A quarter of UK adults have had their identity stolen or know someone who has fallen victim to ID fraud, a Which? magazine survey has suggested.
Identity theft could lead to theft from your bank account
Nevertheless, only one in three people said they shredded bills or used different passwords for every account.
ID thieves access accounts, run up bills, launder money, carry out benefit fraud and take out fraudulent loans.
ID fraud is one of the UK's fastest-growing crimes, with criminals netting an estimated £1.3bn last year.
The survey of 975 people found seven out of 10 favoured compulsory ID cards as a way to fight fraud.
Fraudsters use a host of methods to steal people's identities.
Methods range from the high-tech, such as sending emails containing viruses that access information on people's computers to rooting around in refuse to find old till receipts and bank statements.
Which? advises consumers to take care in how they dispose of their personal documents, guard their passwords and to check their bank accounts and credit files regularly.
To highlight how easy it can be to steal a person's ID, Which? researchers decided to try to steal the identity of a volunteer.
By accessing public documents and posing as the volunteer, the researcher managed to get hold of the volunteer's birth certificate, mother's maiden name, place of birth, mortgage details and even how often they went to the gym.
How to avoid ID theft
Do not use your mother's maiden name or place of birth as a security password
Check your credit record annually
If you move, make sure you let your bank know
Shred or rip-up post before throwing it in the bin
Never use the same password for all your accounts
Do not carry address details in your wallet
An attempt to access the volunteer's credit card account failed but only because the volunteer had not told his bank that he had recently changed address.
Which? editor Malcolm Coles called on banks and institutions to take greater care with people's details.
"Even a simple step taken by industry to stop accepting mother's maiden name and place of birth as default passwords would be a good start," Mr Coles said.
"It's too easy for fraudsters to get hold of this basic information, which is where the process of stealing an identity begins."
A year or two ago I became aware that someone had taken out a fraudulent loan in my name, at a previous address I had only just moved away from. This only became apparent when the telephone started ringing with a MOST unsavoury debt collection agency from another part of the country. The female caller was even threatening in parts of her phrasing. Thankfully after reporting the matter to the police and further help from Trading Standards, the matter was resolved. I would certainly echo the tip to always destroy or shred account-sensitive and address information.
Mark, Norwich, UK
Recently, my wife's debit card details were used to pilfer £1,200 from our joint account via an internet betting site. Luckily, the bank (HSBC) got onto it immediately and informed us the day that it happened, and we were able to get the money back into our account almost immediately. Still, we had to go to the Police and make a complaint etc.
Neither the bank nor the police could explain exactly how the fraudsters got our bank details, but my wife did get her bag and cards nicked a few years ago, so there could be a connection.
Richard, London, UK
I am getting reminder mobile phone bills for 2 people at my address that don't live there. I am worried that this might have an adverse effect on my credit rating, but I have no idea where to turn for help. Contacting the mobile company has changed nothing, the bills come all the time.
Paul, East London
I returned from New Zealand and checked my internet banking only to find someone was repeatedly using my credit card to recharge their phone card. They managed four transactions and my refunds took about two weeks to clear from the bank. If I had been relying on a monthly statement from a bank, they would have cleaned out my account. Internet banking allows you to regularly check for fake transactions.
David Lash, Shoreditch
Just before Christmas last year I had two sums of money debited from my current account which amounted to nearly £700. These were both found to be internet related transactions to companies which did not exist. How my bank authorised these transactions without reference to me or some security verification is still beyond my understanding. Furthermore my bank never supplied a satisfactory explanation as to how/why these transactions were debited to my account. It took three weeks for the money to be credited back into my account. Fortunately I have internet banking and check my account regularly but for those who are more lapse with their accounts they should beware.
Gary Taylor, Havant Hampshire
Someone used my address (not name) details to obtain 6 mobile phones on 3 networks and then proceeded to run up huge bills on 4 of the phones when those phone companies didn't do anything for weeks after I reported the issue. One of the companies (Orange) acted immediately and I never heard any more from them. The police did not want to know - no crime had been committed against me, they said, so the phone companies had to report the crime. 3 times I tried to report it to the police and they didn't want to know - not even when the phones were being used to phone numbers in Pakistan, Calais and the south coast as well as local calls. It has taken over 3 months for these two phone companies (3 and T-Mobile) to get the message that these phones had been obtained fraudulently and to stop sending bills and demands to my address - and not before one of the companies had passed the matter to a debt collection agency causing worry to my household.
Steve C, Solihull, England
On the flip side of the coin, I was recently very happy to have my first 'real' job after a year unemployed. I opened a new bank account, four months ago, and have had my salary paid three times since then with no problems. Last month my bank sent me a letter saying that they failed to take appropriate ID. I've moved since opening my account - into lodgings where I get no bills in my name. I can't provide them with anything they need. I've given them my passport, and even been responding to their letters sent to me at the address in question. Thanks to fraud, my bank account has been frozen two days after payday - and I'm stuck.
J Clarke, Ipswich
My dad used his credit card to pay for goods over the telephone. The person at the other end gave his details to another person who then copied the number onto another credit card and spent over £3000. Thank God for Chip and Pin this should now safe guard credit card fraud or at least reduce it.
I have not been a victim, but work on the other side, trying to prevent ID theft. One of the biggest issues is spy ware and keyboard loggers. If someone can get a keyboard logger onto your machine, they can record everything you type in. Even where banks use say two letters from an 8 character password, it will only take a few weeks to get the whole password. Then you may find all your money has been transferred abroad. Have a look at things like the online application for passports to see how much information a keyboard logger can capture.
William Tell, UK
The banks should accept some of the blame for this. They bombard customers with unwanted loan application forms, etc. containing personal information and then blame customers for this information getting out. I have asked my bank and credit card company to stop sending any mail apart from statements and still they come. It is about time financial services companies were forced to restrict the amount of such mail that they send out.
Richard, Birmingham UK
I was a victim of fraud from an address I lived at in Manchester after moving away two years earlier. Several application for loans and credit agreements were made, using only my name and an out-of-date address. No other details used were correct. Even with this (and my credit record showing agreements I had set up at a different addresses the other end of the country since moving), two companies issued credit in my name. Fortunately, another company, wrote to me to ask if I had requested an account they thought was suspect. Without their diligence, the situation would have become much worse before I found out, so I really give this company full marks. As it was, my access to credit was affected for over a year after (as additional checks on my identity were always needed). The moral is always use the mail preference service to delete your details from junk mailing lists and shred everything with your name and address on. Disappointingly, many people I know think I am just paranoid saying this and don't take any precautions against fraud.
I have recently fallen foul of a very serious case of ID fraud. My partner and I applied for a mortgage for a property we had fallen in love with. We both have a steady credit rating and good incomes and applied through a mortgage broker. He came back and told me that I had been refused by all of the lenders he had approached because I had been applying for loans, mortgages and credit cards from a variety of addresses all over the UK and I was being investigated for money laundering. This was the first I had heard of this and as a result not only can we not get a mortgage but we also have a blacklisted credit rating which cannot be overturned until I have received a credit report and then run through each and every application in my name. I have had no clear explanation of how this could happen and what I can do to get us out of this horrible situation.
My sister received a statement from her bank to say she had run up a £400 credit card bill on an American gaming site. The credit card had never been used before so could not have been copied. When she contacted the bank they wrote off the bill and sent a form to be signed asking her permission to pursue the matter.
Lisa , Newcastle UK
I fail to understand why credit card statements have the card number in full. A series of stars apart from the last four numbers would suffice .
Alan, Fishguard ,Wales
After having my identity stolen some years ago in a burglary, I remain cautious about providing any payment or banking details. As for secure Chip and Pin I think not. How incredibly easy is it to watch the four digits being entered at every retailer providing an open initiation for robbers, muggers and burglars to increase their pickings. To reduce card fraud - address the justice system - making penalties tougher means that crime would not pay.
Ian, Chichester, UK
People should take more care. I had my credit card details copied while in Copenhagen. The details were used in France and Germany to attempt purchase of electrical goods. Thankfully the credit card company were on the ball and declined all the transactions. I now have a new card and have also invested £9.99 on a paper shredder for all our household post.
A friend decided to take a year off of work and see the world. He rented his house out through a reputable company. The person who rented his house then contacted the post office to say the house sale had fallen through and not to redirect the mail. With the utility bills and details of his name they then opened bank accounts in his name and took out loans and credit cards. My friend only discovered what was happening when his bank account was frozen - by the time he had returned home the people had disappeared. The question is HOW can you stop this type of fraud.
Terry, Rayleigh, Essex
The idea that identity cards would make identity fraud more difficult is erroneous. Identity fraud is only possible because multiple organizations make use of the same data points (mother's maiden name, date of birth etc) to identify customers. An identity card scheme would give everybody a convenient unique numeric ID would could be used to identify them. Once a fraudster gains access to this number they would be able to inflict as much damage - if not more - than they can today. One only has to look at the much more widespread problem of identity fraud in the USA - which makes extensive use of Social Security numbers (the equivalent of NI numbers) for identification - to see how ID cards would be more likely to exacerbate rather than resolve this problem.
We need far better security control over obtaining credit, it is far too easy. We also need harsher penalties for the people stealing the identities. Most get a slap on the wrist. If you start throwing minimum jail sentences of 10 years at them, then they would soon stop.
Richard, Berkshire UK
I've been receiving bank statements, for the last six months, for a person that has never lived at this property. Concerned about this I reported it to the bank about ten times, at my own expense. Each time I was told to just return the letters to the bank and they will deal with it. They seemed to have no concern about the potential fraud that might be taking place. Needless to say returning the letters didn't stop them arriving through my letterbox. I've since had letters from a mobile phone company, in the same name, complaining of direct debits being refused. It seems that the banks are not trying hard enough to check on people's addresses before opening accounts. No wonder it's so easy for fraud to occur.
The new Pin machines for use with credit cards are wrongly designed in my view. Someone standing behind you can easily read the Pin number you are keying in. On the continent, the machine is covered by a shield that makes it much more difficult for anyone else to read your number.
A High Street bank sends me unsolicited loan/insurance application forms already printed with personal information. I have requested them to stop sending me what they call "Product Information" and still it comes. The banks don't understand that one mans product information is another's junk mail, and dangerous junk mail if not immediately shredded.
Ray Watson, Aberdeen
I ordered a new debit card before Christmas but never received it. Someone in my local area had stolen the card from the post and signed the back themselves. They spent £800 in nearby shops. They just said that they had forgotten the pin number, and signed their own signature. It took several phone calls to the bank to get the money put back as they said that it could not be done until the investigation was complete.
Kevin Williamson, Wigan, UK
I agree with Richard from Birmingham. I am bombard with unwanted loan and credit card application forms (normally three a week) containing personal information, with my name and details printed on the application form. The biggest joke so far is an offer that both my wife and I received a credit card offer from the same company on the same day. She was offered three times the level of borrowing as me. She had not had an income for four years, as she is a domestic goddess. There seams no way of stopping these companies sending out this junk mail.
Capital One advertise on TV to help protect against stealing identity fraud, but they send me a letters asking if I want a loan. It has all my details all over it although I do not bank with them. Who will get all this when I move home and where will it end up?
Matt Pemberton, Herts
Having been the victim of phone fraud (where somebody pretending to be the company's engineer and managed to use my landline for their own personal benefit, and when I got suspicious started taunting me)and possible credit card fraud (thankfully, the card company were on the ball and notified me)I now ensure that none of my bills can be used against me. They are turned into papier mache, then dried as blocks for firewood. It's secure and sustainable!
In early January two £500 withdrawals were made in one day on my current account. When I reported it to my bank, they said they would only offer extending the overdraft by £1,000 until it was resolved. They have a three-month backlog of fraud claims and will not be able to sort it out for many months. In the meantime, I have to pay the interest on the £1,000 overdraft. Clearly the banks are being swamped with the work to clean this up as well!
Mark Hillhouse, London, UK
A friend's credit card details were skimmed in a restaurant while on a business trip to Germany. Luckily, his bank picked up on the widespread locations the card number was being used in and contacted him. With one call he was able to cancel the card and never heard anything more on the matter.
My wife and I always hold onto bills or other account details and destroy them when lighting a fire. We also tend to use cash whenever possible. This also has the benefit of keeping credit card bills small. I keep myself aware of what a secure site should display when shopping on the internet. If this is missing then I don't use them.
Peter, Dublin, Ireland
I keep hearing that the majority of people want Identity cards to combat fraud. I'd be interested in hearing how this would work, because I just spent 20 years in America where they've had compulsory ID for decades, and it doesn't help there. This is just another way for the government to take away one of the last great freedoms of being British - we are the last industrial power in the world with Habeas Corpus guaranteed by the Magna Carta, plus we can't be forced to provide photographic identification on demand. I prefer it this way. I have not seen the benefits of the more draconian system.
Ray, Ashtead, Surrey
In the opening article it is stated that most people use one pin code for multiple accounts - of course they do otherwise how can you remember the codes for use with chip and pin ? Chip and pin is a smokescreen, it is not secure - I regularly see the person in front of me enter their code, but I am not a criminal. Also because I am not a criminal I object to any suggestion of being forced to carry ID cards. I am who I am and if anyone asks I'll tell them - that should be enough in a civilised society.
Ivan, St. Neots
I don't know how it is in the UK, but in the States, most of our unsolicited junk mail comes with a postage free envelope or card. I return all their sent junk back in their envelopes, and return the cards blank. They get the advantage of cheap, bulk rates to me, but receive mine with 1st class postage due. It gives me a bit of satisfaction!
Lois MacBird, La Grande, OR USA
The thing that scares me is that credit card companies (both in the UK & USA) send out cheques that are drawn from your credit card. So in an envelope that looks like marketing materials they are sending out live cheques completely unsolicited. Also, in the States everyone has access to your mortgage amount. We get at least 2 letters a week offering to move our mortgage balance of $xxx for a better APR. These days a shredder is an essential item.
Claire, Philadelphia, USA (Ex-UK)
It would help if companies didn't put all your details on the documents they sent you. I recently got a new credit card, on the letter was my: Name, Address, Card number, expiry date, start date. As they had put the card onto the letter so quickly after printing it, the ink on the secure 3 digit number on the back (supposedly there to stop people using cards without having them) was still wet, so had left a reverse image on the letter. Everything in one document ready for use by a fraudster.....straight in the shredder....but why all this info on one document?
Chris Jones, Wilts
On a recent trip away, I was visited more than one country. As I was paying for hotels and food on my credit card and this did not fit the regular pattern for my spending, at one point in my trip my credit card was frozen for a few days. However, it is nice to see that the big banks do detect and try to prevent fraud by monitor unusual activity.
James Robinson, Bristol UK
I've recently had my credit card details stolen and used to make a purchase of £2,000 worth of electrical goods on a website. Luckily, my credit card company picked up the transaction and contacted me. Within five minutes they had stopped my card and refused the payment. I was advised to report this to the police and duly did so, but was amazed at the paperwork that had to be completed and the time it took. I have my suspicions as to where I was when the details were stolen but there's very little that the police can do to follow up on that. No wonder with all the red tape and paperwork that has to be cut through to report a crime these days.
My credit card was used to pay for nine £500 online bets in one day. The issuer didn't pick this up. When I spotted it they cancelled the card and sent me a Chip and Pin one. The Pin arrived in the same post as the card.
Worried about people seeing you enter your PIN? Use this great product called your other hand to cover your action.
I had a bad incident in London when somebody scanned my credit card in a cash machine. The fraudster took out about £300 from my account. I was lucky that I checked my account. People, look carefully when you draw out cash from cash machines. This machine looked strange.
I received a letter from my bank charging me £30 for breaking my overdraft limit. I was a student at the time so this was not uncommon, but when I checked my account, someone had bought £400 worth of tickets from a box office in London in person. The bank staff were sceptical when I reported it, but I was on holiday at the time and I used the same card an hour before in a shop in Brussels and an hour after at a cashpoint in Antwerp so I was eventually refunded.
Steven Jones, Wigan