Mike Haley began his career as a fraud investigator for Her Majesty’s Revenue & Customs (HRMC) (equivalent to the U.S. IRS). After cutting his teeth at the HRMC, he worked in public sector fraud prevention roles including leading teams investigating fraud against the National Health Service (NHS) and local government, among other assignments. Mike moved to Cifas four years ago as Deputy CEO and stepped into the CEO role last year. He recently agreed to an interview with About-Fraud to highlight what Cifas plans are for future fraud in the UK and globally in the coming years.
RS: What is the purpose of Cifas? Has it evolved over time?
MH: We exist for one reason only – to protect the UK from fraud. We’ve been doing it successfully for 3 decades now, and we currently help our members save well over million (£1 billion ($885 million) per year.
We were started by 7 companies in retail credit who saw that the same fraudsters were targeting each of them but the companies were not sharing information to prevent fraud. We have steadily expanded to include all the retail banks and a large proportion of financial services market in the UK (loans, asset finance, insurance) and beyond financial services to include telecoms and online retail and more recently the public sector. But our purpose remains the same.
RS: What sort of cooperation exists in the UK between the private sector, government and non-profits (AKA “third sector”)? Where is there room for improvement?
MH: A couple of years ago the UK government set up the Joint Fraud Taskforce to encourage collaboration against the large volume of fraud across the public and private sectors and law enforcement. I assumed the chair of the taskforce last October.
The purpose of the taskforce is to create an environment that makes it harder for fraudsters to operate and easier for those in the fraud prevention community to cooperate. It is starting to get some traction with regard to common solutions on card-not-present (CNP) fraud and money mule activity. However, there is room for improvement in terms of bringing in Big Tech and social media platforms to play their part in preventing more fraud from happening.
Cifas coming to Israel in June
RS: Why is Cifas coming to Israel for FraudCon in June? Is Cifas looking to take a more global role? Can non-UK companies become Cifas members?
MH: There are many reasons for coming to FraudCon. Firstly, we want to learn from the presenters and have exposure to the burgeoning tech industry in Israel. Secondly, to network with a wider range of fraud professionals and take on different perspectives. Thirdly, Cifas is looking to expand our successful not-for-profit fraud data sharing model to other countries. We are doing so in Ireland in the next 12 months and are supporting an initiative in the Netherlands to introduce a Cifas-type system in Holland. We would be willing to talk to partners to see if we can create a similar system in any other country including Israel!
We have sister organizations already in South Africa and Australia and last year we created a new initiative called the Global Financial Crime Prevention Network to facilitate the exchange of global fraud trends and eventually data on fraudulent signals and individuals. As the largest among the established fraud data sharing communities we consider that the time is right for us to take a more global role.
We do have non-UK based members of Cifas but they are all operating in the UK market and selling to UK-based consumers, and they get benefit from being part of the fraud prevention community in the UK and our data. We are considering opening up an associate membership so that other companies can have the benefit of the intelligence sharing platform and community connections next year.
RS: What specific Cifas effort or project has been the most successful to date?
MH: Our most successful initiative was and remains the creation of the National Fraud Database (NFD). More than 300 organization share their fraud data through the database in real time with other members on a reciprocal basis. These are cases of fraud that have met a high evidence threshold and so a match against the data held in these cases is highly indicative that you have a fraudulent attempt at account opening or that a false identity is being used. Over the 30 years that the NFD has been in place members have reported savings of £14 Billion ($12.4 billion) cumulatively.
Major fraud trends in UK and elsewhere
RS: What are some major fraud trends in the UK in 2019 that you’ve noticed at Cifas?
MH: Fraud changes over time but over the last decade we have seen an inexorable rise in identity fraud, with year–on -year increases in identity theft fraud. In recent years this has changed from the use of synthetic identities to the mass impersonation of true identities: last year 184,000 genuine identities were used in the UK to perpetrate fraud. In the recent past we have also seen a growth in authorized push payment frauds and an increase in facility take over and money mule activity.
RS: How does fraud in the UK differ from fraud in the US and /or Continental Europe?
MH: I would like to understand more about fraud trends in other countries. We have stronger links with South Africa and Australia and Commonwealth countries and see that the same trends and scams we are seeing in the UK repeated there. The growth of internet banking and online retail has led to the ability of organized crime gangs to target multiple jurisdictions. I would consider that economies that have competitive and open financial services will have similar problems of mass attacks through the online channel in particular. Whereas economies, where you still need to produce in branch identity documents, for example Germany, will have different fraud problems.
RS: Has Brexit impacted the fraud landscape in the UK in any way? Will it significantly impact KYC and payments regulations for UK FIs? Will it impede any data sharing partnerships that are used to prevent fraud?
Will Brexit Matter
MH: Brexit has yet to happen and it does depend on what type of Brexit will occur. Hopefully an orderly Brexit where we can continue with law enforcement cooperation will be the final result. So far as information sharing, whatever the outcome of Brexit, the UK has adopted the EU General Data Protection Regulation (GDPR), which creates an explicit lawful reason to share data to prevent fraud.
The UK is also implementing PSD2 and the financial services are embracing Open Banking and the requirements for SCA. Time will tell whether Brexit will have a negative effect on fighting fraud and financial crime but my view is that, more than anything, UK business is pragmatic and generally outward looking and will adopt similar regulations to the EU and look to continue to cooperate for the common good.
Cifas’s outward look toward the future
RS: What sort of interactions does Cifas have with non-UK companies? Please distinguish between interactions with foreign FIs and fraud solution vendors.
MH: Until the last couple of years Cifas was very much focused on the UK market and providing fraud prevention solutions for our members, generally in cooperation with UK-based fraud solution vendors. More recently the growth of fraud tech in places like Silicon Valley/USA and Tel Aviv/Israel has led us to look further afield learn about new techniques and technologies, and to make new partnerships. That is why were are coming to FraudCon this June.