Identity theft fraud is on the increase. In July 2016, CIFAS warned that Facebook, Twitter and LinkedIn have become a “hunting ground” for identity thieves, with more than 148,000 victims in the UK in 2015 , up 57% on the previous year.
There are two UK databases aimed at alerting lenders to possible fraudulent applications for borrowing: National Hunter and Cifas. Many people will go their whole lives without ever needing to know anything about them, but there are three situations where you may want to find out more:
- if you are being asked to supply a lot of extra information whenever you want to borrow some money;
- if you have been rejected for credit and can’t think of any good reason why this might have happened; and
- if you have been the victim of identity theft and you want to stop it happening again.
1) You are being asked to supply more information
If you try to take out a new mobile contract or sign up in a shop for a 0% deal on a new carpet you are buying, then you are contacted later and asked to send proof of identity / proof of address, this may be a sign that your credit application has been flagged as needing more checks. The creditor could have been alerted to possible fraud concerns by running your applications through one of the fraud databases.
(NB I’m talking about something unusual here – if you apply to open a bank account or a savings account, you normally have to provide proof of identity / address. This isn’t fraud prevention – although it does help with that – it is part of the standard money-laundering checks banks have to make.)
If this happens once it’s probably no big deal – after all you do want lenders to make checks otherwise there will be a lot more identity theft than there is at the moment. But if you find it’s happening a lot, you might decide to find what is on the fraud databases that could be causing this – see below for how to do this.
2) You can’t imagine why you have been rejected for credit
If you are turned down when you apply for a loan, credit card or anything that requires a credit check, you need to think why. There are many possibilities and although having a problem entry on a fraud database is one, it is pretty unlikely, so you should look at the more common reasons first:
- debt problems such as CCJs, defaults, late payments etc on your credit history with any of the three Credit Reference Agencies (CRAs)? Here’s how to check your credit files;
- check the personal information on your CRA records is correct: names, address, old addresses, on the electoral roll (lenders think this is really important, so sign up if you aren’t!);
- credit score problems with anyone you are linked to financially? Try to de-link from anyone you no longer live with or who has a poor record;
- you have too much borrowing already for your income – this is a common reason for being refused a large consolidation loan;
- have you got too much spare credit?
- too many recent credit applications? Don’t make any more for a few months!
- little or no credit history? Lenders like to see that you are good at managing credit, so it can be hard to get anyone to accept you at first. Try a low value monthly mobile contract or talking to your own bank. If they don’t accept you, consider a “bad credit” credit card – be careful as these can be traps for the unwary.
- previous history with the lender. If you had debt problems a long while ago with this lender, the lender may still have records of these even if they have disappeared from your credit file.
But if your credit record appears fine and there don’t appear to be any other reasons why you should be turned down then it is a good idea to check the fraud databases, see below.
3) You have been the victim of identity theft
Look out for anything unusual:
- debts on your CRA reports that you don’t recognise;
- getting letters / emails / phone calls from lenders or debt collectors about credit you didn’t ask for / accounts you don’t know you have / goods you didn’t order. Even if these are saying that you have been refused credit, you should follow up on this as the fraudster may try again and succeed;
- payments from your bank account or credit cards that you don’t recognise. Of course this may just be a payment you did make where you don’t recognise the company name, but it’s better to check up on mystery lines to be sure;
- regular monthly bank account or credit card statements do not arrive;
- a debit or credit card expires and you haven’t been sent a replacement.
Experian have got a good leaflet on what to look out for and what to do if you think you may have been the victim of identity theft. They also have a Victims of Fraud team that can help you sort out problems.
If you spot one identity theft problem, there may be others. You need to check all three CRA files for entries that you don’t recognise and it’s a good idea to check both fraud databases.
Checking the National Hunter database
National Hunter keeps records of credit applications to the 50 lenders who use its system – at the moment it has about 630,000 records. Lenders then check this when they receive a new application, looking for inconsistencies. The idea is that someone who is applying for credit in your name may not know your date of birth, middle name, marital status, income etc, so if a National Hunter check throws up something which doesn’t match, the application can be looked at in more detail. Obviously this could generate flags where there isn’t a real problem – using a nickname, not a full name or if you have just received a large pay-rise. The aim is for the lender to make further enquiries, not automatically reject an application.
To check what information National Hunter have about you, you need to make a Subject Access Request, which they have to reply to within 40 days. Use the National Hunter SAR form, enclose the proof of identity required and the £10 fee.
This information may show nothing interesting – you recognise all the applications and they all look correct. Just because your application is on the database doesn’t mean that it is suspected of fraud. But if there are applications held which you didn’t make, this could be identity theft and you need to look into it further.
The other possibility is that a lender appears to have recorded something incorrect about you – this is much rarer. For example, a lender may have recorded “hidden buy to let” against your mortgage application, which could result in you being rejected for other mortgages. If this happens you need to ask the lender to correct the information, not National Hunter who are only holding what is reported to them. If the lender refuses to correct information, complain to the ICO.
National Hunter retains information depending on how the lender flagged the information:
- for 6 months – applications marked with an overall status of ‘Clear’, i.e. the lender has no concerns on the data provided within the application;
- for 3 years – applications marked with an overall status of ‘Inconsistency’, i.e. the lender has identified a discrepancy between the information provided by the applicant and information found, or not able to be found or verified elsewhere;
- for 6 years – application marked with an overall status of ‘Refer’, i.e. any National Hunter member who accesses this record may wish to contact the original loading member for further information if required. The reason for the refer status is usually included within the data held.
Checking the Cifas database
When a Cifas member identifies a fraud, a warning is placed on the Cifas database. This shows the name used in the fraudulent application. If this is your name, it doesn’t mean that you are suspected of fraud, just that someone has used your name. So if you apply to another Cifas member, they will get a message saying Cifas – Do Not Reject – Validation Required. This could be why you are being asked to supply additional information when you apply for credit. By requiring extra proof of who you are, it is protecting you against further fraud.
To check if Cifas is holding any information with your name on it, you should make a Subject Access Request, using the Cifas SAR form: enclose your proof of identity required and the £10 fee. They have to reply to within 40 days but aim to reply within a week.
If you disagree with some of the information held by Cifas, you should first try to get the lender to correct it. If this fails you can ask Cifas to look at the problem. You can also take your complaint about what the lender has done to the Financial Ombudsman – the February 2017 FO Newsletter includes some case studies about Cifas markers.
Cifas retains information relating to fraud for six years. Victim of Impersonation date is retained for 13 months.
Cifas “Protective Registration”
If you have had identity theft problems, or perhaps you are just worried that you could have if you know some personal information has been stolen, then to try to prevent them from happening in the future you can ask Cifas for Protective Registration:
When you request Protective Registration, we place a warning flag against your name and other personal details in our National Fraud Database. This tells any organisation that uses Cifas data to pay special attention when your details are used to apply for their products or services. Knowing you’re at risk, they’ll carry out extra checks to make sure it’s really you applying, and not a fraudster using your details.
This will make it harder for anyone to take out credit in your name. You won’t be refused credit because you have asked for Protective Registration, but the process will be longer and you may have to provide additional information. Protective Registration lasts for two years.