Major players in the UK financial services sector are becoming increasingly concerned over the reputational risks posed by the huge rises in ID theft crime across the country

A comprehensive study carried out by business advisory firm Deloitte reveals that ID theft - which is becoming an ever-increasing concern for the UK's financial houses - could account for up to 40% of all fraud losses suffered by financial services organisations, writes Brian Sims.

Mike Maddison - leader of security and privacy services at Deloitte - told SMT: "The organisations we spoke to consistently rated the protection of their reputation and brand as being far more important than defending themselves against any direct financial losses. Some even saw superior protection against identity theft, such as fraud insurance or advanced authentication, as a commercial opportunity to differentiate themselves from their competitors."

The Deloitte study (entitled ‘Identity Theft') reports on the findings of one-to-one interviews with APACS, the Financial Services Authority (FSA) and leading financial services institutions.

While chief information security officers were naturally reluctant to be specific about certain details, the report reveals a significant number of recent identity theft-related incidents, including growing phishing and pharming (attempting to obtain customer log-in details)-style attacks, as well as several attempts to obtain advance fees by fraudulently trying to use an organisation's brands.

Internal incidents such as customer identities being stolen by staff for onward sale, employees bypassing technical controls to access restricted customer details and certain members of staff stealing their colleagues' identities to obtain unauthorised access to systems are also major concerns.

Mike Maddisson added: "The risk outsourcing presents to the security of personal information is compounded where the service is off-shored. Differing legal and regulatory systems and business standards, combined with geographical separation, renders the regular monitoring of controls that much harder."

Tackling the problem head-on will require involvement from both regulators and customers.

Source

SMT