Title: COUNTERMEASURES

Countermeasures

In Identity Fraud: A Study, published in 2002, the Cabinet Office recommends and urges for “more effective joint working, more sharing of data and intelligence and more active and effective prosecution policies.” As a result of the Cabinet study, the UK government heightened its initiatives to develop means to prevent and detect identity fraud. The Home Office created the Identity Fraud Steering Committee (IFSC) and the Identity Fraud Forum (IFF) in 2003, which developed a framework to identify effective measures to prevent and react to subsequent occurrences of identity fraud. More specifically, both IFSC and IFF members highlight a number of significant priorities in their work to reduce the occurrence of identity fraud. These include:

1. identify new opportunities for data-sharing across the public and private sectors;         

2. reduce fraud involving the impersonation of deceased persons;  

3. establish the cost of identity fraud to the UK economy on an ongoing basis;  

4. researching the impact of identity fraud on victims and statistically tracking those cases;  

5. improve both the public awareness of identity fraud through joint working with the financial services industry and the training provided to those in the financial sector responsible for checking customers’ identity.

As a result of these priorities, the IFSC and the IFF managed to develop a number of regulatory instruments in their battle against identity fraud. Important measures introduced by the Government primarily include aligning penalties, defining a new criminal offense, developing and sharing good practice, and raising public awareness. The Government decided to increase the maximum punishment for fraudulently obtaining a driver’s license from a maximum fine of £2,500 to a maximum two year prison sentence, which is the current punishment for fraudulently obtaining a passport. Furthermore, in 2003 the Government decided to introduce a new criminal offense. Under the new criminal offense, any individual who is either in possession or in control of false identity documents, whether genuine documents illegally obtained or derived from another person, is in violation of the law and subject to criminal sanctions. The underlying motive for the introduction of a new criminal offense is the connection between use of false identity documents and organized crime; consequently, the UK government hopes to use the new offense to provide the police with additional means “to disrupt the activities of organised criminals in the early stages of their crimes.” The new offense is part of the Identity Cards Act, which will later be elaborated upon.

On 15 January 2007, the Fraud Act of 2006 came into force. The Fraud Act “created a new offence of fraud that can be committed in three ways: by making a false representation (dishonestly, with intent to make a gain, cause loss or risk of loss to another), by failing to disclose information, and by abuse of position. Offences were also created of obtaining services dishonestly, possessing equipment to commit frauds, and making or supplying articles for use in frauds.” The Fraud Act certainly criminalizes many aspects of identity theft and identity fraud which could help in the prosecution of perpetrators of identity-related crime. According to Kevin McNulty, the new legislation has proven easy to prosecute. So far, approximately 525 people have been prosecuted under the new legislation. As Anne Savirimuthu and Joseph Savirimuthu state, “the Fraud Act 2006 facilitates the prosecution of identity theft and therefore makes a valuable contribution to Internet governance.” The main benefit of the legislation is the change made with regard to fraud. Previously, fraud could not be conducted against a machine (i.e. a computer or an ATM). Deceiving a machine, as a result of the Fraud Act, can now be prosecuted. Savirimuthu and Savirimuthu provide concrete examples of how simply sending a phishing email provides prosecutors with grounds for prosecution. As the authors state, “There is no requirement for the phisher to be shown to have used the information to access the funds in the victim’s account. The victim need not respond to the email or act on the request.”

While Savirimuthu and Savirimuthu welcome the Fraud Act and its changes to the landscape of crime prosecution, others recognize the potential pitfalls of the Act. Maureen Johnson and Kevin M. Rogers describe how the Fraud Act has made fraud into a crime of conduct rather than a result crime. As the authors note, “The shift of the fraud offence into the realms of the conduct crime should not be underestimated. Conduct will now be caught and criminalised which would not even have sufficed for an attempted offence prior to the Act, and as a result fraud has become a very wide offence indeed.” Others agree and claim how the broadness of the provisions included in the Act are both a ‘blessing and a curse.’

Within the United Kingdom, the introduction of chip and pin is a successful initiative proposed and implemented by the private sector. Chip and pin altered the method of authentication for credit card users. Whereas previously users simply needed to sign their name during a credit card transaction, chip and pin required them to also enter a pin code. This changed the transaction from a one-factor authentication to a two-factor authentication. The two-factor authentication makes it more difficult, although hardly impossible, for perpetrators to commit account take over if they only have the credit card and do not know the accompanying pin code. This initiative helped to reduce the number of credit card related identity fraud cases within the United Kingdom. Overall, fraud, however, did not go down due to the fact that other countries failed to introduce similar measures. The benefit of this countermeasure is how it directly targets the vulnerability of verification when a client makes use of his or her credit card through introducing an additional authentication factor. According to APACS, “2007 card fraud figures…show that total card fraud losses rose by 25 per cent in the past year to £535.2m. A key driver behind this is the 77 per cent increase (up £90.5m) in fraud committed overseas by criminals using stolen UK card details – which typically occurs in those countries yet to upgrade to chip and PIN. Fraud abroad now accounts for over one third (39 per cent) of total card fraud losses.” Clearly, chip and pin, while effective, also led to a redistribution of fraud to other territories.

With regard to the public, the UK launched a number of efforts to increase awareness among its citizens. First, the Home Office IFSC launched a website (www.identity-theft.org.uk), which, in addition to raising awareness, provides advice on how to prevent identity theft and also identifies the actions victims of identity theft can take to resolve their issues. Second, Home Office Minister Andy Burnham launched an awareness campaign in 2005 to increase awareness and educate the public on prevention of identity theft while also identifying the available means for identity theft victims. Additionally, as suggested by the Cabinet Office in 2002, a number of government agencies and other associations increased their cooperation to develop and share good practices to combat identity fraud.