The government agencies participating in the pilot were asked to provide de-identified statistics on the number of recorded instances of identity crime and misuse. Some agencies were only able to provide limited data, some were able to provide a few case studies, and some were able to provide both case studies and data. This section provides an overview of the responses that were received.
2.1 Number of identity crime incidents recorded by government agencies
Key finding: Identity crime incidents are detected by a range of government agencies across a wide variety of fraud types including: welfare, passport, immigration, conveyancing, taxation and other financial frauds. Offenders will often endeavour to use fraudulent identities against multiple different targets, including government agencies, financial institutions and non-government organisations. In light of the time and resources available during this pilot, it was only possible to collect data and information about the number of recorded incidents of identity crime against government agencies.
For the pilot, Australian Government agencies responsible for service delivery—i.e. Department of Human Services (DHS) and Australian Taxation Office (ATO)—or the issuing of identity credentials—i.e. Australian Passport Office (APO) and Department of Immigration and Border Protection (DIBP)—were able to provide some statistics1.
Using a stolen or fabricated identity, individuals can claim government benefits to which they are not entitled. For the pilot, data was sourced on the total number of fraud investigations in recent years, as well as the number identified as identity fraud (see Figures 9 and 10).
Case Study 4 (March 2009): Identity fraud against the Department of Human ServicesFollowing the Victorian bushfires in February 2009, a 55 year old man created 112 fictitious identities that were used to claim disaster relief payments totalling $116,800. The man was convicted of two counts of obtaining property by deception and was sentenced to 3 years and 9 months imprisonment and ordered to repay the money he had obtained.
Commonwealth Director of Public Prosecutions, 2009–10 Annual Report. Available at:
http://www.cdpp.gov.au/case-reports/george-hebaiter/ Figure 9: Total number of DHS fraud investigations and total value, by year, 2007-08 to 2012–13
Source: DHS 2009, 2010, 2011, 2012, 2013 and unpublished data.
Figure 10: Total number of DHS identity fraud investigations and total value, by year, 2007-08 to 2012–13
Source: DHS 2009, 2010, 2011, 2012, 2013 and unpublished data.
In 2010–11 DHS (Centrelink) implemented a new intelligence database and case management system to record details of cases of suspected fraud that progressed to an investigation or evaluation. This is a subset of an unknown larger number of cases that were submitted to DHS investigators for review.
The total number of DHS fraud investigations has declined over the three years to 2012–13: from 5,664 investigations in 2010–11, to 3,294 investigations in 2012–13. Over the same period, the number of DHS identity fraud investigations have also declined from 1,920 incidents in 2010–11, to just 218 incidents in 2012–13. This is a decrease in incidents of 42 percent and 89 percent respectively.
Before 2010–11, DHS (Centrelink) systems recorded all cases of suspected fraud, including those that did not progress to formal investigation or prosecution. While these figures are not directly comparable with data from 2010–11 onwards, they do indicate a consistent decline in the number of fraud incidents detected by DHS over the last six years.
During the three years from 2007-08 to 2009–10, total DHS fraud investigations declined from 35,885 (valued at $140m) to 22,693 (valued at $103m) (see Figure 9). Over the same period, the number of DHS identity fraud investigations have also declined from 11,399 incidents in 2007-08 (valued at $20m), to 7,333 incidents (valued at $9m) in 2009–10 (see Figure 10). This is a decrease in incidents of 37 percent and 36 percent respectively.
These declines are partly associated with increased government funding that enhanced the specialised fraud investigation teams within DHS. This has meant that frauds are now detected sooner, before large debts can be accumulated. Another driver for the apparent decline in both the incidence and value of detected frauds was changes in both the overall quantum of cases being reported, along with changes in the way the cases were classified and processed.
Taxation identity fraud
As part of a suite of initiatives designed to detect fraud and identity crime, the ATO uses their Identity Crime Model to flag suspicious cases for further review before they are processed. In 2010–11, the ATO identified 6,427 income tax returns that involved identity fraud, with a combined value of $15 million (see Figure 11).
