Information Age: News, analysis & insight for IT & business leaders

A group of MPs have called for the appointment of a so-called �identity fraud Tsar� to co-ordinate the efforts of the government, police and private sector in fighting the rising incidence of identity fraud crimes.

According to a report issued by the All Party Group on Identity Fraud, which was created in 2006 in order to investigate the phenomenon, organisations that fail to safeguard the identity details of their customers should suffer tougher reprisals. In particular, the banking industry should take immediate action to protect its customers, the Group recommends.

Payments association APACs expressed doubt, however, that the creation of an identity fraud tsar would help combat the crime, of which more than 170,000 cases were recorded last year, costing the UK economy around £1.7 billion.

The association recommended a cross-industry, collaborative strategy. �That has to be the solution to the problem,� said Sandra Quinn of APACs.

The British Bankers Association responded to the report, stating that it has already established a cross-industry working group to deliver best practice guidelines in order to address the problem.

Collusion and complacency

Speaking on Thursday at a closed conference hosted by multi-factor authentication security company TriCipher, Lord Erroll of the House of Lords Science and Technology Select Committee said that the �police have colluded with the banks� on the issue of identify fraud, which has allowed the police to absolve themselves of responsibility for tackling the crime.

Only 1% of all cases of identity thefts are investigated by police, according to estimates from Cifas, the UK's fraud protection body.

The banks, Lord Erroll added, have meanwhile attempted to pass responsibility for the protection of customers� identities onto the merchant community.

The creation of an appointed official dedicated to tracking and galvanising efforts to address identity fraud is to be welcomed, but it is unlikely � if the Office of the Information Commissioner (ICO) is anything to go by � that such an individual will wield significant power.

Government offices such as the ICO should be afforded far more stringent powers, Lord Erroll told Information Age, which would allow them to inflict necessarily tough punishments on organisations that fail to protect personal details.

He also added that the government and business community need to establish a �commercial incentive� to improve their security measures and best practices.

Consumer non-power

Speaking anonymously to Information Age, however, a risk officer at a major retail bank said that despite  survey evidence  to the contrary, most retail banking customers are highly unlikely to move banks were they the victim of an identity fraud.

Evidence that discount retailer, TK Maxx -- who fell victim to one of the largest credit card hacks in history -- has not suffered a downturn in sales revenues, implies consumers are not as discerning or proactive as vendor surveys claim, he added.

"And if banking customers [who have fallen victim to identity fraud] were to move [banks], the next bank they move to would only have the same security measures, more or less," he added.

To this extent, he suggested, the banking community is aware that most retail banking customers are a captive audience, meaning consumer confidence will in fact exert little influence over the banks' security measures and practices.

Most banks will operate a simple cost-benefit analysis, and will prefer to continue to reimburse customers who have been defrauded as a result of identity theft, rather than spend an excess of that total on security measures.

Further reading

Setback for UK e-crime strategy

State of security

Plastic pain

Find more stories in the Security & Continuity Briefing Room