This is fraudscape 2024

The flagship intelligence report from Cifas, the UK’s Fraud Prevention Community

6 month update available now

Start report

6 month update

This is the 6 month update to Fraudscape for 2024. It provides a snapshot of the fraud risk data filed by Cifas members to the National Fraud Database (NFD) and Insider Threat Database (ITD), along with intelligence provided by Cifas members, partners and law enforcement. Together the insight from these different sources provide a compelling overview of the challenges and threats facing the fraud prevention community, as well as the areas and new threat vectors on which we need to focus efforts in the fight against fraud and financial crime.

Many of the trends reported in our 2024 Fraudscape report continue, with cases of identity fraud the most commonly reported. Uncertainty around the UK economy, continued pressures at the cost of living, conflict and political uncertainty and changing technology, particularly the growth of AI, have all provided opportunity for threat actors to exploit. Each of these issues has had an impact on the data filed by firms to the NFD. These same circumstances may also provide incentive for those who may be struggling financially to commit fraud to bolster incomes. Fraud makes up almost 40% of all crime. This six-month update makes clear how much more work there is to do.

214,882 cases were filed to the NFD between January and June 2024, an increase of 15% compared to the same period for 2023. All Cifas NFD case types recorded an increase over this period.

This is particularly noteworthy as the full year results for 2023 recorded a 9% reduction on those for 2022, (which saw unprecedented filings to the NFD - over 400,000 cases). Filings between January and June 2024 are also 8% higher than the same period in 2022. This could be an early indication that levels of fraud have increased again and will lead to record levels of filing by the year end.

The primary reason for the increase is a marked rise in facility (account) takeover (up by 99%, 18,793), primarily in the telecommunications and online retail sectors. Together these sectors saw over 28,000 facility takeover filings during this period. Facility takeover now accounts for nearly one fifth of filed cases (18%) compared with  10% in 2023. It is now the second most prevalent case type after identity fraud (replacing misuse of facility).

This increase in filings reflects a long-term shift in tactics with threat actors increasingly targeting existing accounts to obtain high value products and services. Intelligence provided to Cifas suggests threat actors are targeting high volumes of accounts simultaneously, using multiple victims personal information (known as credential stuffing) in order to maximise the chance of gaining access to accounts.

Identity fraud recorded a 4% (4,483) rise, driven by impersonations in relation to mobile phones (102%), personal store cards (up 59%) personal current accounts (up 19%).

Misuse of facility increased by 9%, a rise of over 3,000 cases. This is linked to growing  misuse of personal bank accounts, (up 18%), company accounts (up 51%) & personal loans (up 109%). Cifas members report that evasion of payment & disputes continues to be an issue with some individuals displaying clean credit reports up to the point that facilities are  misused. Filed cases that are indicative of money muling activity also increased by 11%, with activity driven by the 21-30yrs and 31-40yrs age groups. The perception that this activity is low risk (and even reasonable behaviour 1) coupled with persuasive content on social media continue to make this activity attractive many individuals.

False applications recorded a rise of 21%. Motor insurance doubled to over 2,700 cases - a 140% increase. The rising cost of insurance premiums 2 is likely to have contributed to this increase, tempting individuals into falsifying information. Increases were also seen across several other products, including personal loans, bank accounts and home media. Together this suggest that rises in living costs more generally are likely to be a key factor.

Members reported the wide availability of false documents which can be purchased from seemingly legitimate websites to help falsify applications. With UK households feeling ongoing financial pressures, in recent research by Experian, two-thirds of businesses said that preventing consumers from providing false information to gain advantage was the current focus of their fraud prevention work.3

Members continue to report concerns at higher quality false documentation (including synthetic identities) and the growing threat of AI technologies to facilitate data harvesting and social engineering. The increasing availability of fraud tool kits and AI platforms provide a route for lower skilled threat actors to create high quality spoofing of websites and wider brand impersonations which are known to offer high success rates and financial returns.

Cases filed to the Insider Threat Database (ITD) declined by 15% falling from 145 to 123. Despite this reduction, employee fraud remains a threat to organisations, particularly given continued remote working and reduced supervision, which has left companies more vulnerable to fraud and employees seeking to supplement their income through a range of behaviours. Polygamous working is also a major concern, presenting a range of risks including theft of sensitive data and abuse of company time. However, there is a significant intelligence gap in relation to this issue across a number of sectors and the full extent of this threat remains unclear.