In 2011, the ATO further re-engineered processes relating to the potential compromise of TFNs. This followed recommendations by the Commonwealth Ombudsman after an investigation into the way the ATO responded to incidents where TFNs were compromised or incorrectly linked (Commonwealth Ombudsman 2010).
These changes resulted in increased detections of potential TFN identity fraud cases, from 12,669 in 2009–10 to 31,249 in 2010–11 (see Figure 11). Advice provided by the ATO outlined that this increase can be attributed to a combination of an actual rise in the incidence of identity crime as well as improved fraud-detection processes.
Figure 11: Taxation identity fraud incidents (income and TFNs) and value of protected revenue
Source: Australian Taxation Office unpublished data
The AIC also regularly reports on fraud against Commonwealth agencies. In the most recent Fraud Against the Commonwealth 2009–2010 Annual Report to Government (Lindley, Jorna & Smith 2012), a total of 2,859 external fraud incidents involving the unauthorised use of another person’s TFN or Australian Business Number were reported.
Case Study 5 (February 2011): Identity fraud against the Australian Taxation Office The offender believed he could boost his income by creating 17 bogus companies and submitting fraudulent activity statements for each of them. Using the GST Identity Fraud Model, the ATO quickly identified his claims as suspect. Once detected, the ATO undertook a detailed investigation where it became evident that a serious offence had occurred. The offender was charged with obtaining and attempting to obtain a financial benefit by deception, was sentenced to five years imprisonment and had to pay $312,075 in reparations. Australian Taxation Office, 2011—Targeting tax crime: A whole-of-government approach. Available at: http://www.ato.gov.au/General/Tax-evasion-and-crime/In-detail/Targeting-Tax-Crime-magazine/2011/Targeting-tax-crime--A-whole-of-government-approach---February-2011/?page=8
Immigration identity fraud
The Department of Immigration and Border Protection (DIBP) collects a variety of statistics on fraud and identity crime related to immigration visas. For the pilot, the DIBP supplied data on the number of visa cancellations and visa application refusals due to fraud (see Figure 12). These statistics relate to fraud generally, as well as cases further categorised as identity fraud, which includes instances where a person has altered an aspect of their biographical data in an effort to facilitate entry to Australia.
Figure 12: Immigration fraud and identity fraud incidents, by type and year, 2010–11 to 2013–14
a: 618 visa cancellations due to fraud as at 31 December 2012
b: 242 identity frauds detected between 1 July and 31 December 2013
Source: Department of Immigration and Border Protection unpublished data.
In 2010–11, 665 visas were cancelled as a result of fraud, with the number likely to be higher in 2011–12, as the 618 cases presented are only the number of detected frauds in the first half of the 2011–12 financial year. The DIBP also provided data on the number of identity frauds against visas, with 573 recorded incidents in 2012–13, and a further 242 incidents in the first half of the 2013–14 financial year.
Passport identity fraud
In 2012, the Australian National Audit Office (ANAO) published an audit report that examined the management of e-passports, which included analysis of new passport frauds and the way they were detected (see Figure 13) (ANAO 2012). These new passport frauds relate to instances where individuals have sought to obtain a passport issued in another name or have a second passport issued. The number of detected fraud cases involving new e-passports increased from 178 in 2003–04 to 849 in 2010–11 (ANAO 2012; 67). This increase is attributed to a combination of the increasing number of passports that are issued each year (up from 1.1 million in 2003-04 to 1.8 million in 2010–11) and greater investigative capability, rather than to an increase in the rate or incidence of fraud (ANAO 2012; 68–69).
Figure 13: Passport frauds, by detection method and year, 2003-04 to 2010–11
Notes: ‘Other’ detection methods include up to 12 other categories such as fraud detected at the border, by other agencies such as the AFP and information from informers.
