based on document fraud punished between 1994 and 2003 reveal the same tendency. 

Table 3.. Document Fraud – number of sanctions

However, these figures are merely indicative and the real significance of the phenomenon remains unknown as no public agency has been in charge of collecting any statistical information. The available information is thus fragmented and information sources are dispersed and uncertain. Furthermore, in most of the cases the competent authorities have not developed measuring tools.

The lack of centralisation of the information, the lack of common benchmarks and definitions and the fact that frauds linked to the perpetration of other crimes than identity fraud are not taken into the statistics are identified as one of the main barrier in the fight against document fraud. To that effect, the report suggests putting the National Observatory of Delinquency in charge of the elaboration of a permanent evaluation tool of identity fraud.

Weaknesses identified

The report identifies several weaknesses of the system not only related to the production and detection of false identification documents but also both located in the handout procedure of authentic documents.  

False documents 

First of all, problems arising from the production of false documents are mainly present in passports and driving licenses due to the fact that they do not benefit from a centralised procedure of issuance, contrary to the national identification card. In that sense, the report suggests giving legal validity for identification exclusively to documents such as the national identification card and passports. It even raised the question of a possible fusion of both documents. 

Moreover, some of the security measures incorporated in identification documents cannot be checked during identity controls because the police lack adequate instruments.  

Authentic documents issued on the basis of false documentation 

Another problem stressed by the report resides in the fact that it is possible to obtain authentic (i.e., official) identification documents by providing forged (unofficial) documentation. This facilitates the obtaining of a false identity certified by an authentic document.  

In view of obtaining an identification card or passport, individuals need to prove that they are entitled to be delivered such  document. To that effect, they must produce an authentic document which states their date and place of birth and their filiations, the so-called “justificatif d’état civil”. These documents are usually delivered by municipalities, in charge of the Civil Registers, or abroad, by Consulates. There is no centralised Civil Register in France.

The report observes that the staff in charge of handling these documents is sometimes insufficiently prepared and do not respect the existing guarantees of the procedure such as the persons whom this document can be handed to (the beneficiary itself, its ascendants, descendants or a third person with a valid mandate). This facilitates the issuance of authentic documents to unauthorized persons. In foreign countries, two main issues are identified as facilitating fraud, namely cases of corruption of civil officers and the lack of quality of Civil Registers (several persons recorded under the same name, outdated registers, etc.). The Ministry of Foreign Affairs has observed an increase in the production of irregular or forged “justificatifs d’état civil” issued in foreign countries.

Moreover, the existing databases of requests of identification documents and of reported stolen and lost identification documents are insufficiently used and updated by the Civil Registry officers and the police. Structural problems hinder the work of such officers. For example, digital prints are exclusively stored on paper, which prevents checking the digital print taken against the database when a new document is requested.  

The report concludes that there is a need to use secure identity tokens (secure eID card), to introduce a more secure handout procedure of identity tokens mainly through the centralisation of procedures and the introduction of biometric identifiers. 

Credit card fraud

Since 2003, the Observatory for Payment Card Security, under the resort of the French National Bank, issues an annual activity report which includes a survey of credit card fraud. The survey is based on a specific methodology developed by this Observatory to obtain reliable statistics in the field.

First, a definition of payment cards fraud needed to be provided. The definition adopted covers the use of cards or the data captured on them as well as the activities contributing to the perpetration of fraud. Irrespective of the criminal offences that exist under national law, the Observatory has chosen to adopt a functional definition that links the fraudulent nature of an act to its illicit nature and to the harm possibly caused to the various actors involved in a card transaction. It has decided to exclude all use or attempts to use payment cards by the lawful cardholder that are considered fraudulent solely due to lack of funds. 

