Industry Voice: Protecting against Cyber crime

23rd September 2021

Protecting against cybercrime, implementing Secure ID & Verification, whilst maintaining trust at the core

Chris Jones, Managing Director, Civica Pensions

The rapid advance of digital technologies has transformed our everyday lives, from paying bills to planning our holidays. As citizens, we take for granted that we can access and manage our personal finances at the click of a button, including our pension. Although digitalisation has offered many people an extraordinary level of visibility and control over their retirement planning, it’s also introduced new, and more sophisticated forms of criminality.

Cybercrime is an increasingly serious threat for virtually every business, public body, and private citizen. Online fraud, data breaches and hacking of well-known businesses and organisations are an almost daily feature in our national press. Just last month Scotland’s largest Local Government Pension Scheme reported a suspected £300,000 fraudulent claim to the police, after it was revealed a deceased pensioner was receiving pay-outs! Families not disclosing that a member has died, has always been one of the classic risks for any pension fund.

Pension schemes pay out millions in benefits every year, so the impact of fraud is high. As the ‘trusted guardians’ of the future financial security of millions of people, cybercrime, fraudulent activity, and the associated costs and reputational damage are among the many challenges faced by pension funds…

(Unfortunately) this is nothing new.

Despite the National Fraud Initiative’s (NFI) best efforts its most recent report identified £55.5 million of pension fraud and overpayments, relating to pension payments of a deceased.

Identity fraud - criminal offence for monetary gain

Technological advances have enabled criminals to produce high quality, false documents and the internet has made these easy to acquire.

Since the COVID-19 pandemic, Interpol has reported an alarming 59% of threats, categorised as Phishing/Scam/Fraud attempts which is an enormous concern for the pensions industry.

You name it…passports, bank statements and death certificates can all be replicated and manipulated – even for the trained eye, it’s difficult to spot. If these documents are used within organisations that haven’t invested in smart detection software (which is the case within many pension funds), they’re opening their doors to successful fraud, which poses a serious risk for both themselves and their customers!

Pension funds face the twin challenge of ensuring that their member portals are both user-friendly and secure. From one-time codes to hidden identity checks, there’s numerous steps that can be taken by both the funds and their customers to ensure maximum trust and security. Our customers are also exploiting enhanced identity document checks to alleviate the risk of false (UK and foreign) identity documents being used; whilst checking for signs that they’ve been tampered with. These digital checks are extremely accurate, harnessing the expertise of specialist ID and Verification partners and extensive technological advances. These capabilities are far more extensive and accurate than the naked eye of one of your administrators.

Existence fraud – stealing the family silver

Pensions being illegitimately claimed (usually) by family members is a classic problem. This significant risk of fraud is usually associated with a close family member of the deceased, who fails to declare a death and consequently falsely allows pensions to be paid, in some cases for years after.

Since the pandemic and remote working, we’ve seen a push to update previously awkward processes to verify a pensioner is still alive. Embracing specialist technology in this area, we’ve embedded proof of life checks into many processes both online and within the pension’s administration functions. These silent checks confirm whether a member appears on a deceased list and stops any possible existence fraudster in their tracks!

We’ve also streamlined the proof of life process by publishing this on our member portal, allowing members to photograph their ID and go through a live check to verify themselves, removing the cost and risk associated with paper based ID verification processes. This can also be used for overseas members, providing a swift and easy service for both the member and the fund.

Inside Fraud – hand in the till

There are risks from inside a Pension Fund, with staff who have access and knowledge to carry out a variety of frauds. ‘Lost pensions’ are a particular risk, and many beneficiaries wouldn’t even realise that they’d become a victim of fraud (as many lose track of their pension pots). With an estimated £20 billion in lost pensions out there, according to new stats from the Pensions Policy Institute, and the average missing pot worth almost £13,000, this presents an immense risk.

To tackle insider fraud, embedded bank validations ensure that we accurately verify UK sort codes and bank account numbers – guaranteeing that all details are valid. We safeguard the process even further by checking all details match the member, to be extra vigilant. With every step of any process captured we know exactly what users have been doing, with a forensic ability that confirms pensions are protected.

#TrustedPartner – giving you the assurance that you and your members need

As expectations change, citizens want more access and control over their pensions via member portals. This is where pension funds need to guarantee security and be assured that they can trust the technology they’re using to protect their customers’ money. At Civica, we’re constantly challenging ourselves to invest in research and development, to come up with new creative solutions to counteract cyber threats and ensure maximum security.

Cybercrime will always be a challenge, and the risk of pension fraud has never been greater. But as the risks grow, so too do the means to tackle them. With continuing advances in cyber-security there are now powerful techniques to mitigate against identity, existence, and insider fraud.

Civica continues to take advantage of advances in cyber-security to develop cutting-edge, sophisticated document checks and services that allow funds to assure members that trustworthy security controls are in place – guaranteeing the protection of pension transactions.