Company type | "Not-for-profit" organisation |
---|---|
Industry | Fraud prevention |
Founded | 1988 |
Headquarters | , United Kingdom |
Key people |
|
Products |
|
Number of employees | 90+ |
Cifas is a fraud prevention service in the United Kingdom. It is a not-for-profit membership association representing organisations from across the public, private and voluntary sectors. Cifas states its mission is "to detect, deter and prevent fraud in society by harnessing technology and working in partnership". [1]
Cifas operates two core fraud prevention databases that are claimed to be the largest in the UK: the National Fraud Database and the Internal Fraud Database. Its systems are also used by banks and building societies to access Home Office immigration data through a specialist portal. [2]
Data from Cifas' members reveals that instances of identity fraud in the UK are at record levels in the UK, particularly among people aged under 30. [3]
Cifas data also highlights the growing issue of "money mules" – people who allow their bank accounts to be used to launder money.
Cifas was established in 1988 by the Consumer Credit Trade Association (CCTA) under the acronym CIFAS: Credit Industry Fraud Avoidance System, although the company no longer operates under this acronym as the scope of its services has broadened. It was developed in association with the Office of Fair Trading, as well as the Information Commissioner's Office, who continue to this day to take an active interest in the development of Cifas.
Cifas is today run by a board of directors, which includes both independent directors who are not directly involved in the day-to-day running of the organisation, and the Chief Executive and Chief Operating Officer, who are. From 1988 to 2016 the majority of the directors were elected by participating organisations. They now participate in the governance of the organisation through an "Advisory Board".
Cifas' National Fraud Database allows participating organisations to exchange details of applications for products or services which are considered to be fraudulent, inconsistent or suspicious; [4] exchange information about accounts and services which are being misused; and information about insurance and other claims that are considered to be fraudulent, inconsistent or suspicious. [5]
Organisations can also exchange information about innocent victims of fraud to protect them from further fraud.
The Internal Fraud Database allows participating organisations to exchange details of cases where an applicant or member of staff is considered to have acted fraudulently. [6] Individuals suspected of committing fraud can have a fraud marker placed against them, and they may be denied financial services such as mortgages, credit or even phone contracts. [7]
Under the Data Protection Act, an individual has the right to make a subject access request to Cifas, who will, in accordance with the Act and its exemptions, disclose data held on the individual where the law requires it. Cifas is not a credit reference agency but is the data controller for Cifas data and responsible for its accuracy.
All warnings used to be examined by specialist fraud staff in participating organisations, but now, automated systems may be used to refuse a product or service without any investigation of a warning. Cifas says: "The ability to make automated decisions allows members to immediately decline facilities to subjects who are deemed an immediate fraud risk. This is another massive step forward in utilising the data from Cifas, freeing up resources from reviewing referrals that have already been deemed a high fraud risk." [8]
Consumers who are disadvantaged by this change in practice may complain to the Information Commissioner and seek financial compensation from both Cifas and the responsible organisations who supplied and used the information. Consumers may also complain to one of the ombudsman services who cover the organisations represented within Cifas. This includes the Financial Ombudsman Service, the Communications Ombudsman, the Public Services Ombudsman, and the Local Government & Social Care Ombudsman.
In 2014, the Immigration Act became law. Cifas was named as the sole provider of Home Office Immigration Data and launched the Cifas Immigration Portal (CIP) in December 2014. [9] All current account-providing banks and building societies in the UK are required to use the CIP to access the Home Office data on disqualified persons. [10] The data was implicated in the Windrush scandal.
Victims of identity fraud or people who are at risk of identity fraud can apply for Cifas protective registration for a £30 fee. [11] Protective registration acts as a warning the organisation should (but they are not forced to) carry out additional checks to verify the identity of the applicant or customer. They may just refuse the product or service instead as they consider the fraud risk to be too high.
Cifas used to operate a Protecting the Vulnerable scheme that helped local authorities protect individuals subject to the Mental Capacity Act 2005 in their care. This was merged into the Vulnerability Registration Service in 2020 https://www.vulnerabilityregistrationservice.co.uk
Cifas has declared losses in its published accounts as follows:
Year | Loss |
---|---|
2017 | £749,000 |
2018 | £578,000 |
2019 | £1,328,000 |
2020 | £1,389,000 |
2021 | £627,000 |
2022 | £442,000 |
Losses between 2017 and 2022 amount to £5.1 million in total.
