Deloitte & Touche LLP   Deloitte & Touche LLP
Global > United Kingdom > News room > News releases    
Financial Services industry fears risk to reputation in battle against ID theft
40% of total fraud losses in financial organisations could be a result of ID theft
Published: 24/4/06
Contact: Danielle Anthony
Deloitte
PR Manager
+ 44 (0) 207 303 3861

Major players in the UK financial services industry are more concerned by the reputational risk posed by identity theft than meeting a direct financial loss, reveals a study published today by business advisory firm Deloitte.  However, the study also reveals that identity theft could account for up to 40% of total fraud losses in financial service organisations*.

Mike Maddison, Leader of Security & Privacy Services at Deloitte, commented: “The organisations we spoke to consistently rated protection of reputation and brand as more important than defending themselves against direct financial loss.  Some even saw superior protection against identity theft, such as fraud insurance or advanced authentication, as a commercial opportunity to differentiate themselves from their competitors.”

The Deloitte study ‘Identity theft – a view from the financial services industry’ reports on the findings of one-to-one interviews with APACS, the Financial Services Authority (FSA) and the leading financial services institutions headquartered in the UK.  Four key areas were identified by the industry for stepping up its efforts in combating this fraud:

  • Reputation – the need to manage internal and public perceptions of how the safe and secure the institution is
  • Legislation – complying with expanding and yet vaguely worded regulatory and legislative requirements
  • Awareness – continually informing and educating customers, business partners and staff on potential threats and safeguarding against those threats
  • Technological advances – combating the increasingly sophisticated identity theft techniques with appropriate technical countermeasures.

Mike Maddison commented: “A strong message to come out of this study is that the industry is seeking clearer guidance from regulators.  Despite the volume of requirements there is general agreement that regulation is not specific enough.  The industry is looking for discussion with regulators to come to an agreement on clearly defined but consensual and flexible requirements.” While Chief Information Security Officers were naturally reluctant to be specific around the details the report also revealed a significant number of recent identity theft related incidents which included growing phishing and pharming (attempting to obtain customer log-in details) attacks and attempts to obtain advance fees by fraudulently attempting to use the organisations’ brands. 

Internal incidents such as customer identities being stolen by staff for onward sale, employees bypassing technical controls to access restricted customer details and staff stealing identities of other staff to obtain unauthorised access to systems, were also revealed of real concern.

Another factor to the risk of fraud to financial organisations is increased outsourcing – the complex operating models mean that direct control over an organisations data and IT systems can be compromised.

Mike Maddison commented: “The risk to personal information outsourcing presents are compounded where the service is off-shored as differing legal and regulatory systems and business standards, combined with geographical separation, make regular monitoring of controls much harder.

“The financial services industry acknowledges that the current situation is not sustainable – identity theft is only going to increase and standards need to be raised. This is an incredibly complex problem which requires an increasingly cohesive approach. Tackling the problem needs involvement from regulators, customers and many parts of a financial institution.”

‘Identity theft – a view from the financial services industry’ is available at www.deloitte.co.uk/taa

Ends

Notes to editors
For more information, download our brochure 'Identity theft - a view from the financial services industry'.

*The research was carried out independently by Lighthouse Global.  One financial organisation admitted to identity theft accounting for 40% of total fraud losses.

About Deloitte
In this press release references to Deloitte are references to Deloitte & Touche LLP which is among the country’s leading professional services firms, providing audit, tax, consulting and corporate finance services. Known as an employer of choice for innovative human resources programmes, it is dedicated to helping its clients and its people excel.

Deloitte & Touche LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu (‘DTT’), a Swiss Verein whose member firms are separate and independent legal entities. Neither DTT nor any of its member firms has any liability for each other’s acts or omissions. Services are provided by member firms or their subsidiaries and not by DTT. Deloitte & Touche LLP is authorised and regulated by the Financial Services Authority. The information contained in this press release is correct at the time of going to press.
Contact us for more information
 
Page Last Updated: 24 April 2006
Source: Deloitte & Touche LLP - United Kingdom (English)

Print This Page    Email To A Colleague
  Security | Legal | Privacy    

© 2008 Deloitte & Touche LLP. All rights reserved. Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity.

Please see About Deloitte for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its Member Firms.

Email alertsMobile