For sheer Inspector Clouseau incompetence, it doesn't get any worse than the personal details of 25 million Britons lost by the Revenue. Putting aside the ins and outs of this ghastly episode, I suppose we have to hold on to the hope that finally the crime of ID theft will be taken seriously. It hasn't been until now, except by those who have fallen victim or, even more unpleasantly, found that a deceased relative has had their details stolen and used to secure credit.
An estimated 100,000 people – equivalent to the population of the city of Exeter or Cambridge – will have had their identity stolen by the end of the year, according to Cifas, the body set up by banks and mail order companies to alert consumers to the threat they face from the fraudsters. Cifas also says that less than 1 per cent of cases of ID fraud are investigated by the police.
For various reasons, identity fraudsters have only a slim chance of getting caught. Some cases can be brutally complex; there simply aren't enough police to do the job; and usually rival banks and credit card companies do not co-ordinate their data or efforts, so trying to piece together a trail of evidence can be a nightmare, and by the time it's done, the fraudster has moved on. But according to some victims, even when they have tracked down the fraudster themselves, the police aren't interested.
One would now hope that the Revenue, having faced the deluge of bad publicity and lost its chairman, will be extra careful with people's data in future. However, the recent loss of information on 15,000 Standard Life customers and the continuing, systematic and massive prevalence of tax credit and VAT fraud, shows HMRC is overwhelmed. Fraudsters always go for the weak points of a structure. HMRC, gargantuan in size and with complex tax and benefit rules, is full of weak points.
The banks and utilities have to do more to tackle ID fraud. Often, this starts with lost, stolen or redirected post. What to do? Fewer items should be sent through the post, particularly unsolicited offers of credit, and online statements and billing should be used wherever possible.
Strangely enough, the Financial Services Authority's money-laundering rules – which require firms to have proof of personal identity before a savings or investment account can be opened – may be making things worse. Ever since the rules were introduced, financial institutions have been asking for a blizzard of sensitive documents to be posted to them. Some suggest this allows them to capture more data about their customers and even to put off potentially less valuable low-income applicants, who tend to have fewer means of proving who they are.
I helped an elderly relative open half a dozen postal savings accounts last year. The banks and building societies required up to three original ID documents to be posted to them or taken into a branch to be copied, which also entails a fraud risk. Interestingly, the government-backed National Savings & Investments asked for nothing. They verified my relative's identity by a quick search of the electoral roll.