 Download 6 month report

1   Cifas Fraud Behaviours Survey 2023
2   Motor Insurance Premiums Continue to Rise as Insurers Battle Costs | ABI
3  UK Experian Uk Fraud And Fincrime Report 2024

What do the findings tell us? The key themes of 2024

returning to the full fraudscape 2024 report

Welcome to FRAUDSCAPE 2024

Welcome to this year’s edition of Fraudscape, which sets out the challenges and threats facing the fraud prevention community, as well as the areas on which we need to focus to fight fraud and financial crime together more effectively. This report combines data from our National Fraud Database (NFD) and Insider Threat Database (ITD), along with intelligence provided by Cifas members, partners and law enforcement.

In 2023, our members prevented more than £1.8 billion of fraud losses, but we know we can help prevent and detect even more fraud and financial crime by developing a better understanding of key threats and enablers. The information and intelligence included in Fraudscape is key to us doing that.

Continuing uncertainty around the UK economy, the rise in the cost of living, and the growth in hybrid working has provided a rich seam of opportunity for criminals to exploit. These circumstances have also increased incentives for those who may be struggling financially to commit fraud to generate additional income. The fraud trends we identified in 2023 continue into 2024, with an increased risk of identity theft, first party fraud and internal fraud.

Against this background, our role in protecting members, the public, and the wider UK economy from fraud and financial crime is now more important than ever. As the threat continues to evolve and threat actors innovate to fraudulently open and abuse accounts, steal identities and take over customer accounts, Cifas will accelerate development of new products and services to protect businesses and consumers.

We will also continue to educate young people to provide them with the skills to recognise the serious consequences of financial crime through our counter fraud lesson plans and roll out our counter-fraud training to many more employees, recognising their important role as the first line of defence against fraud and financial crime.

The sharing of data and intelligence across a broader coalition of organisations is one of the most effective defences we can put in place to prevent fraud, and we are proud to bring together a community of organisations from a wide variety of sectors to create a defensive wall against fraud.

I hope that you find our analysis insightful and, more importantly, a call to action to strengthen your defences against fraud and financial crime.

Mike Haley
- Cifas CEO
 Terms Explained

Overview

Following a surge of cases in 2022 (over 400,000 – the highest ever recorded), filings to the National Fraud Database (NFD) fell by 9% in 2023 to 374,160 cases. Despite this reduction, there were increases across the categories of facility takeover (+13%) and misuse of facility (+5%). Key increases in 2023 include a rise in asset conversion cases (+55%) and cases of facility takeover (+13%), particularly against telecommunication products and personal credit cards. Misuse of facility now accounts for one in five cases on the NFD (previously 17%) with the increase centred on pre-paid cards, asset finance-hire purchase, and Covid era loan filings*.

Moreover, NFD filings remain higher than 2021 by 4% (nearly 14,000 cases), with organisations recording a case to the NFD every two minutes, on average. Market conditions and the tightening of controls and lending criteria due to economic uncertainty, may be a driver behind the decline in filings in 2023.

Identity fraud continues to be the dominant case type recorded to the NFD (64% of filings, 237,642 cases). Increases were observed across personal bank accounts (+12%) with concerns centred on social media enablers and the growing threat of AI and sophisticated data harvesting techniques designed to exploit an array of cost-of-living pressures.

One in ten cases relate to facility takeover, which saw the largest volume increase across all case types (+4,809, +13%). Intelligence and NFD data support a shift in tactics, with threat actors increasingly targeting existing accounts to obtain new products or upgrades, particularly within the telecommunications sector.

Misuse of facility remains the second most dominant case type, now accounting for 21% of filings (73,459 cases), following a rise of 5%. A key driver is evasion of payment across several products. There was a 6% reduction in cases that held intelligence indicative of money muling, however, these cases still account for 65% of misuse of bank account filings.

False application cases fell by 17% overall, but there was an uplift against the loan (+36%), insurance (+20%) and telecommunication sectors (+17%). False documents (usually bank statements and utility bills) are the dominant filing reasons, with individuals filed for providing false information or omitting details to obtain products and services.

