The arrest of a man believed to have collected more than £100,000 in fraudulent UK tax rebates shows that security needs to be built into the design of each digital reform, says security firm Thales.
The man is one of five arrested in connection with an HM Revenue & Customs (HMRC) investigation into a gang of cyber attackers suspected of identity theft from 700 UK citizens to commit tax fraud.
If citizens and government are to get the most out of migrating interactions online, such as collecting welfare benefits via Universal Credit, there is an overriding need for some form of secure identification credentials, according to Ross Parsell, director of cyber security at Thales UK.
“Being able to verify, manage and protect the identity of claimants will be central to the success of the programme,” he said.
Parsell said MPs are correct to warn that the Universal Credit system presents a serious fraud risk.
More on authentication
- Intro to two-factor authentication in Web authentication scenarios
- Twitter tests two-factor authentication
- Alternative authentication: New authentication methods for enterprises
- Two-factor authentication options, use cases and best practices
- Best of Authentication 2012
- Apple debuts two-factor authentication to protect against hackers
- Master VMware identity authentication strategies
- PayPal CISO Michael Barrett bullish on password alternative standard
- IT industry group releases password-killing standard
- Biometric authentication methods: Comparing smartphone biometrics
“Although the Public Sector Network (PSN) will provide a secure back-end communications infrastructure, a question mark still remains over whether the government will be able to verify, manage and protect the identity of claimants,” he said.
With 1.56 million people claiming Jobseeker’s Allowance at a minimum of £56.25 a week, just that element of welfare presents a £4.56bn fraud risk over the course of a year, said Parsell.
“Piggybacking on a bank’s identification system could be a low-cost solution for the government in using two-factor authentication with chip and pin,” he said.
In January 2013, UK fraud prevention service Cifas said the fraudulent use of stolen or fictitious identity details is the biggest fraud threat.
Analysis of fraud trends in 2012 revealed 50% of all frauds identified during the year related to the impersonation of an innocent victim or the use of completely false identities.