The Directors report for 2022 considers that the organisation is a well funded going concern with break-even achievable. Costs grew from £5.6 million to £11.5 million between 2016 and 2022. Cifas is funded largely from levies on financial services suppliers and other participating organisations funded by customers, and public sector organisations that are funded by taxpayers.
The financial benefits of Cifas, reported by its participating organisations, are reducing relative to its size, with benefits per pound of subscription income as follows:
Year | Benefits |
---|---|
2018 | £234 |
2019 | £208 |
2020 | £169 |
2021 | £139 |
2022 | £112 |
The published value of fraud prevented by Cifas is up by approximately 30% in the last ten years, from £1 billion to £1.3 billion (broadly in line with inflation) while costs and staff numbers have more than doubled. Fraud losses are increasing by a lot more than inflation, with the National Crime Agency claiming a 17% increase in losses in 2021/22 to £2.46 billion. The amount of fraud prevented by Cifas, as a proportion of total losses, seems to be falling, suggesting it is becoming much less effective.
Cash reserves are calculated in the 2022 accounts to be £4.2 million but calculated reserves are not the same as cash available to fund investment. The net cash position shows intangible fixed assets being capitalised to the value of £2.1 million. This represents IT work that has been paid for from cash but the cost is charged to the accounts over 5 or 10 years. Only depreciation is charged to the annual profit and loss account. It is analogous to loaning one's savings to oneself to spend on a car, and repaying the savings account in instalments over 5 to 10 years, while treating the value of the car as a savings account balance. This type of creative accounting is allowed by the law and is used by multi-national companies regularly, but it is unusual in the charity and not-for-profit sector.
Debts rose from just £76,000 in 2015 to £1.4 million in 2021, falling slightly to £1.3m in 2022. This represents a significant deterioration in control of credit, with the working capital tied up, also funded from cash reserves. Available cash is just £600,000, much lower than the claimed reserves figure of £4.2 million. The available cash covers less than 1 month of operating costs, a tiny buffer for a not-for-profit organisation in the event of an economic downturn. Best practice in this sector is to hold cash equal to 6 to 9 months of operating costs.
The 2022 accounts show that Cifas paid its current chief executive £275,309. The lowest paid staff are in outsourcing companies used by Cifas for telephone and clerical work who received the national minimum wage of £9.50 per hour in 2022. The chief executive received 16 times more than these lowest paid workers.
Cifas is no longer listed as being a Living Wage Foundation employer (£10.90 per hour or £11.85 in London for 2022), suggesting that Cifas no longer meets their requirements. Cifas was one of the first organisations to become a Living Wage Foundation accredited employer.
The average salary at Cifas in 2022 was £69,956 (£38.40 per hour), compared to £68,788 in 2021 and £63,209 in 2020.
Cifas employs staff in a variety of different functions that include information technology, data analysis, compliance, best practice, consumer relations, project management, sales and marketing, product development, training, administration, external relations and public relations, human resources and finance. There were numerous redundancies in 2017, 2018 and 2019 with severance payments reported in the annual accounts at Companies House. Staff numbers have since expanded with recruitment to new positions.
Cifas works with fraud prevention, financial, public sector, academic and charitable organisations and law enforcement to raise awareness of fraud and promote best practices in fraud prevention. Collaborative partners include the City of London Police, CIPFA, the Home Office, Age UK, the Fraud Advisory Panel, and UK Finance.
In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law or criminal law, or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements.
Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been legally defined throughout both the U.K. and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.
Factoring is a financial transaction and a type of debtor finance in which a business sells its accounts receivable to a third party at a discount. A business will sometimes factor its receivable assets to meet its present and immediate cash needs. Forfaiting is a factoring arrangement used in international trade finance by exporters who wish to sell their receivables to a forfaiter. Factoring is commonly referred to as accounts receivable factoring, invoice factoring, and sometimes accounts receivable financing. Accounts receivable financing is a term more accurately used to describe a form of asset based lending against accounts receivable. The Commercial Finance Association is the leading trade association of the asset-based lending and factoring industries.
