The Solution To Identity Fraud

@rfdevere Blog

I really respect readers of our blog, hopefully you’ve come here to shoot down the claim in the title. I know I would if I saw it randomly on Twitter. I would drive to that persons house and argue why it was naive.

‘The solution to identity fraud’ what a statement! critically flawed, as it’s unlikely there is one single solution to identity fraud. It’s the kind of statement that comes before the snake-oil sales pitch. It’s the alluring outlandish sentence designed to drive sales and funnel you to the sales team in excitement. People in our industry make empty claims like this all the time.

So last week when I was on a policing webinar, sharing my tips to avoid banking frauds to a hundred or so North Yorkshire residents, an old boy pipes up on the call that he has solved identity fraud you can see why I was skeptical.

 

Yeah, let me check that claim for you mate…

I forgot about the webinar and drifted off into a few Google searches when I should have been listening. The claim was a simple one, he actually said “My name is Jamie Jamieson, I have solved identity fraud, just Google ‘Jamie Jamieson identity fraud’, thank you.”

So I did just that…

I’m met with credible interviews, the Guardian, the BBC, MoneyBox and ZDNet. He certainly has been peddling this idea for a few years. I dug deeper into the articles and the Walter Mitty character in my head dissolved. Jamie had spent 25 years with GCHQ. His idea was credible and from a quick assessment in my head, it was legal, it could be practical… the idea and bold claim could be real. There was definitely no snake-oil sales pitch!

I returned to the webinar and as awkward as it was explained that I’d like to meet him and talk more about this idea. So we exchanged details and did just that the following weekend.

 

Who is Jamie Jamieson?

So I did drive to his house in the end. As I sat down after arriving at his seaside residence, I began to listen to his story. Three hours later, I can honestly say Jamie is one of the most interesting people I have had the pleasure to meet. He is someone that has squeezed life for all it has to offer. I would like to tell you every last detail that was shared but I won’t out of respect for his past and career. I will say Jamie is an expert submariner with a Navy background. A Bletchley trained radios and communications whizz. He knows morse code ‘betterer’ than I know English.

Over a raspberry brownie, we played devil’s advocate with his anti-fraud idea.

I left that day knowing his idea has the potential to change how we look at identity fraud. It is probably the best way as a nation we could turn the tables on identity fraud. Is it the solution to identity fraud? well to give him his dues, the idea is closer to the yes end of the spectrum than the no end.

 

Thumbprints & Signature

On the surface his idea is quite basic. You urge people to add a Notice of Correction to their credit file that asks lenders to request a thumbprint when you sign a contract. From that point on, new contracts should be signed as usual and you will now be asked by the lender to mark the signature area with your thumbprint to prove it is you. The system sounds like a ‘freeman of the land’ type affair and I loved picking holes in it all. When I did though I only trusted the idea more and found under the surface was a quite robust framework that could alter liability in the event of a fraud.

People don’t want you storing all their prints in your ex-spy GCHQ database dude! – The system doesn’t use a central database of fingerprints to work. In fact, if a fraudster applied for credit and was stupid enough to mark it with their own thumbprint you could give that to the police and they would check it against IDENT1, the official national database for finger prints. Your prints are all over credit applications anyway, if $EvilCorp wanted them they could just use a kids fingerprint kit to get them.

Fraudsters won’t be that dumb and just thumbprint a fraudulent contract?! – Great. We agree that it is preventative then…

OK, I’ll just steal your identity and head to the shops, how will it help you then? – I will be able to request the contracts from the lender and bring their attention to the fact there is no thumbprint. Then I will email the lender and make them aware of the notice and the fact they have acted negligently.

But… whats to say the lender has even read your special Notice of Correction? – The law states a lender MUST read the notice of correction if one is added to an applicants credit file. They don’t have to action it or follow it’s commands… but they have to read it.

So is this about fraud liability or fraud prevention? Both, the idea could prevent fraud and also help you prove your innocence should you become a victim of identity fraud.

If this is such a great idea, why have the big credit reference agencies not done it? They do… Equifax has a similar system but it only uses a password, which can be seen by all lenders… a thumbprint is better. They also all sell a competing product in the forms of identity theft protection so I can’t imagine a big rush for them to stop millions of pounds in revenue.

That reminds me ‘CIFAS’, there is already a scheme for this! – CIFAS, as the name implies is the Credit Industry Fraud Avoidance System. Not yours. It’s a scheme that lenders can join to see if you are a risk to them. Their goal is to help lenders make informed choices about lending. When a fraud is spotted, or a lender just believes you have been a target for fraud, a marker is placed on your credit file. It’s not a proactive system unless you pay for this service, and even then a fraudster can still obtain credit if they can prove your ID with stolen documents. CIFAS say it won’t stop you getting credit and a CIFAS marker won’t damage your credit score… but people with one (and the financial ombudsman) say differently. CIFAS does not transfer liability – why would the credit industry support a system that pins negligence on their chums.

Does this even work? Jamie has had no problems in the 15 years he has had the marker, he recited the time he took a journalist down to a phone shop and the application was made as usual in store. Mid application, the computer said no and the staff in the store had to ring the finance department. A few minutes later the store assistant asked Jamie to mark the document with his thumbprint and the process carried on OK. Jamie has also had a similar idea trialled in Inverness where shops asked for a print when people used to sign for purchases. Fraud dropped 84.3%.

Arghhh that sounds like friction though – Although minor, yes. The friction can also be a good thing. As with all Notice of Corrections, automated systems have to wait for a human to review the application. This will mean in store a phone call is made by the assistant. It means that on some online applications the lender will send you a contract in the post or request you print, thumbprint, scan and email them back.

So is this for everyone? If you are the kind of person to get a new contract several times a week then you may not like waiting that extra few minutes for a loan or new phone. People have to decide themselves if the benefit of preventing ID fraud outweighs the mild inconvenience.

 

Let’s bring this to life

Jamie had his idea in all the papers a few years ago, he has been on TV… but the idea isn’t common knowledge. I’ve never heard the police mention it. To the average bod in the street it sounds complicated and confusing.

We agreed that The AntiSocial Engineer Limited will champion the scheme and give it the place to live that it deserves. Explain the process, make it easy to action and cut through the complications for people. We will also never charge for MyPAS.

So after a week of planning and some nifty web-dev we have done just that. The idea now has a name, a logo, it has a new webpage and hopefully this will help the adoption of the idea. Beyond this though we will work on this project over the following year in the background. We would like credit reference agencies to help us integrate Jamie’s idea into their websites and processes and we know the project is only just beginning.

 

MyPAS – My Print Authenticated Signature

If you would like to know more about MyPAS, grab the paperwork and get protected please visit https://TheAntiSocialEngineer.com/MyPAS