Gary Billingham from fraud prevention organisation, Cifas, explains how a fraud ring used identity fraud across multiple services to obtain leased and rental vehicles. In his blog he provides tips to help organisations protect their vehicle assets.
Last year, a known fraud ring came to our attention in the form of identify fraud hitting the motor finance sector. The alarm was raised when fraud cases with commonalities were discovered, including the same facial images cropping up on counterfeit driving licences.
Working with law enforcement agencies and members alike, we began to profile both the successful and prevented incidents in order to draw commonalities in each event. We noticed patterns including the fact that attempts included common occupations, e.g., plumber or electrician, and similar email address formats.
We interrogated our wider data, approximately 1.8 million records of fraudulent conduct from banks, insurers, credit card and motor finance companies. At this point we were confident we were dealing with the same perpetrators, all with common links of telephone numbers, email addresses and facial images.
We cast the net wider and further profiling, including IP addresses, flagged up 52 cases of identify fraud in motor finance, credit card, bank accounts and credit file requests. It was clear this was an organised group. They armed themselves with the right information they needed for an application, doing their homework on the person they were impersonating - for instance, applying to a credit report agency for a credit file to gain as much financial information as possible. Fraudsters are expert problem solvers and this network was a perfect representation of this.
With this fraud ring, a key tactic was to obtain credit cards in victims’ names but rather than run up high balances, modest single transactions were made with motor insurance providers.
This is where the rental sector comes into the picture, as the criminals involved would use their fraudulently obtained insurance policies to submit fictitious claims between two insurers. The insurer receiving the 3rd party claim would accept the claimants request to arrange a courtesy car for the non-fault party. When the rental vehicle is collected, it is collected by conspiring members of the group who inevitably do not return the vehicles.
This method of fraudulent claims including identity frauds is a particularly complex issue for insurance firms and the theft of hire vehicles was a new risk that insurers needed to reassess control frameworks for.
This group were professionally organised, adaptable and persistent. They had also exploited lockdown measures, taking advantage of more digital rather than face-to-face processes used by lenders, pretending they were shielding away from the victims homes as a result of a pandemic or working for the NHS which was used as an explanation why vehicles couldn’t be delivered to the home addresses.
Fraudsters don’t operate within a single sector, we looked at a huge cross section of fraud risk data from different sources and experienced real value from understanding fraud activity across the board.
With this persistent group, active from May 2019 to August 2020, over 70 cases were identified from this investigation. Arrests have been made, but we continue to take steps to identify other cases. The facial matching service proved to be hugely powerful, linking the fake facial images of the all-male perpetrators.
In terms of prevention, knowing when to apply enhanced controls is critical. If someone has a home address in Scotland but asks for a vehicle to delivered to the Midlands; this should raise a risk. Equally, changes to delivery addresses post acceptance should present an increased risk.
Controls should be diversified; firms should think about alternative questions as organised fraudsters will research processes in advance. For example, rather than ask for a date of birth, ask how old they will be on their next birthday and listen to how they answer rather than just the answers given. Ask questions that will be harder for fraudsters to find out, what is the middle initial of their spouse or partner or ask for a road or street adjacent to their address. Or what is the nearest train or tube station, school, or park. The key control is how they deliver the answers.
Fraudsters are using open-source intelligence to commit fraud so why shouldn’t we use the same to prevent it. Firms should also analyse successful fraud preventions as well as losses. This valuable intelligence at your own fingertips can be helpful to see how fraudsters are testing your controls. For example, the credit card providers prevented 89% of fraudulent conduct, largely through device and IP address profiling with only 11% being successful. Think about how you would bypass your own controls including the tools you would need from other sources – do you place an over reliance on any potential enablers? One of the biggest lessons learned across the industries is that controls are subject to enforced change. Whilst the pandemic has contributed to much of this over the past year – other factors can do this such as market shifts, consumer demand and regulatory changes. We also can’t be certain that industries can revert back to type post pandemic, many of the temporary practices in place may have to become permanent.
This is why we see such a benefit in being able to not only share fraud risk data, but also share intelligence, profile networks and get beneath the surface of data. By doing this, we hope to understand ‘how they did it’ rather than simply ‘what they did’.