You've installed the best possible access control system but it's not the thief you'll be up against as much as the so-called 'honest citizen' …

Dishonesty and frauds are widespread in the UK, with nearly half of people admitting to forgery and one in ten to low-level identity fraud. Users are regularly overriding access control systems in a misguided effort to be helpful to colleagues.

Worryingly, with the prevalent terrorist threat, 10 per cent had misused ID access control systems by impersonating someone else or had assisted someone else to do so, and 32 per cent admitted conning their way past security personnel. An astonishing total of 21 per cent owned up to having used fake identity cards.

These are the key findings of the Dishonest Britain Study, undertaken by TSSI Systems, provider of fingerprint biometrics access control.

Danny Chapchal, executive chairman of the company which also provides document verification, and ID and smart cards says: "Dishonesty and fraud are shockingly widespread. Despite Britain's terror alert, UK citizens' irresponsible identity abuse is making it harder to tackle this threat."

Stolen identity

Just over one in ten people (12 per cent) owned up to low level electronic identity fraud, by dishonestly impersonating someone else over email. A further 23 per cent admitted they had been tempted to do so. Seven per cent confessed to assuming another person's identity through forging their signature on letters or cheques.

Security in the workplace was a worry for 27 per cent of people. The survey uncovered justification for this alarm: 14 per cent had spied on people entering PINs, passcodes and passwords and 10 per cent had misused ID and access control systems by impersonating someone else or had assisted someone else to do so. A further 35 per cent said they would think nothing of counteracting their workplace security by lending or borrowing a work pass if they or a colleague had forgotten theirs.

"It is clear that either through deliberate dishonesty, or in a misguided effort to be helpful to colleagues, end-users are regularly overriding access control systems". Chapchal continued. "It is essential that companies implement systems to close these security weaknesses which could be exploited by criminal elements."

Forgery is rife

45 per cent of people admitted to some kind of forgery. ID cards were by far the most popular item, with 18 per cent admitting to forging these. Other items included doctors' notes (five per cent); fake letters on company letterhead (four per cent); reference letters (four per cent); travel tickets (two per cent); concert tickets (one per cent); and tickets for sporting events (one per cent).

A quarter of the Britons surveyed also confessed to exaggerating their educational qualifications to gain employment.

Recommendations

Based on the findings, TSSI made a number of broad recommendations for companies to improve their ID security including:

  • Looking at the findings of the report and assessing the risk in the light of them;
  • Ensuring that the company has an individual responsible for both physical and logical security (measures which protect the system data and ways in which it is used).
  • Auditing the movement of staff into and around buildings;
  • Avoiding the copying and borrowing of PINs and passwords by using cost effective biometrics;
  • Using a secure ID method to ensure employees only undertake jobs they are qualified to do
TSSI surveyed 1000 people between the ages of 18 and 60 at mainland stations in the UK in November of last year.

Hacked off over ID cards

TSSI has also cast doubts on the plans for national identity cards incorporating biometrics.

"The main concern with ID cards is forgery. The government has chosen biometrics to prevent this, but this needs careful implementation. Biometrics alone will not prevent forgery, and with it, fraud," said Stewart Hefferman, chief operations officer, TSSI Systems Ltd.

"Despite strong encryption, the Dutch biometric passports have already been hacked. What if someone hacks the UK system and uses this to forge cards? Obviously this would make a mockery of the whole ID card system. The government needs to tread carefully with the implementation of these cards, or the seeds of disaster will be there from the making."

The solution would be to store the data as an algorithmic encryption, making it impossible for even the most sophisticated fraudster to read or substitute.

The company was concerned why individual information needed to be stored on both card and a central database.
"We do not understand why they need to do this - unless they are planning to extend the usage of the cards in future, which is a major concern for the civil liberty groups. Other countries such as France and Italy have stipulated that biometric information is stored only on the cards themselves - thus still within the possession of the individual.

"We strongly advise that the back-end system enables an audit trail of those personnel who have accessed individual records on the back end systems. This is crucial to enable the government to identify if individual details were breached and thus make it easy to identify fraudsters and trace them."

Scam-alot!

SCENE 1
After his workout at the gym a man found his locker open. Thinking he must have forgotten to lock it, he checked his wallet and found all his cards were in place.
A few weeks later his credit card bill came with a massive number of transactions he knew nothing about He called the credit card company but they said there was no mistake and asked if his card had been stolen.

"No," he said, but then, looking at the card discovered a switch had been made. An expired similar credit card from the same bank was in his wallet. The thief broke into his locker at the gym and switched cards.

Verdict: The credit card issuer said that since he did not report the card missing earlier, he would have to pay the amount owed. Why were no calls made to verify the amount swiped? Because small amounts rarely trigger a warning bell with some credit card companies. In this case all the small amounts added up to a big bill.

SCENE 2
A man at a restaurant paid for his meal with his credit card. The bill for the meal came, he signed it, and the waitress folded the receipt around the card and passed it back to the diner.

Normally, he would just take it and place it in his wallet but this time he glanced at his card and realised it was the expired card of another person.

He called the waitress and she took it back, apologised, and hurried back to the counter under the watchful eye of the diner.

All the waitress did while walking to the counter was wave the expired card to the counter cashier, and the counter cashier immediately looked down and took out the real card without exchange of words. She brought it back to the man with an apology.

Verdict: Make sure the credit cards in your wallet at yours. Check the name on the card every time you sign for something and/or the card is taken away even for a a short time. Many people just take back their card without even looking at it.

SCENE 3 A man went into a takeaway restaurant to pick up an order and paid with a debit card. The young assistant behind the counter took the card, swiped it, then laid it flat on the counter as he waited for the approval.

While he waited, he picked up his mobile and acted as if he was dialling. The customer had a similar phone and recognised the click of the phone's camera function. The assistant gave the customer his card back but kept the phone in his hand as if he was still pressing buttons.

Becoming suspicious, the customer paid close attention. The assistant set his phone on the counter, leaving it open. Seconds later, the customer heard the chime indicating that a picture had been saved.

Although he did not want a confrontation, the customer felt fairly certain that the assistant had taken a picture of his credit card and immediately cancelled the card. Someone else with a different phone might not have noticed what was happening.

Verdict: Be aware of your surroundings whenever you are using your credit cards. Notice who is standing close by and what they are doing when you use your card. Be aware of camera phones.

10 per cent had impersonated someone else
14per cent had spied on people entering PINs
18 per cent admitted to forging ID cards
35 per sent would lend or borrow a work pass

Source

Security Installer

Postscript

The full report is available from www.tssi.co.uk under "Press".