Which? reveals true threat of identity theft We signed up for three credit cards in others' names

17 January 2016

One in seven Which? members have fallen victim to identity fraud 

Which? has revealed how easy it is for fraudsters to steal your identity by successfully applying for three credit cards using information gathered online.

As part of our latest ID theft investigation, we asked security experts to search the web for details on 42 volunteers and see how at risk they could be to identity thieves. 

With permission, we were able to use the information we found, plus a few educated guesses, to successfully apply for credit cards in the name of three of our volunteers.

We were able to get cards from American Express, Capital One and Santander which, unlike other major credit card providers, don’t ask for your bank account number or sort code as part of the application process.

Find out more: How to bank online safely – advice from our online security experts

ID theft: are you secure?

In order to be successful, real fraudsters would need to intercept the card and PIN. But security experts say they may get around this by setting up a mail redirect or stealing mail from a communal mail box. 

Our investigation highlights how many people give away far more than they realise online, exposing valuable information that could make them easy prey for identity thieves.

Which? executive director, Richard Lloyd, said: 'With ID theft on the rise, consumers should be extra careful about the information they share online. Unfortunately, you can still become a victim of fraud even if you have been vigilant, and if this happens you should talk to your bank because they should give you a refund.'

In a survey of 1,139 Which? members, more than one in seven (14%) told us they had fallen victim to identity theft.

How to protect yourself against identity theft

Which? has put together some tips to help you improve your online security.

Be wary of unsolicited emails

Watch out for unsolicited emails or ones that try to convince you to respond by offering a cash incentive. Fraudsters often pose as banks or government bodies, but these organisations would never ask for passwords or debit or credit card information over email.

Don't engage with strangers on social media

Don’t accept invitations from people you don’t know on social media sites. It’s also a good idea to create separate work and personal profiles. And double-check that your social media profiles are private, so that you are only sharing information with people you know.

Be careful what you share online

Don’t post any pictures showing your car number plate – fraudsters could use this to illicitly obtain your address from DVLA records. Don’t post photos showing your house online as they could confirm your address and give clues to your financial status.

Be cautious using public wi-fi

Take care when using public wi-fi networks and don’t use them to access sensitive apps such as mobile banking.

Secure your hardware

Use and update anti-virus or security software protection for all your devices, including mobiles.

Opt out of the open electoral register

Opt out of the open electoral register by calling the Electoral Registration Department of your local authority.

Use complex passwords

Make sure you use different and complex passwords that are hard to guess.

What to do if you've been a victim of ID fraud

If you’ve been a victim of fraud you should report it to your bank or credit card provider immediately. You should also notify Action Fraud by calling 0300 123 2040 or via actionfraud.police.uk.

Banks and card companies should refund you for any financial losses from fraudulent activity unless they can prove you’ve been negligent. Although you could be liable for the first £50 of any sum spent before you report the fraud, providers will often waive this in practice. 

If you aren’t happy with the way your case is handled, you can escalate it to the Financial Ombudsman Service.

More on this...