back to article Survey: '4 million' Brits stung by ID theft

Consumers continue to be complacent about identity theft despite growth of the crime, which has claimed four million victims in the UK alone. The warning from the Metropolitan Police Service comes at the start of National Identity Fraud Prevention Week, which begins today. The seventh edition of the annual event aims to …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Its not identity theft it's bank fraud!

    By continuing this stupid misnaming and shifting of the victim and the blame to the individual the real culprits and victims (the banks and other financial services that hand out credit (or your cash) without proper checks can continue to shift blame and losses.

    Anyone requesting date of birth or mother's maiden name as a means of authentication for anything critical really needs to do something more sensible. These are essentially public information and should generally be treated as such. National Insurance (Social Security in US) numbers, driving licence numbers and passport numbers could all be usefully used a identification but are not suitable for authentication. That is they are useful to confirm who you are claiming to be but not proof that you are them.

    Anonymous when I feel like it.

    1. Dave Murray Silver badge

      Indeed the banks are largely to blame with schemes like Chip&PIN and Verified by VISA being huge security holes that are used to claim the crime was the victim's fault.

      But how are NI, driving licence or passport numbers any more secure? You hand out your NI number to the accounts dept at work, tax office and benefits offices any time they're asked for, you give your DL number for car/van rental, insurance, etc and you give your passport number to airlines & customs. These numbers are also shown any time you use one of said documents as proof of ID or age. Ok so you don't list them on your Facebook page but you shouldn't list your DOB or mother's maiden name there either.

    2. Anonymous Coward
      Anonymous Coward

      "Consumers continue to be complacent"

      It's worse than that. For example, you can't even pay anonymously online, and less and less easily in the real world (more or less so depending on locale). Webforms routinely ask far too much, and refuse to be submitted unless you fill in all the starred blanks. You can't keep an alias because the state assumes you have exactly one full real name and everyone else conveniently demands you use that one. And so on.

      And then there's the drive to "educate" joe average consumer about being careful with his data. Well, it's not him that's routinely losing it. It's the companies and the government. And what exactly can joe average consumer do, how much does it cost, and what does he get back for his efforts, when someone else "accidentally the whole economy"?

      The bottom line is that "consumers" (I thought I was a "citizen", someone with rights, but apparently not) simply get very little choice and are not empowered to be anything but complacent, even if they knew better. So why blame them when they do exactly what you've rigged the system to make them do, eh?

    3. Scorchio!!

      Re: Its not identity theft it's bank fraud!

      Yes, definitely. It's happened to me twice. The first time, about 13 years ago, a bank who actually knew me allowed someone to gain their confidence and was last seen at the foreign currency desk. I'm white, he is black. Could anyone make a more fundamental error with a customer they supposedly knew? I erupted.

  2. AntAndrews
    Thumb Up

    The list that the met has put together is a good starting place. But as more and more students are doing everything online - banking, facebook, shopping etc - they should also include information on how to protect yourself from online ID theft.

    i for one take some other online precautionary messaures to protect myself - any my family - whilst they are surfing online, just to name a couple:

    - ensure that if im purchasing somethings, im on a SSL page (httpS)

    - ensure the site i am is really site i want to be at

    A great peice of sofware called Net Gaurd from fully encrypts ALL my internet traffic via their network before it hits the real world. 7.95 so students should also signup to them.

    1. Anonymous Coward
      Anonymous Coward

      The MET probably considers that info on protecting yourself from online ID theft.

      I went to a security conference recently at which the MET representative spent all his time talking about peope sneaking into your office to photocopy files and then showed a video about criminals stealing a laptop using a fishing rod! (yes really) This to a room full of people who were there to hear about how to protect oil rigs, refineries and pipelines from threats like Stuxnet.

  3. Elmer Phud


    "According to the UK’s fraud prevention service CIFAS, 80,000 have been targeted this year."

    Does that include the emails I get from banks where I don't have an account?

  4. The Cube

    Yeah, right, pin it on the consumer

    Of course, we should all become prey to the racket operated by Experian and the other Credit Threat agencies.

    "Regular checks of personal credit reports" - here's an idea, change the law and require Experian and the other bloodsuckers to provide this for free or lose their license to operate in the UK.

    Here's another idea, when I am not applying for a loan or a credit card Experian I can tell Experian that my record is locked and nobody can get a credit check on me, that way no fraud as nobody can get a loan / account / card etc. without credit rating returns.

    Of course neither of these will happen because they would protect the consumer and not the bankers who have bought and paid for the politicians, let's see how many weeks the Conservative party could run without their donations from financial services.

    Bunch of self interested worthless tossers, I pity the poor plod stuck in the middle trying to maintain any pretense of upholding the law with both their hands tied behind their backs by the politicians.

    1. Martin Summers

      Locked credit file? Seriously utterly bloody fantastic idea!

      1. Anonymous Coward
        Thumb Up

        Not quite the same as locking but according to

        you can put a password on your credit record.

  5. Anonymous Coward
    Anonymous Coward

    I've stolen this Reg member's identity...

    ....and I'm posting anonymously without him knowing. Wait 'til he finds out ha ha...

    Ahhhhhh... there's a flaw in this isn't there?