PICs stands for Passport Issuance and Control system.
Source: ANAO 2012
For this pilot, DFAT analysed passport records between 2010–11 and 2011–12 and reported the number of identity-related passport frauds (see Table 1), that is those cases where an individual has supported a passport application with fraudulent credentials.
Table 1: Identity-related passport frauds, by year, 201011 and 2011–12
Identity fraud against passport
Source: DFAT—APO unpublished data
Lost and stolen passports
Another method for undertaking identity-related passport fraud is to obtain a genuinely issued passport that has been lost or stolen and then modify the information and/or image contained within the document to create a ‘new’ credential.
In 2010–11, 34,681 Australian passports were reported as lost or stolen. As soon as a passport is reported as lost or stolen, DFAT will record the passport number and then cancel it to ensure that it cannot be used for travel purposes. These passports could, however, continue to be fraudulently presented in the community more broadly, and would only be detected where they are verified through systems such as the DVS.
DFAT has indicated that older passports, which could more easily be altered by professional document forgers, have now been phased out. There are no known instances where an individual has successfully altered the electronic chip in newer generations of e-passports, which have been issued since late 2005. As the older generation passports expire, all Australians will transition to the new e-passports. This is expected to occur by early 2016.
Identity fraud detected by state and territory police
Requests were sent to all state and territory police agencies to obtain data on the number of recorded identity crime incidents and related offences (e.g. fraud, forgery and impersonation). Within the three-month data collection period, only the Queensland Police Service (QPS) was able to provide relevant statistics from its QPRIME data recording system (see Figure 14).
Note: This data is preliminary and may be subject to change.
Source: Queensland Police Service
The QPS data indicate that while most categories of fraud offences have remained relatively stable over recent years, frauds involving credit/bank cards increased from 3,101 in 2008–09 to 6,155 in 2012–13, an increase of almost 200 percent.
Police data systems record crimes under the Australian Bureau of Statistics standard offence classification codes, known as the Australian and New Zealand Standard Offence Classification (ANZSOC) 2011 (ABS 2011). While there are specific ANZSOC codes that relate to fraud, deception and forgery offences, there are no specific codes that apply to identity crimes such as stealing someone’s identity or possessing a fraudulent identity credential. Identity crimes are usually recorded under broader offence categories such as fraud.
As such, it was not feasible for the pilot to identify the number of fraud offences recorded by all police agencies that were identity crimes. This would have required detailed analysis, and in some cases manual counts, of thousands of records.
Despite these limitations, it is possible to use the QPS data to calculate an approximate estimate of the total number of frauds detected by police across Australia, as well as the number and proportion of these incidents that involve identity crimes.
Across the five years for which QPS data were provided (2008–09 to 2012–13) there was an annual average of 11,770 fraud offences detected. Based on the proportion of Australians that live in Queensland (20% as at 30 June 2013), a national fraud estimate can be calculated by multiplying the Queensland figure by five. This produces a rough national estimate of 58,851 frauds detected by police in 2012–13.
In the United Kingdom, the Credit Industry Fraud Avoidance Service (CIFAS) observed that a considerable proportion of all fraud can be classified as identity crime, in that ’50 percent of all frauds identified during 2012 relate to the impersonation of an innocent victim or the use of completely false identities’ (CIFAS 2012). Within Australia, the Australian Federal Police has previously estimated that the proportion of fraud that is identity crime would be in the region of 25 percent (House of Representatives Standing Committee on Economic Finance and Public Administration 2000; EFPA 164).
Assuming that between 25–50 percent of the estimated national fraud figure calculated above (58,851 frauds) is identity crime, then there was somewhere in the order of 15,000–30,000 identity crimes detected by police in Australia in 2012–13.
The experience of the joint AFP/NSW Police Identity Security Strike Team indicates that a single identity crime investigation can involve around 2,000 fraudulent identities that, in turn, can be used to facilitate hundreds of different offences, which may or may not be fully identified.
Given that false or stolen identities are used to facilitate such a broad range of other criminal activities, it is highly likely that the above estimates represent only a proportion of the true number of identity crimes committed in Australia each year.
Identity fraud detected by registries of births, deaths and marriages (RBDM)
When a birth, death or marriage occurs in Australia, the event and the parties involved are registered with the relevant RBDM, with the details recorded on the appropriate certificate. These certificates are relied upon as documentary evidence of both the commencement of an identity (i.e. birth certificates) and of changes to identity details over time (i.e. marriage and change of name certificates).
For the pilot, all of the state and territory RBDMs were asked to provide data on the number of incidents of identity crime and misuse involving certificates that they issue. Only Western Australia and New South Wales RBDMs were able to provide relevant statistics (see Table 2).
Table 2: Incidents of identity crime and misuse involving RBDM certificates, by year
Source: New South Wales & Western Australian Registry of Births, Deaths and Marriages
The number of birth certificates recorded as fraudulent is far less than one percent of the total number of birth certificates that are issued in just one year. For example, in 2012 there were over 95,000 births registered in New South Wales (NSW RBDM 2013) and in the same year only 59 birth certificates were recorded as fraudulent or containing unauthorised amendments.
The price of fraudulent birth certificates indicates that these documents are more widely available than these figures would otherwise indicate. This is likely because most government agencies and private sector organisations do not have arrangements in place to notify the relevant RBDM when they detect a certificate that is suspected to be fraudulent. It is likely, therefore, that RBDMs are not notified of the majority of incidents involving fraudulent versions of their certificates.
Driver licence fraud
While not initially intended to be used as an identity document, in practice driver licences have arguably become the key identity credentials used by Australians. Of the eight road transport and licensing agencies that were approached during the pilot, only Roads Corporation Victoria (VicRoads) and the South Australian Department of Transport advised that they had data and information about incidents of identity fraud. Media reports also indicate that VicRoads and the WA Department of Transport have recently undertaken projects to use facial recognition technology to help identify fraudulent driver licences (see Case Study 6). However, no statistics on fraudulent licences were able to be provided by any road agency before the completion of the pilot exercise.
Case Study 6 (October 2012): False Victoria driver licences detected through facial biometric auditing Following a 2007 Ombudsman’s report that found the driver licensing system was vulnerable to corruption, VicRoads used facial recognition software over a four year period (2007–2010) to audit around 700,000 driver licences. The audit identified 600 suspected frauds that were referred to police. Source: The Australian, 29 October, 2012
Purchasing a property is the highest value transaction that most Australians will undertake in their lifetime. To help guard against fraud in property transactions, land titles agencies, conveyancers and other property professionals need to take reasonable steps to verify the identity of their clients. In all jurisdictions, there are legislative protections for cases of conveyancing identity fraud under which the relevant state or territory government can compensate the affected property owner. While no quantitative data was available on incidents of identity crime among conveyancing transactions, there are a number of cases that have come to public attention (for example see Case Study 7).
Case Study 7 (June 2010): Fraudulent property sale
Using fraudulent identity documents in the owner’s name, Nigerian-based scammers successfully convinced a Perth real estate agent to sell an investment property worth $485,000. The owner of the property, who was living in Cape Town at the time, was only alerted to the fraud when the offenders also tried to sell his primary residence and he was contacted by a concerned neighbour.
Based on the available data provided by a handful of government agencies, it is hard to make definitive conclusions about identity crime trends, or to establish a reliable baseline of identity crime against government agencies. Certain types of identity crimes, such as taxation and passport identity frauds, have been increasing considerably in recent years. On the other hand, an examination of data on identity-related benefits fraud reveals that both the number of investigations and values involved have been declining in recent years.
Overall, findings indicate that where agencies have recently developed new approaches to detecting identity crime, such as the ATO’s Identity Crime Model, the number of detected incidents has increased.