The arrest of a man believed to have collected more than £100,000 in fraudulent UK tax rebates shows that security needs to be built into the design of each digital reform, says security firm Thales.
The man is one of five arrested in connection with an HM Revenue & Customs (HMRC) investigation into a gang of cyber attackers suspected of identity theft from 700 UK citizens to commit tax fraud.
If citizens and government are to get the most out of migrating interactions online, such as collecting welfare benefits via Universal Credit, there is an overriding need for some form of secure identification credentials, according to Ross Parsell, director of cyber security at Thales UK.
“Being able to verify, manage and protect the identity of claimants will be central to the success of the programme,” he said.
Parsell said MPs are correct to warn that the Universal Credit system presents a serious fraud risk.
“Although the Public Sector Network (PSN) will provide a secure back-end communications infrastructure, a question mark still remains over whether the government will be able to verify, manage and protect the identity of claimants,” he said.
With 1.56 million people claiming Jobseeker’s Allowance at a minimum of £56.25 a week, just that element of welfare presents a £4.56bn fraud risk over the course of a year, said Parsell.
“Piggybacking on a bank’s identification system could be a low-cost solution for the government in using two-factor authentication with chip and pin,” he said.
In January 2013, UK fraud prevention service Cifas said the fraudulent use of stolen or fictitious identity details is the biggest fraud threat.
Analysis of fraud trends in 2012 revealed 50% of all frauds identified during the year related to the impersonation of an innocent victim or the use of completely false identities.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy