We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.

Bank transfer fraud: why scammers want to steal your identity

Which? gets the low-down from a fraud detective investigating banking crime

Fraudsters using stolen details to open impostor bank accounts is an increasingly prevalent form of crime.

In September, we reported on the tactics criminals are using to commit identity fraud and open bank accounts in your name – either to house the proceeds of a scam they’ve successfully carried out, to drain your overdraft or to apply for loans and credit cards in your name.

The scale of the problem is huge – particularly with the rise of digital banking and the ability for genuine customers to open bank accounts online without providing physical identification. According to fraud prevention body Cifas, identity fraud is at an ‘epidemic’ level, with 500 cases of ID fraud being carried out every day.

So, how are the authorities working to protect you and your finances from this rise in bank account fraud? Which? Money caught up with Detective Inspector Chris Felton, from the National Fraud Intelligence Bureau, to learn more about this troubling trend.

Interview by Faye Lipson

Which? Money (WM) Why would a criminal look to open an account in someone else’s name?

Detective Inspector Chris Felton (CF) They want access to a bank account – they’re not interested in defrauding the bank. If you want to defraud the bank you need the debit card and an overdraft facility.

Quite often these fraudulently opened accounts are actually very simple bank accounts without a credit facility attached to them. It’s money in, money out. That’s what they want so they can receive money from their victims [of scams and fraud] and transmit it onwards or cash it out.

So when a person’s identity is hijacked [for money laundering purposes], their problem isn’t that they’re going to be lumped with a massive debt, because the bank isn’t being defrauded.

It’s about then somebody – potentially from law enforcement or even a private individual who’s lost money – making enquiries and coming to them to say: ‘You’ve received this money.’

Subscribe to Which? Money Weekly

A free newsletter from Which? Money Compare offering unmissable news, deals and money-saving tips delivered to your inbox every week.

Register here

Newsletters


WM
So the motivation quite a lot of the time is money laundering, not raiding the overdraft?

CF Yes, generally. With all those things you do get variation. But certainly with what we’ve been looking at around money mules [a network of people who open bank accounts to receive the proceeds of a scam], it’s about accessing the account primarily.

If you were looking at defrauding the bank itself, the account’s got to have some kind of credit facility attached to it – in which case you’d move that money out by bank transfer.

But either way, the advice [to victims of impersonation] would be the same – get in touch with the bank straight away and get the account shut down.

WM How is that so easy for fraudsters to acquire the necessary information for a bank application?

CF Generally, you can buy it. There are sites where you can pick that information up. You can steal mail, though that’s quite clunky. But just sitting on a computer for a couple of hours you can start very easily to build up someone’s identity.

And if people have got open Facebook profiles, you’d be surprised how many people have their birthday on there. If they don’t, their friends probably do. You really can very quickly build up enough information about a person [to attempt this type of fraud].

The beauty of this is that, because you’re setting things up from scratch there is no security. As long as you’ve got the basic name, date of birth and address right, you’re probably pretty much there.

If you do it from scratch, you’ve got control. If it’s an online account you don’t ever need to go to the bank, you run it online, you do it through your computer if you’re clever.

We’re seeing fraudsters use virtual private networks (VPNs) to hide their IP address. Some are changing their computers. I’m not going to go into the details on this, but basically they make the machine look different each time it comes up. And they’re clearing the cookies on a regular basis – so the things banks leave to identify customers are being cleared off.

WM You’ve mentioned that this is a growing concern?

CF Yes. As online bank accounts have become easier and more normal the fraudsters have gone into that particular method because it’s easier.

You don’t have to physically be in the same location as the bank. You don’t even have to be in the same country. You can do it from overseas.

WM And it’s not just limited to personal accounts?

CF Fraudsters sometimes use business accounts. Companies House is relatively easy to trick into issuing a company based on false details. So you’ve got a company, and the next step is getting a bank account.

And opening a business account once you’ve created a company – again, it’s not that difficult. You can do it online.

Or the other option is you involve a real company to receive the money and forward it on – we’ve seen cases of this.

It’s not always clear what the company thinks is going on or what they’ve been told. Some of the companies have been tricked into thinking they’re receiving a payment for something.

Find out more: Our short video looks at some of the latest innovations in banking security. 

WM Are banks who receive money from scams doing enough to shut down the receiving accounts?

CF When we highlight accounts to the banks, we have no power to close them down. What we’re saying is: ‘We think you need to look at this account, there’s a risk here.’

As part of our process we make enquiries with the banks to establish who an account is owned by and at that point we are in effect flagging it to that bank and saying: ‘Look, we’ve got a concern.’

If it’s obviously fraudulent then generally they will close it down reasonably quickly. Again it depends on the bank and their particular approach to it.

I’m sure there are some that get through, but in general our experience is once we’ve highlighted the account to the banks and they’re not connected to a real person, the banks will take action.

[But] if it’s a personal account and there’s a real relationship with the account holder [as in the case of money mules] banks are more reticent about closing them down. I’m not saying they won’t but what you’ll find is, they’ll look at the account.

WM Does the increase in current account switching play a role in this?

CF Not within this, no. The fraudsters’ business model is: ‘I need to have access to bank accounts.’

There’s a huge amount of trust both in the UK and externally in bank accounts, and people believe that they’re sending money to a bank account, it is safe.

So, people are more confident in sending money to bank accounts. From the criminal’s point of view, getting bank accounts is their bread and butter. That’s what makes a lot of these frauds exist. You couldn’t run a mandate fraud or any kind of payee fraud without a bank account.

Bank accounts make up the majority of the receiving points for money from fraud that we’ve seen. We do get other things. We do see there are still some frauds that involve people physically meeting and handing over money but they’re a rarity compared to the online ones.

 WM And where do you see things going for bank customers – particularly when it comes to document checks on applications?

CF Look at some of the new businesses that are coming into the market. Some of have systems that get you to photograph your document on your phone and then film yourself. And there are things you can do even just with a phone, with a picture of the document, which will deal with certain very basic types of forgery.

WM So it’s not a case of hauling more people into branch to look at their passports?

CF Going into branch is becoming a thing of the past. The fraudsters move with it. As people’s way of doing business and interacting with banks has changed, the villains have moved over.

It’s about the technology catching up, and it will do.

Back to top
Back to top