Online retailers and service providers must beef-up fraud detection and prevention

Consumers could vote with their feet if high profile incidents of identity theft continue to hit the headlines

The National Identity Fraud Prevention Week has kicked off in the UK but banks and online retailers are still failing to adequately protect themselves and their customers from online identity theft, according to experts.

The campaign, organised by public- and private-sector organisations including the Metropolitan Police and fraud-prevention service Cifas, only covers paper-based fraud, although this can influence the online world, according to Neil Munroe of credit reference agency Equifax.

"Materials collected by fraudsters to form someone's identity can lead to accounts being altered or created online," he argued. "The public are now aware of identity fraud and probably know at least some of the steps they should be taking, but apathy is still defeating the work being done."

But even though offline fraud represents the majority of fraud cases, criminals are increasingly targeting consumers online and firms must respond, according to Peter Bove of decision-management specialist Fair Isaac.

"It's a growing concern [in the banking sector] because where mortgage, savings and current accounts are linked, consumers can record massive personal losses," he explained. "Banks [rely on the internet] to cut customer service costs but consumer confidence can be affected by big publicised losses."

Bove welcomed awareness-raising initiatives for the public but argued that banks should also fulfil their responsibilities by providing better anti-fraud solutions.

He recommended that banks implement bilateral authentication systems, whereby customers can ask questions to verify the bank as well as authenticating themselves, and integrate two-factor with geolocation and behaviour-based authentication systems.

"Banks had focused on reducing their biggest losses from fraud [which were on the high street], but that's changing," Bove explained. "From next year we'll see the introduction of the Faster Payments Scheme by Voca, which will remove the overnight delay in processing payments that was the [banks'] first line of defence against fraud."

Gary Clark, European vice president of cryptography specialist SafeNet added that
campaigns such as the National Identity Fraud prevention Week incidents of ID theft have more than doubled in the last five years are critical in raising public awareness."

"All organisations conducting financial transactions online should be using two-factor authentication technology to protect their customers' confidential data and improve consumer confidence online," he said. "Organisations must make sure they rise to this challenge 24/7/365, not simply in the week when the world is watching."

David Porter of IT security consultancy Detica added that awareness-raising campaigns like Get Safe Online tread a fine line between consumer education and scaremongering.

"Organisations could do more to tighten their security practices [in line with standards] to stop this data being stolen in the first place," he argued. "Then the onus falls equally on firms and consumers to detect fraud as soon as possible."

Meanwhile, threat management specialist Cybertrust last week released advice for firms on how to mitigate the risk of call centre data breaches, which could deter online customers from using their services.

Recommendations included annual security audits of the centres and establishing clear data control policies.

In other news, RSA Security's monthly Online Fraud Intelligence Report released in October found a decrease in the number of brands attacked by phishing but an overall increase in the number of attacks of 48 percent in the last four months.

The firm's security experts predict that this figure will continue to rise through to the end of the year.