Sharing fraud data to prevent further fraud

Credit CardCIFAS is the UK’s Fraud Prevention Service with 265 members who share information about fraud to prevent further fraud. It is the world’s first not-for-profit fraud prevention data sharing scheme. In this article, CIFAS chief fraud-buster Peter Hurst describes his organisation and how it wants to work with the public sector to help reduce the astonishing high fraud losses that the public sector experiences.

Many of us know that you were involved with CIFAS long before you became chief executive. Were you close to CIFAS in 1988 when CIFAS was founded?

1988 is so long ago. I was at Barclaycard working as a senior manager in their Credit Management area. Work was just getting under way to share details of accounts in default with other lenders. I was aware of CIFAS but it was two years later when I took Barclaycard and later the whole of Barclays Bank into membership.

What attracted you to CIFAS?
Fraud was running out of control, particularly on applications for financial services products. Both retail store cards and bank issued credit cards were the prime targets. The economy was in boom mode and about to shift towards recession, as we saw a few years later in 1992. CIFAS offered a way for lenders to protect themselves from fraud without relying on anyone else, like the police or regulators. It was self-help at its best.

The founder members of CIFAS were all from the retail sector. They were Burton’s Financial Services, House of Fraser Card Services, Lombard Tricity and Welbeck Finance (now all part of Santander), St Michael Financial Services and Beneficial Bank (now both part of HSBC), Club 24 (now known as Ventura) and Sears Financial Services, now known as Creation Financial Services.

The people behind CIFAS from these organisations were all highly committed to its success. Between them they had decades of experience of fraud investigation and of risk management processes across all types of organisations and were convinced that a fraud prevention service would work. They had no formal business case – it was an act of faith and one that paid off handsomely as they always knew it would. They were an impressive leadership team and I admired their tenacity.

I have been involved in CIFAS since 1990 when I chaired the APACS application fraud committee. Having led Barclaycard and later Barclays Bank and the other banks into membership, I joined the CIFAS management committee that later became the Board when CIFAS became a company limited by guarantee in 1991. Then, after going on to chair the ‘First Party Fraud Working Party’ and the Banking Sector Working Party, my working life took a different turn. By 1994 I was working in credit risk and I had little involvement with CIFAS until 1999 when I left Barclays to take up my current role as chief executive of CIFAS. I am often asked why I left the security of working for a large organisation for a small organisation, but I have never looked back nostalgically. I felt more like a caged bird being set free and this job is the most enjoyable role I have ever had. 

Did you get away with joining CIFAS without a business case?
Not exactly. By 1990 when Barclaycard was considering joining CIFAS, there were already some impressive results from the retailers. We knew that we could replicate those. In the summer of 1990 we joined CIFAS and immediately cross-checked the whole Barclaycard portfolio against the database. £1 million of savings were achieved by identifying frauds where we had already opened an account, and we were able to close them before the losses grew. In those days annual profits were £100 million so £1 million in savings was a huge success. The Home Office subsequently published a report on this exercise as a case-study in how to prevent fraud successfully. It set the tone for a major shift from fraud investigation business models towards a fraud prevention business model.

CIFAS has grown from its eight founder members to over 265 today. Why has it been so successful?

In the early years CIFAS was managed by the Consumer Credit Trade Association. By the time CIFAS employed its first staff in 1990, there were already 50 members. The credit for this phase of development very much belongs to Anthony Sharp and John Patrick from the CCTA and the CIFAS Management Committee, as our Board was then known. In 1991 Alan Hilton was appointed as the first executive director of CIFAS and June Hale and Lissi Hedevang subsequently joined him. Lissi is still with us today as my PA. By 1999 when Alan retired, and I joined CIFAS as chief executive, there were 160 members, a tremendous testament to their hard work. Since then, the membership has continued to grow and we have launched a Staff Fraud Database as well as replaced all of the legacy 1980s systems with the latest technology. 

Why are we successful? I think it’s because the CIFAS membership is a close knit community of fraud professionals who trust one another. When an organisation joins CIFAS, it is not buying and selling data. It is linking into a trusted network of people who set high standards, and because CIFAS operates on a not-for-profit basis but still with an extremely business-minded approach to cost-effectiveness, the overall value for money that we can deliver is better than for any commercially supplied service.

Over the last five years, members have reported that they have prevented a total of £4.2 billion through sharing fraud data through CIFAS, or in another words, over that period they have saved £268 of fraud for every £1 of subscription fee that they pay. Few, if any, commercial solutions could claim that return on investment. It makes us quite unique. Our not-for-profit business model established by our founders is as valid today as it was in 1988.

