If your name is on one of these connected with fraud you may find it difficult or impossible to take out credit and your bank account may be closed.
But sometimes the information on the databases may be wrong and you need to get it corrected.
In 2020, Cifas recorded over 185,000 cases of identity theft. The numbers in the first half of 2021 went up by 11% – this is a growing problem.
When should you check the fraud databases?
Many people will go their whole lives without ever needing to know anything about these fraud databases, but there are three situations where you may want to find out more.
1) You are being asked to supply more information
If you try to take out a new mobile contract or sign up in a shop for a 0% deal on a new carpet you are buying, then you are contacted later and asked to send proof of identity/proof of address, this may be a sign that your credit application has been flagged as needing more checks. The creditor could have been alerted to possible fraud concerns by running your applications through one of the fraud databases.
(NB I’m talking about something unusual here – if you apply to open a bank account or a savings account, you normally have to provide proof of identity/address. This isn’t fraud prevention – although it does help with that – it is part of the standard money-laundering checks banks have to make.)
If this happens once it’s probably no big deal – after all you do want lenders to make checks otherwise there will be a lot more identity theft than there is at the moment. But if you find it’s happening a lot, you might decide to find what is on the fraud databases that could be causing this – see below for how to do this.
2) You can’t imagine why you have been rejected for credit
If you are turned down when you apply for a loan, credit card or anything that requires a credit check, you need to think why. There are many possibilities and although having a problem entry on a fraud database is one, it is pretty unlikely.
Check out all these more common reasons first:
- debt problems such as CCJs, defaults, late payments on your records with the three Credit Reference Agencies (CRAs). You have to check all three of them, here’s how;
- check the personal information on your CRA records is correct: names, address, old addresses, on the electoral roll;
- credit score problems with anyone you are linked to financially? Try to de-link from anyone you no longer live with or who has a poor record;
- borrowing too much for your income. This is a common reason for being refused a large consolidation loan even if your credit scores are good;
- have you got too much spare credit?
- too many recent credit applications? Don’t make any more for a few months!
- little or no credit history? It can be hard to get anyone to accept you at first. Try a low-vaue monthly mobile contract. If they don’t accept you, consider a “bad credit” credit card – but these can be traps for the unwary.
- previous history with the lender. If you had debt problems a long while ago, that lender may still have the records even if they are no longer on your credit file.
But if your credit record appears fine and there don’t appear to be any other reasons why you should be turned down then it is a good idea to check the fraud databases, see below.
3) You have been the victim of identity theft
Look out for anything unusual:
- debts on your CRA reports that you don’t recognise;
- getting letters/emails/phone calls from lenders or debt collectors about credit you didn’t ask for / accounts you don’t know you have / goods you didn’t order. Even if these say that you have been refused credit, follow up on this as the fraudster may try again and succeed;
- payments from your bank account or credit cards that you don’t recognise;
- regular monthly bank account or credit card statements do not arrive;
- a debit or credit card expires and you haven’t been sent a replacement.
If you spot one identity theft problem, there may be others. You need to check all three CRA files for entries that you don’t recognise and it’s a good idea to check the fraud databases.
See Loans taken out in your name for details of one reader’s problem and my suggestions for tackling it.
How to check the fraud databases
National Hunter keeps records of credit applications to the 50 lenders who use its system.
Lenders check this when they receive a new application, looking for inconsistencies. The idea is that someone who is applying for credit in your name may not know your date of birth, middle name, marital status, income etc, so if a National Hunter check throws up something which doesn’t match, the application can be looked at in more detail.
Obviously this could generate flags where there isn’t a real problem – using a nickname, not a full name or if you have just received a large pay-rise. The aim is for the lender to make further enquiries, not automatically reject an application.
To check what information National Hunter has about you, make a Subject Access Request, which they will reply to within 40 days. Use the National Hunter SAR form and enclose the proof of identity required – this needs to be sent to National Hunter.
This information may show nothing interesting – all the applications look correct to you. Just because your application is on the database doesn’t mean that it is suspected of fraud.
But if there are applications that you didn’t make, this could be identity theft and you need to look into it further.