Bank fraud is the use of potentially illegal means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently posing as a bank or other financial institution. In many instances, bank fraud is a criminal offence.
Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.
The Audit Commission was a statutory corporation in the United Kingdom. The commission's primary objective was to appoint auditors to a range of local public bodies in England, set the standards for auditors and oversee their work. The commission closed on 31 March 2015, with its functions being transferred to the voluntary, not-for-profit or private sector.
Identity fraud is the use by one person of another person's personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person. Most identity fraud is committed in the context of financial advantages, such as accessing a victim's credit card, bank accounts, or loan accounts. False or forged identity documents have been used in criminal activity or in dealings with government agencies, such as immigration. Today, the identities of real persons are often used in the preparation of these false documents. This can lead to bad consequences and trouble.
Fund accounting is an accounting system for recording resources whose use has been limited by the donor, grant authority, governing agency, or other individuals or organisations or by law. It emphasizes accountability rather than profitability, and is used by Nonprofit organizations and by governments. In this method, a fund consists of a self-balancing set of accounts and each are reported as either unrestricted, temporarily restricted or permanently restricted based on the provider-imposed restrictions.
ChexSystems is an American check verification service and consumer reporting agency owned by the eFunds subsidiary of Fidelity National Information Services. It provides information about the use of deposit accounts by consumers.
An identity score is a system for detecting identity theft. Identity scores are increasingly being adopted as a means to prevent fraud in business and as a tool to verify and correct public records.
Anti-money laundering (AML) software is software used in the finance and legal industries to help companies comply with the legal requirements for financial institutions and other regulated entities to prevent or report money laundering activities. AML software can facilitate faster and more accurate compliance and investigations.
LifeLock Inc. was an American software company active from 2005 to 2017. The company was best known for its eponymous LifeLock identity theft prevention software, now sold by Gen Digital after the latter acquired LifeLock in 2017. LifeLock's system monitors for identity theft, the use of personal information, and credit score changes.
Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.
A credit card is a payment card, usually issued by a bank, allowing its users to purchase goods or services or withdraw cash on credit. Using the card thus accrues debt that has to be repaid later. Credit cards are one of the most widely used forms of payment across the world.
Forensic accountants are experienced auditors, accountants, and investigators of legal and financial documents that are hired to look into possible suspicions of fraudulent activity within a company; or are hired by a company who may just want to prevent fraudulent activities from occurring. They also provide services in areas such as accounting, antitrust, damages, analysis, valuation, and general consulting. Forensic accountants have also been used in divorces, bankruptcy, insurance claims, personal injury claims, fraudulent claims, construction, royalty audits, and tracking terrorism by investigating financial records. Many forensic accountants work closely with law enforcement personnel and lawyers during investigations and often appear as expert witnesses during trials.
An identity verification service is used by businesses to ensure that users or customers provide information that is associated with the identity of a real person. The service may verify the authenticity of physical identity documents such as a driver's license, passport, or a nationally issued identity document through documentary verification. Additionally, also involve the verification of identity information (fields) against independent and authoritative sources, such as a credit bureau or proprietary government data.
Identity theft involves obtaining somebody else's identifying information and using it for a criminal purpose. Most often that purpose is to commit financial fraud, such as by obtaining loans or credits in the name of the person whose identity has been stolen. Stolen identifying information might also be used for other reasons, such as to obtain identification cards or for purposes of employment by somebody not legally authorized to work in the United States.
Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.
Revolut is a global neobank and financial technology company based in London, England. It offers banking services for retail customers and businesses. It was founded in 2015 by Nikolay Storonsky and Vlad Yatsenko. It offers products including banking services, currency exchange, debit and credit cards, virtual cards, Apple Pay, interest-bearing "vaults", personal loans and BNPL, stock trading, crypto, commodities, human resources and other services.
Mismarking in securities valuation takes place when the value that is assigned to securities does not reflect what the securities are actually worth, due to intentional fraudulent mispricing. Mismarking misleads investors and fund executives about how much the securities in a securities portfolio managed by a trader are worth, and thus misrepresents performance. When a trader engages in mismarking, it allows him to obtain a higher bonus from the financial firm for which he works, where his bonus is calculated by the performance of the securities portfolio that he is managing.