Direct Debit fraud - the hidden threat

It is commonly accepted that criminals react very quickly to newly-introduced security measures. Perhaps it is not surprising that as new fraud prevention technologies such as Chip and PIN and two-factor authentication have become the norm, fraudsters are already moving to the next perceived loophole - direct debits. Typically this is, as discussed in the report, a fraud of "misuse of facility": using someone else's bank account to pay the fraudster's bill. The telecoms industry provides a prime example of the challenges around direct debit fraud. Criminals set up unauthorised direct debits on third-party bank accounts or by using stolen and/or made-up account details and walk out of high-street shops with expensive smartphones and no intention of paying the ongoing subscription.

From our research many corporates still report direct debit fraud as theft and therefore report it to the police instead of informing their bank or a clearinghouse such as Bacs. It is therefore not surprising that these organisations don't get to see the true picture. What businesses have to bear in mind, however, is that, as cheques decline and efficiency becomes paramount in this new age of austerity, there is a general drive in both the private and public sector to move more and more payments to Direct Debit. A propotion of these will be fraudsters posing as legitimate customers and this report provides a first estimate of this fraction.

It is heartening to see a business talking openly about the problems of preventing fraud. Only by facing up to the challenges, including what measures could be applied to manage the problem, can the payments industry start to take control. The key is further verification of the data provided. Direct Debit originators should check the account numbers appear to be valid, but best practice is to confirm the link to the owner of the account, authenticate the prospective consumer and, ideally, his or her address.

Fraud considerations, especially in today's financial climate, need to be top of the agenda for financial institutions and corporates. In order to prevent a rise in direct debit fraud, companies need to adopt the relevant data validation tools to verify a customer's account at the point of entry. Connecting an individual's identity to their bank account and address is one solution; only by linking these three pieces of information can corporates really be sure of their consumer information, and more importantly the source or destination of their customer's funds. Preventing fraud is like repairing a burst pipe - it is only when all the holes have been plugged that there will be no leakage.