Filings to the Insider Threat Database (ITD) increased by 14% in 2023. The rise is focused on dishonest action by employees (49%), with many organisations citing increasing financial pressures as a driving factor behind the uplift. Most individuals filed to the ITD (38%) had been in their position for less than a year (previously 21%). This could be an early indication that employees are more willing to risk engaging in dishonest conduct in the early stages of employment although, equally, there are signs of improved controls and staff awareness, with cases detected by internal controls and staff up by 20% and 44% respectively.

What do the findings tell us? The key themes of 2024

*Content amended on the 25th July 2024 – the original reported stated a rise in Coronavirus Business Interruption Loans (CBILs). The rise in fact covered both CBILs and Business Bounce Back Loans.

Cifas Commentary

What do the findings tell us?

The key themes of 2024

IDENTITY FRAUD

Identity fraud cases are down 14% following a reduction across several sectors. However, identity fraud remains the dominant case type, accounting for 64% of filings (237,642 cases) in 2023; a slight decrease as a proportion of total filings compared to 2022 (68%).

Despite the overall reduction, bank accounts observed the largest increase (up 12%, +5,811), with personal current accounts being the most targeted. Plastic cards continue to be the most afflicted product, but also observed an 8% decrease.

The most notable reduction by volume was across telecommunications products (-49%) which can, in part, be explained by a shift in criminals targeting these products via facility takeover activity, as opposed to identity fraud.

Overall, impersonation involving a current address fraud accounts for 77% of filing reasons, however, this has decreased 11% compared to 2022.

Most victims of impersonation filed to the NFD continue to be over 61 years (accounting for 24%) in both 2022 and 2023, followed by 51-60 years (21%).

Of note, those aged 21-30 years saw an 11% increase. This is mainly linked to impersonations for mobile phones, personal credit cards and current accounts.

Cifas Commentary

MISUSE OF FACILITY

In 2023, organisations filed 73,459 cases of misuse of facility. This represents a 5% increase (+3,261) compared to 2022.

Whilst bank accounts recorded a decrease (-2%), loan products recorded a notable increase (+82%), followed by asset finance (+45%) and plastic cards (+17%). Increases across loan products were due to an uplift in evasion payment of loans issued under COVID loan schemes, whilst asset finance cases were centred on theft of assets and evasion of payment.

These increases were spread across several organisations, highlighting the impact of the cost-of-living pressures and individuals looking to avoid payments or financially gain from stealing assets.

Deep dive – Money mules

In 2023, 37,261 cases were recorded to the NFD that held intelligence indicative of money mule behaviour. This is down 6% from 2022 (39,611 cases).

Despite the reduction, these cases still account for 65% of misuse of bank account filings recorded to the NFD. Personal current accounts continue to be the dominant product impacted, accounting for 90% (previously 87%). Company current accounts observed a small reduction (-9%) and continue to account for just 6% of filings overall.  

Where recorded, most individuals filed for this type of behaviour are aged between 21-25 years (23%), which is consistent with 2022. The average age of filed individuals is 29 years, which is also identical to 2022. Of note, under 18 years was the only age group to record an increase (+43%, +425). Within this age group the largest increase was observed across those aged 16 years (+42%) and 17 years (+48%). The relatively low volumes from a small number of members make it difficult to determine any meaningful judgement about a potential shift towards younger age groups at this stage.

 Cifas Commentary

FACILITY TAKEOVER

Cases of facility takeover increased by 13% compared to 2022, which is primarily attributed to a 59% rise in filings from the telecommunications sector (+6,431). The online retail sector recorded the largest volume reduction but continues to be the second most impacted sector, accounting for 27% of cases (previously 38%).

The telecommunications sector is the most impacted for facility takeover filings, now accounting for 41% (previously 29%) of cases, following a spike in filings from several organisations. This increase partly reflects a shift in behaviour by criminals who are increasingly targeting mobile phone products for account takeover, compared to identity fraud in previous years.

Cifas Commentary

Insider threat

A total of 325 individuals were recorded to the ITD (Insider Threat Database) in 2023 (up 14%, +41). In contrast to 2022, the most dominant case type recorded is now dishonest action to obtain benefit by theft or deception which now accounts for nearly half of cases (49%, previously 39%).

Feedback from Cifas member organisations indicates that this could be a result of financial pressures in light of the cost-of-living crisis.

The second most prominent case type is false employment application (unsuccessful) which accounts for 33% compared to 44% in 2022.

Overall, cases detected through internal controls have increased by 20% but continue to account for a similar proportion to last year (56%). This increase could be linked to organisations adopting greater monitoring/controls.

