You are here: silicon.com > Management > Law & Policy

Law & Policy

Companies told 'do more to prevent ID theft'

Protect your customers...

By Munir Kotadia

Published: 29 October 2003 08:20 GMT

Police say companies need to be more aware of the growing risk of corporate identity theft, following a recent spate of frauds that targeted customers of several high street banks.

Over the past month, internet banking customers of NatWest, Lloyds TSB, Barclays, Citibank and Halifax have received emails that appear to be from their bank. The emails contain a link that redirects the user to a replica of the bank's official website, which has been set up in order to extract the customers' usernames and passwords.

The National Criminal Intelligence Service (NCIS), which works with the UK's law enforcement agencies to fight organised crime, is concerned about this growing phenomenon because the general population is often not computer-literate enough to tell the difference between a spoof email or website and a genuine one. According to the NCIS, this lack of education makes it relatively simple for organised criminals to target online banking customers in an attempt to gain access to their accounts.

A spokesman for the NCIS, who requested anonymity so his name would not be used in future email scams, said companies should work towards reducing the risk of their corporate identity being abused.

Basic precautions could start with a company ensuring it owns all the different permutations of its name. For example, if a customer received an email from or was redirected to a website using the "barclays-banking.com" domain, they might believe it to be genuine, but Barclays does not own that address; at the time of writing, it is available for anyone to buy. Similarly, although Lloyds TSB owns "lloydstsb.co.uk", it does not own "lloydstsb-bank.co.uk", which could easily be used in a future 'phishing' trip.

The NCIS spokesman said people need to get to know the email systems as well as they know the traditional postal system. "People know that stamps are perforated, business envelopes look a certain way and if they get a handwritten envelope from a business, they think 'that's a bit strange'. But with email, although those indicators are present, people have not yet learned to look for them," he said.

Nigel Miller, commerce and technology partner at law firm Fox Williams, said banks are in a tricky position because on one hand they encourage customers to migrate to online banking services and try to convince them they are safe, but with the other hand they have to warn them of the risks. "What is the responsibility of the bank to educate their customers? It doesn't sound very good when you are trying to sell them a service, but have to tell them how risky it is," he said.

Munir Kotadia writes for ZDNet UK

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

  • Jobs
Junior to Mid Level Developer. JAVA / J2EE - Finance - London -

You will gain immediate exposure to real projects for leading investment banks, financial institutions and other blue chip organisations. My client ...

Technical business analyst - Credit / Market risk - SQL- Sybase

Willingness to learn new technologies and systems to meet the banks market risk requirements would would be adventurous. Pre-settlement risk ...

Client Valuations Business Analyst - Tier 1 Investment Bank! UpTo 80k

My client is one of a few banks still looking to grow this year even with current market conditions. The role even has elements of ad-hoc project ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.





Quick Sitemap Links: