Pensions faces 'fraud crisis' as schemes fail to protect members from digital attack

Scheme identity verification standards are too basic and come too late in the process

Jonathan Stapleton
clock • 3 min read
Jason Lane-Sellers: Whenever you have a self-service portal or similar that centralises data, it's going to be a target for fraudsters wanting to gather information and then attack the end users
Image:

Jason Lane-Sellers: Whenever you have a self-service portal or similar that centralises data, it's going to be a target for fraudsters wanting to gather information and then attack the end users

The pensions sector is facing a fraud crisis that could see millions of pensioners scammed out of their life savings, latest research from LexisNexis Risk Solutions finds.

The data and technology firm's report - Digital Pension Fraud: a looming crisis awaits - said greater accessibility to draw down cash from retirement savings as digital pension services come online would leave pension holders highly vulnerable to a new, wide-scale wave of scams.

It said most schemes are now in the process of implementing digital access for customers as part of the shift to pensions dashboards - but pointed to Crowe research that showed less than a third (29%) of schemes have implemented any electronic ID verification processes and almost half (43%) admit to not having tested the strength of their resilience to cybercrime.

The report urged pensions providers to consider implementing robust fraud and identity checks upfront when establishing new digital services - warning that schemes that failed to include multifactor authentication, multi-layered device and biometric intelligence at login risked allowing fraudsters to gain access to member accounts with just a few pieces of stolen information.

LexisNexis Risk Solutions fraud and identity expert Jason Lane-Sellers said: "Whenever you have a self-service portal or similar that centralises data, it's going to be a target for fraudsters wanting to gather information and then attack the end users to get them to commit transfers, cash-outs or other movements. Centralised systems, like the dashboard, are a source of pre-canned information potentially to facilitate the various attacks in the digital space.

"We've seen similar trends in other industries such as banking, finance, ecommerce, telecoms and more recently with BNPL (buy now, pay later). It's really important the pensions industry learns lessons from other sectors that are ahead of them on the digital journey, rather than waiting for a major breach and for the regulators to mandate action."

Key issues

The report identified two particular issues contributing to the lack of urgency among schemes - that trustees are not currently held accountable for protecting members from fraud; and regulations that create obligations around fraud and identity protection for workplace pensions have yet to be established.

The report also highlighted that many pension schemes' existing fraud prevention measures come too late in the online customer journey to adequately protect members.

LexisNexis Risk Solutions head of identity strategy Mark Little explained: "Most pension providers wait until the transfer of funds stage - where the loss of funds is most likely to occur - before undertaking serious identity verification or fraud checks. But fraud risks are present across the whole pensions customer journey.

"There are very real risks before this, that enable a fraudster to take over an account or modify the data to an extent where eventually, when it comes to the transfer of funds, the movement of funds is less suspicious."

Little added: "For better risk mitigation, fraud and identity checks need to take place early on in the process, to provide robust assurance that providers are dealing with a legitimate customer."

Pensions Administration Standards Association chair Kim Gubler commented on the report. She said: "Until now the pensions sector has been largely protected from widescale digital fraud, but that is about to change as the industry embraces digital transformation.

"You can guarantee the fraud community is waiting to exploit this opportunity. Prevention is better than a cure - we need to learn from other sectors that have been fighting this battle for a number of years, identify the weak points in the process and strengthen defences using data and technology to protect members - including being proactive in educating people about the risks."

More on Admin / Technology

PASA re-accredits seven corporate members

PASA re-accredits seven corporate members

Members include consultancies, law and trustee firms, LGPS funds, and the UKPNPS

Jasmine Urquhart
clock 09 May 2024 • 1 min read
PDP publishes updated data standards

PDP publishes updated data standards

Update sets out data requirements for finding and viewing pensions information

Jasmine Urquhart
clock 01 May 2024 • 1 min read
FCA publishes dashboard modification

FCA publishes dashboard modification

Modification means firms will be COBS 19.11 compliant when they connect to CDA

Jasmine Urquhart
clock 30 April 2024 • 1 min read
Trustpilot