The Observatory has in addition defined a fraud typology in line with the various approaches outlined in the definition of fraud and closely based on the classification criteria used by the various issuers. This typology distinguishes between:

1. the origin of fraud: lost or stolen cards, non-received cards, forged or counterfeit cards, misappropriate card numbers,  unallocated card numbers, splitting payments;

2. fraud techniques: skimming, opening of a fraudulent account, usurpation of identity, wrongful repudiation, hacking automated machines, hacking automated data systems, card number generation; 

3. types of payment: face-to-face payment, remote payment, withdrawal; 

4. losses of the different actors: merchant’s bank, acquirer of the transaction, cardholder’s bank, issuer of the card, the merchant, cardholder, insurance company and any other operator involved; 

5. geographical area of issue or use of the card or the data encoded on them. 

The statistics are based on a diversified sample, comprising as many respondents as possible, and encompassing the most representative operators on the market. This includes the payment card issuers and merchants represented within the Observatory but also other issuers and merchants. 

The following figure

Figure 3.. Types of credit card fraud

* The category “other” mainly relates to fraudulent opening of an account or credit file in private credit card companies, very significant for this type of card.  

shows an increase in credit card fraud, the most important relating to card loss and theft. Counterfeiting is still the reason of 16% of fraudulent national payments. It is worth noticing that the theft of card numbers has increased between 2005 and 2006 after a 3 year-decline.

Table 3.. Distribution of national fraud according to its origin and the

The Observatory’s report observes that there is an increase in cases checked by police related to payment card fraud for the year 2006. In total, 53,755 cases of counterfeiting have been detected, 3496 persons have been arrested, and 1642 persons have received judicial custody.  

On-line payment fraud

Finally, the report on On-line Payment issued by the Observatory for Cyber-Consumerism, under the resort of the Forum of Rights on Internet, issued in May 2005, assessed the reality of Internet users’ fears. This Report is based on a survey across different actors of on-line payment channels such as consumer organizations, public institutions, technical and financial providers, with the purpose of collecting experiences, practices and fears of Internet users related to e-commerce.

For 32% of Internet users surveyed, (insufficient) security of Internet payments remains an obstacle for online purchases. Three main fears have been identified during the survey: misappropriation of card numbers, automated creation of card numbers and recaptures of cards numbers in daily life. In all cases, Internet users fear inopportune withdrawals on their banking accounts causing them financial damages.

First, with regard to fraudulent interception of card numbers, the report reveals that none has been registered when the payment is made in a secure on-line environment. The reasons seem to rely, on the one hand, on the fact that service providers are allowed in very restrictive cases to store users’ credit card information and on the other hand, on the encryption mechanisms used.  

Second, automatic generation of credit card numbers cases remain marginal and not exclusive to the on-line environment. Off-line payments also suffered from this type of fraud. In that sense, safeguards such as the use of visual cryptograms or the 3D secure system have been implemented by actors of on-line payment channels (see Section ). They managed to keep the risks originating from these practices under control.

Finally, with regard to fraudulently obtaining credit card numbers through off-line payments, the problem resides in the fact that credit card numbers appear on the receipt kept by the merchant. This number is currently necessary, in case of technical problems, to re-enter the transaction realised via the credit card. The solution has consisted in using a visual cryptogram printed in the credit card, which allows the merchant to ensure that the user has the credit card in their possession. Another weakness resides in purchases made by telephone, as the number is given to the merchant by the buyer. Police investigations demonstrated that embezzlers got the numbers through these practices in certain shops such as computers shops or petrol stations. The Observatory recommends a progressive process to delete credit card numbers on all receipts. 

The conclusions of the report are reassuring in so far that it appears that multiple technical and organizational measures such as SSL protocol or dynamic generation of credit card number have been implemented in order to protect consumers during on-line credit card payments and that alternative payment solutions have developed simultaneously, for the payment of small amounts (see further section ). The report also strongly recommends awareness to be raised by public authorities and market actors (banks, online merchants, etc.) with users to fight phishing and software which exploits the vulnerabilities of the consumer’s computer. The report also reviews micro-payment solutions that allow fast, easy to use payments which ensure relative anonymity for the user and do not imply significant additional costs for the merchant.