You often describe CIFAS as a unique organisation. In what other ways is it unique?

CIFAS is the world’s first fraud data sharing scheme. This is a field in which the UK leads the way. The innovation and creativity that goes into our fraud prevention solutions is quite unlike anything found in other countries. The UK leads and others follow. I think fraud professionals need to be recognised more in the UK for the benefits that they bring to our economy. In the private sector we have a great success story to tell and we need to replicate that success in the public sector, especially now when public funds are so tight, both to keep taxes down and to free up funds for front-line service delivery.

CIFAS is the closest thing the United Kingdom has to a National Fraud Database. The founders of CIFAS realised very early on that the more complete the fraud data-set, the more likely it would be that frauds would be prevented and detected. They put an incredible amount of effort into achieving a database with critical mass. They also realised  that the better the tools that use the fraud data-set, the more likely it is that frauds will be prevented and detected, so they entered into partnerships with the original participating agencies. Only here do you find a variety of organisations working together to deliver services that make the UK a more hostile place in which to commit fraud.

Why do you think that CIFAS should be trusted to hold extremely sensitive fraud data?

We don’t buy and sell data. There is no commercialisation. We don’t collect data about anything except confirmed frauds and we don’t deal in suspicions or hearsay. We operate to high standards and ensure they are achieved by investing heavily in an audit and best practice regime whereby each of our member organisations is visited and reviewed annually. We check how they obtain our data and exactly what they do with it. We also employ computer auditors to audit the organisations that deliver our data to our members. We have a low tolerance for poor standards and on those few occasions where we find them, we involve the chief executive of the organisation. 

As a not-for-profit organisation we do what’s right, and not just what would make commercial or business sense. Over the last ten years I have had to tell a member to leave CIFAS but could you imagine a commercial organisation ceasing to do business with a client in a recession? We have to take a wider and more long-term view. That’s why we are still here after 22 years.

When an organisation joins CIFAS they can be confident that they are joining an organisation that treats all data, including the data about criminals with respect, and one that never sells it or uses it for marketing purposes.

Isn’t CIFAS just a consumer fraud blacklist in reality?

We exist to protect both our members and the public from the actions of criminals. Over 50 per cent of the records on our database relate to identity theft and we protect tens of thousands of victims each year from repeat attempts to use their identity, both through victim of impersonation markers placed on the database by our members and through our Protective Registration Service. This enables members of the public, at risk of identity fraud, perhaps following a theft or burglary, to place a warning on our database to protect themselves.

We also operate entirely transparently. Our website explains how the CIFAS database is used, who our members are, and how to obtain a copy of any data held about you. I would challenge anyone to demonstrate that other fraud services are as transparent as we are.

Our founder members required CIFAS to help to protect the victims of fraud. They said that members must recognise “the importance of ensuring that innocent members of the public are not prejudiced by reports of alleged fraudulent acts or information.” To this day we take this very seriously and continue to resource services to achieve this.

Why is CIFAS targeting the public sector?
The simple answer is because we know that we can help reduce the astonishing high fraud losses in the public sector. A recent National Fraud Authority research report has put public sector fraud losses at a mind boggling £25 billion a year.

CIFAS was designated as a Specified Anti-Fraud Organisation (SAFO) under the Serious Crime Act. This enables public sector organisations to become members of CIFAS and reap the same benefits as the private sector. A number of organisations are poised to join CIFAS in the coming months. They will benefit not just from the private sector’s fraud data, but also from sharing their fraud data with other public sector organisations through CIFAS. Many public-sector people are superb at investigating fraud, but only after the event. You find that the private sector is much quicker to use data-mining and analysis tools from the IT industry to drill down into data to uncover fraud. The public sector is largely tackling fraud using a 1980s fraud investigation business model whereas the private sector uses a fraud prevention model.

The National Fraud Initiative run by the Audit Commission is the best example of this outdated approach. It is run every two years and retrospectively seeks to identify frauds. By then it’s too late. It’s closing the stable door after the horse has bolted. The losses have been incurred. We have the expertise to help the public sector achieve more at lower cost.

I also strongly believe that we have a moral duty to help public bodies reduce their fraud losses. It will help to avoid higher taxes and free up money to fund front-line services – a double win for all of us

What are your future plans?
I want to see the CIFAS Transformation Programme that we embarked on four years ago, fully complete and all of our members using the new services, well before the old ones are switched off at the end of 2011. I am also keen to see public sector organisations fully participating in CIFAS, more insurers and on-line retailers. For our staff fraud database I would like to see it overtake CIFAS in terms of member numbers, as it has the potential to help any employer. My work at CIFAS is not done yet.

For more information