  6. Anonymous Coward
    Anonymous Coward

    Is this one of those surveys where they asked 20 people and 3 people claimed to have been affected so proclaim that 7% of the whole population have been affected.

    When it says "The average cost of an identity theft is £1,190, but some individuals have been stung to the tune of £9,000" - is that to the customer or to the bank?

  7. technohead95


    "Investigate mail that goes missing" do you know if mails gone missing if it's gone missing?? If it's a statement or something your expecting then you can probably figure it out but in many cases you may not as the mail could be unexpected.

    1. Graham Marsden

      @"Investigate mail that goes missing"

      Even if you *KNOW* something has gone missing because you sent it, the Post Office will just say "Fill in this form, send it to us and eventually, after you've allowed three weeks for it to turn up, fob you off with a letter saying 'if it is important you should pay extra for Recorded or Special Delivery and there's nothing else we can do'".

      Been there, done that...

  8. Pete 2 Silver badge

    Not really a crime

    If ID theft is such a big concern that the cops need to spend a week trying to prevent it, why won't they ever issue a crime number when you try to report it? Shrugging their metaphorical shoulders and fobbing you off with the line that you should report it to your bank instead.

  9. Neil Porter

    Does this include the Playstation hack?

    4 million sounds a bit high, does this include all the bank details stolen by the Playstation hackers?

    In which case it's not all down to the consumers being complacent!

  10. CT

    sample of 2,002 in fact

    A footnote at

    says "For this report, quantitative research was carried out with 2002 Great British adults aged 18+ as part of an online consumer omnibus survey"

    and it was weighted for sampling deficiencies.

    Still don't know what it actually asked though

  11. CT

    and another thing...

    how do you adjust for the probability that it's the more gullible/susceptible to fraud who will fill in surveys and the paranoid who won't?

  12. John Rose
    Thumb Up

    Plastic cards

    My debit card has a chip & mag stripe. Why are banks still issuing cards with mag stripes (i.e. easily readable and still work in ATMs) on them when all retail outlets use chip & pin readers? I think this is because many of their ATMs still want the mag stripe to be there. You ask how do I know this? I know because when I demagnetised the mag stripe on my debit card then it wouldn't work any longer on some ATMs.

  13. 124Out

    Sex Lies and Cybercrime surveys

    - Missing methodology section? Check!

    - Unverified user input? Check!

    - Report the average but not the median? Check!

    - Sponsored by security vendor? Check!

    "It is ironic then that our cyber-crime survey estimates rely almost exclusively on unverified user input. A practice that is regarded as unacceptable in writing code is ubiquitous in forming the estimates that drive policy."

  14. Phil Endecott


    What is there definition of a "victim"?

    I would hope that the victims are nearly all banks. If there are really substantial numbers of members of the public who have genuinely lost out financially as a result of fraud, then I would like to know more about it.

    I would expect that the majority of members of the public who have been victims are those who have not noticed the fraudulent transactions on their statements. These people would not know that they are victims.

    1. Old Tom

      When I was a 'victim' of fraudullent card credential use

      i.e. not identity theft - the actual victim was the retailer. I rang the card issuer and probably signed a form, the card issuer charged the retailer. I think that's how it usually works*.

      *Other than the time my company card credentials bought something from what sounded like an S&M retailer. The bank wasn't interested, and I don't think our accountant could be arsed to chase them up about it.

  15. A J Stiles
    Thumb Down

    Vested Interest anyone?

    Fellowes make paper shredders. Which they think are the be-all and end-all solution to identity theft; because when all you have is a hammer, everything looks like a nail.

    The smart identity thief isn't even looking in your recycling bag, but typing "curriculum vitae.doc" into Google. And how owning a paper shredder is going to prevent someone from doing that is beyond me.

  16. Anonymous Coward
    Anonymous Coward


    Well, their online risk assessment test has gone completely titsup. It currently (as at 18:50pm) falls over with the error:

    The 'Microsoft.Jet.OLEDB.4.0' provider is not registered on the local machine.

    and shows the error is occurring in:

    Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\74cb14d4\7bd12df8\App_Code.fhdp0b16.1.cs Line: 2175

    Another crappily written ASP.NET piece of crappy crap! Ugh...

  17. Dave 120

    In other news a recent survey commissioned by Johnson and Sons Shark cages reports that 4 million people have been attacked by sharks in one form or another.

  18. Anonymous Coward
    Anonymous Coward

    Website looks iffy

    I was left wondering whether the farud prevention week website was genuine. I tried to send a message using the 'Contact us link' ( and got this:

    Server Error in '/' Application.

    The SMTP host was not specified.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.InvalidOperationException: The SMTP host was not specified.

    Source Error:

    Line 32: //try

    Line 33: //{

    Line 34: smtp.Send(msg);

    Line 35: //}

    Line 36: //catch

    Source File: c:\HostingSpaces\FHLondon\\wwwroot\contact.aspx Line: 34

    Stack Trace:

    [InvalidOperationException: The SMTP host was not specified.]

    System.Net.Mail.SmtpClient.CheckHostAndPort() +1949360

    System.Net.Mail.SmtpClient.Send(MailMessage message) +411

    ASP.contact_aspx.btnSend_Click(Object sender, EventArgs e) in c:\HostingSpaces\FHLondon\\wwwroot\contact.aspx:34

    System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115

    System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140

    System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29

    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022