National Hunter retains information depending on how the lender flagged the information:
- for 6 months – applications marked with an overall status of ‘Clear’, i.e. the lender has no concerns on the data provided within the application;
- for 3 years – applications marked with an overall status of ‘Inconsistency’, i.e. the lender has identified a discrepancy;
- for 6 years – application marked with an overall status of ‘Refer’, i.e. a National Hunter member checking this record can contact the member who added the info for more details. The reason for the refer status is usually included.
When a Cifas member identifies a fraud, a warning is placed on the Cifas database. This shows the name used in the fraudulent application.
The National Fraud Database is simple and effective. All Cifas members record instances of actual and attempted fraud against their organisation to the National Fraud Database, enabling other members to search against their data.
When members match against data on the National Fraud Database and confirm an actual or attempted fraud, they file their own case.
If this is your name, it does NOT necessarily mean that you are suspected of fraud, it may be that someone else has used your name. So if you apply to another Cifas member, they will get a message saying Cifas – Do Not Reject – Validation Required. This could be why you are being asked to supply additional information when you apply for credit. By requiring extra proof of who you are, it is protecting you against further fraud.
To check if Cifas is holding any information with your name on it, you should make a Subject Access Request, using the Cifas SAR form and enclose your proof of identity. Send this to Cifas – they have to reply within a month but aim to reply within a week. There is no charge for this.
Cifas retains information relating to fraud for six years.
Victim of Impersonation data is retained for 13 months.
The National Sira Fraud Prevention database holds c 1,500,000 records. If you want to see if any information is held about you, complete the SIRA SAR form. and supply the relevant id information.
Preventing identity theft in future – Cifas “Protective Registration”
If you have had identity theft problems, or perhaps you are just worried that you could have if you know some personal information has been stolen, then to try to prevent them from happening in the future you can ask Cifas for Protective Registration:
When you request Protective Registration, we place a warning flag against your name and other personal details in our National Fraud Database. This tells any organisation that uses Cifas data to pay special attention when your details are used to apply for their products or services. Knowing you’re at risk, they’ll carry out extra checks to make sure it’s really you applying, and not a fraudster using your details.
This will make it harder for anyone to take out credit in your name. You won’t be refused credit because you have asked for Protective Registration, but the process will be longer. You may have to provide additional information.
Protective Registration lasts for two years.
Correcting wrong information on the databases
Fraud databases record the information they are given by lenders and insurers. If you think the information is wrong. you first need to complain and ask the lender to correct it, not National Hunter or Cifas.
An example of this could be that a mortgage lender recorded “hidden buy to let” against your mortgage application on the National Hunter database. This could result in you being rejected for other mortgages.
If the lender refuses to correct information, you can complain to the ICO or take your complaint to the Financial Ombudsman. If the problem is with the Cifas database, you can also ask Cifas to look at the issue.
The Financial Ombudsman gave some examples of cases involving a Cifas in this newsletter.
I think people often feel sceptical that the ombudsman will help them or “just side with the bank”. Whether your complaint is upheld will depend on the details of the case, but here is one example where the Ombudsman made it clear that:
I also need to consider whether the report to CIFAS was made fairly. On this point, [the bank] needs to have more than a suspicion or concern. It has to show it had reasonable grounds to believe that a fraud or financial crime had been committed or attempted and that the evidence would support this being reported to the authorities.
Banking when you have a fraud marker against your name
This can be very difficult.
If you know the entry on the database is a mistake, don’t panic and apply for a bank account to every bank you have ever heard of. That will probably just get you a pile of rejections.
You may need to find a way to live with the marker while the complaint goes through – and afterwards if your complaint is not upheld.
One option is to get help from a relative or your partner. Could your salary be paid into your mum’s bank account? Then she could pay the important bills from it by standing order and transfer the rest into a pre-paid debit card in your name.
Another possibility is to look at an account with Monese.
You need to check out the costs for the different options here. If you think you have found a good one, I would love to hear about it – pop the details in the comments below.
A “Victim of Impersonation” marker is not a problem
The warning is there to make it clear you are the genuine, innocent party, and that you have been (or suspect you may be) the victim of an identity theft.
Any organisation that subsequently receives that warning will see the phrase ‘Cifas – Do Not Reject – Validation Required’. It reminds them that extra precautions must be taken to ensure that the application or facility is genuine, protecting you from further fraud.
This does not harm your credit record or cause any problems with your banking.
The marker remains on your record for 13 months. You shouldn’t try to get this marker removed – it is there to protect you.
More Debt Camel articles: