Facility takeover fraud – telephone is the channel of choice

Through 2016 our member organisations identified that abuse of identity information was taking place via a handful of different fraud types. One of the most common is facility takeover fraud.

Facility takeover fraud cases are where a fraudster gains access to the accounts of innocent victims and then uses that access for their own benefit. This type of fraud had been on the wane following peak levels identified in 2012.

By 2015, the number of facility takeover frauds identified over the course of the year had more than halved compared with 2012. This rapid decrease was largely attributed to increased account security, with initiatives such as card readers and device authentication strengthening access control.

This means that the substantial increase identified in 2016 – an increase of 45% up to over 22,500 cases – is notable.

A key difference between identity fraud and facility takeover fraud is the extent to which it is perpetrated online. While 88% of identity frauds were perpetrated online, only 30% of facility takeover frauds targeted online access.

Most commonly, and in over 50% of cases, takeovers were attempted through telephone channels. It is these telephone takeovers that have driven the overall increase in takeover fraud, and in particular the takeover of mobile phone accounts in order to obtain upgrades.

This targeting of the telephone channel reiterates the advances that have been made in securing online access to customer accounts. In fact, the number of identified attempted online takeovers decreased in 2016, demonstrating that so long as there are multiple different ways for customers to access their own accounts then fraudsters will attempt to gain access to those accounts using many different methods.

The security of these channels cannot be neglected, as fraudsters will target what they perceive to be the weakest point. As technical innovations continue to improve online security, the weakest point appears to be the human being at the end of a phone line.

Investment in the deployment of voice recognition technology and other techniques to secure this point of access should be part of all organisations’ armoury, as well as increasing awareness through training for call centre staff.

This piece was originally featured in our report Fraudscape, which gives the full story on fraud and financial crime in the UK in 2016.