Most subjects engaged in dishonest conduct (38%) had been in their position for less than a year (previously 21%). This might be an early indication subjects are more willing to risk engaging in dishonest conduct in the early stages of employment. Alternatively, it could be linked to an uplift in more effective internal controls.

  • 31% of those recorded for dishonest actions had been in employment for under one year, and 17% for over 10 years.

  • 64% of those recorded for account misconduct had been in employment for less than one year.

  • 80% of those recorded for bribery had been in employment for 10+ years.

  • 75% of those recorded for unlawful obtaining or disclosure of commercial data have been in employment for less than five years.

Cifas Commentary

False Application

In 2023, 19,840 false application cases were recorded to the NFD, representing a decrease of 17%.

This is primarily linked to a reduction across the bank account sector (-31%) which now accounts for 44% (previously 53%) of cases. Despite the overall reduction, there were increases across the loan (+25%), insurance (+20%), & telecoms sectors (+17%).

False documents recorded a 35% decrease, but this continues to be the dominant filing reason accounting for 30% (previously 39%). This reduction was spread across several sectors, but particularly bank accounts, with cases down 50% and fewer members recording this filing reason overall.

Falsifying proof of no claims rose 100% compared to 2022 (+878) and now accounts for 9% of cases when compared to 4% in 2022. This increase is attributed to several insurance members filing higher volumes in 2023.

False bank statements make up the largest proportion of filed documents (31%) followed by utility bills (28%).

Cifas Commentary

Summary

In 2023, 374,160 cases were recorded to the NFD, representing a decrease of 9% compared to 2022. Despite this reduction, levels are still higher than 2021 by 4% (an increase of nearly 14,000 cases). The reduction in filed cases must be viewed in the context of the unprecedented volumes seen in 2022, but also as a result of some members within certain sectors enhancing their controls and tightening their criteria for new products and services throughout economic uncertainty.

Many organisations are concerned about the potential growth in AI generated fraud, enabling sophisticated phishing scams and synthetic identities.

Social media continues to offer threat actors numerous opportunities to access new victims or recruit dishonest individuals into fraudulent conduct.

Organisations also report continued social engineering of vulnerable consumers struggling with the cost-of-living crisis to divulge their personal data, allow access to their accounts, or authorise the payment of funds into fake investment schemes.

The challenges of the current economic uncertainty are driving some employees to dishonest conduct and this, combined with hybrid working, is making supervision more difficult. There are, however, positive signs that improved controls, a focus on wellbeing and staff awareness are mitigating these risks.

Changes in UK regulation and legislation in 2023 bring opportunities and challenges across the fraud prevention landscape. These include the Payment Systems Regulator’s mandatory reimbursement requirements for Authorised Push Payment (APP) fraud, the Online Safety Act and the Economic Crime and Corporate Transparency Act 2023 (ECCTA). In addition, there are Bills in progress including the Data Protection and Digital Information Bill and the new Criminal Justice Bill which are likely to have an impact on counter-fraud efforts.

Recommendations

As the data in this report shows, the impact of fraud on individuals, businesses and the public sector has reached unprecedented levels. In order to drive down fraud we believe that action should be taken in five key areas:

  • Provide cross-government leadership in the response to fraud, including through creating a Minister for Economic Crime.

  • Improve the policing response to fraud through a ring-fenced fraud policing budget and by better harnessing the capabilities of the private sector to disrupt crime.

  • Enhance support to victims of fraud, including business victims and victims of identity fraud.

  • Modernise the criminal justice response to fraud, including through reviewing the law on identity theft.

  • Ensure social media and online platforms are included in the multi-sector response to fraud, including by implementing the Online Safety Act Code of Conduct.

The legislative and policy landscape

Extra COntent

We are Cifas – we protect organisations from fraud and financial crime.

We are a not-for-profit membership organisation that brings different sectors together for the common goal of eliminating fraud and financial crime. Over 700 organisations work with us, all benefiting from each other's data, intelligence and learning - using the cutting edge financial crime prevention systems and tools we develop and deliver.

For over 30 years we have been trusted by our partners to provide them with the systems and tools they need to detect and prevent fraud and financial crime, saving them billions of pounds in prevented losses.

About Cifas

If you are interested in joining Cifas click here 

For more information about our digital learning, courses and qualifications click here

Want to know when new content is added – register to be notified  here