The pensions sector is facing a looming fraud crisis that could see millions of pensioners scammed out of their life savings, according to a report from LexisNexis Risk Solutions
The Digital Pension Fraud: a looming crisis awaits report found that industry experts fear greater accessibility to draw down cash from retirement savings as digital pension services come online will leave pension holders highly vulnerable to a wide-scale wave of scams.
The UK pensions market, valued at over £13.9bn ($17.3bn, €16bn), ranks as the second largest worldwide, making it an attractive target for global organised crime groups.
With the UK pensions dashboard on the horizon, most schemes are in the process of implementing digital access for customers. Yet according to recent research, only a third (29%) of schemes have implemented any electronic ID verification processes and almost half (43%) admit to not having tested the strength of their resilience to cybercrime.
The Lexis Nexis whitepaper warns that pensions providers must consider implementing robust fraud and identity checks upfront, when establishing new digital services. Schemes that fail to include multifactor authentication, multi-layered device and biometric intelligence at login risk allowing fraudsters to gain access to member accounts with just a few pieces of stolen information.
Jason Lane-Sellers, fraud and identity expert at LexisNexis Risk Solutions said: “Whenever you have a self-service portal or similar that centralises data, it’s going to be a target for fraudsters wanting to gather information and then attack the end users to get them to commit transfers, cash-outs or other movements. Centralised systems, like the dashboard, are a source of pre-canned information potentially to facilitate the various attacks in the digital space.
“We’ve seen similar trends in other industries such as banking, finance, ecommerce, telecoms and more recently with BNPL. It’s really important the pensions industry learns lessons from other sectors that are ahead of them on the digital journey, rather than waiting for a major breach and for the regulators to mandate action.”
Key issues
The report identifies two key issues contributing to the lack of urgency amongst schemes.
The first is that trustees are not currently held accountable for protecting members from fraud. And secondly, regulations that create obligations around fraud and identity protection for workplace pensions have yet to be established. Instead, the onus is placed wholly on members to protect themselves from fraud.
The report also highlights that many pension schemes’ existing fraud prevention measures come too late in the online customer journey to adequately protect members.
Kim Gubler, director and chair of the Pensions Administration Standards Association (Pasa), added: “Until now the pensions sector has been largely protected from widescale digital fraud, but that is about to change as the industry embraces digital transformation.
“You can guarantee the fraud community is waiting to exploit this opportunity. Prevention is better than a cure – we need to learn from other sectors that have been fighting this battle for a number of years, identify the weak points in the process and strengthen defences using data and technology to protect members – including being proactive in educating people about the risks.”