This is fraudscape 2022

The flagship intelligence report from Cifas, the UK’s Fraud Prevention Community

Start report


Welcome to this year’s edition of Fraudscape, which is key to understanding the challenges and threats we face as a community, and which areas we need to focus on to fight fraud together.

This report combines data from our National Fraud Database (NFD) and Internal Fraud Database (IFD), along with intelligence provided by Cifas members, partners and law enforcement. In 2021, Cifas members saved over £1.3bn through prevented fraud losses, but we know we can prevent and detect even more fraud by developing a better understanding of key fraud threats and enablers – which is the main purpose of this report.

Despite the obstacles brought about by last year, we recognise that 2022 brings its own unique challenges and threats. New ways of working as well as ongoing uncertainty around the UK economy and the rise in the cost of living will almost certainly provide a rich seam of opportunity for fraudsters.

In addition, those struggling financially may be tempted to commit fraud in order to generate additional income during these difficult times.

As the UK’s leading fraud prevention service, our role in protecting Cifas members, stakeholders and the public from fraud has never been more important. Now is the time for the fraud prevention community and the wider UK public to collaborate and deliver a targeted and proactive approach to stop fraud. Let’s take the fight to fraud. 

Mike Haley
- Cifas CEO
Terms Explained


2021 saw over 360,000 cases of fraudulent conduct recorded to the NFD, which is close to pre-pandemic levels. 

Identity fraud remains a key threat and the number of cases recorded has grown by 22% (226,000) in 2021.

Cases of misuse of facility accounted for over a fifth of cases (79,000) recorded in 2021.

A rise in the misuse of plastic cards has also been identified with the most common reason for filing being payment fraud. As living costs increase there is concern that volumes will increase. 

Facility takeover accounted for 11% of cases on the NFD with a particular impact on the telecoms and online retail sectors. 

Of concern is the growing rise in facility takeover cases involving plastic cards and bank account products. 

The insider threat remains a significant concern. In 2021 there was growth in the number of false applications where individuals concealed adverse credit or previous employment. Organisations also face real challenges as remote and hybrid working become embedded with instances of employees abusing personal and sensitive information and the theft of IT equipment being identified. 

What do the findings tell us? 2022 Half Year Figures 2022 Half Year Figures - Analysis


Identity fraud remains a key threat and the number of cases recorded has grown by 22% (to 226,000 cases) in 2021, accounting for 63% of all cases recorded to the NFD.

91% of identity fraud cases occurred via an online channel.

Although identity fraud mainly impacts the plastic card and banking sectors, the online retail and loans sectors have also been particularly targeted.

Attempts to access loan products saw a 39% increase, with unsecured personal loans heavily targeted. Although two thirds of attempts were not granted, loans will continue to be a target in light of rising living costs.

Overall, 24% of victims are aged over 61 and this age group is disproportionately targeted for plastic cards and bank accounts.

There has been a 53% rise in those aged between 31 and 40 years targeted for asset finance products and those aged between 51 and 60 years are more likely to be targeted for insurance products.

There has been a 7% rise in companies being impersonated, predominantly for telecoms or loans products.

Analysis Cifas Commentary identity fraud case study


Misuse of facility accounts for just over a fifth of cases, with over 79,000 cases recorded and up 17% on 2020

Most misuse cases are in relation to bank accounts (88%) and these have increased by a third. 

72% of misuse on bank accounts has intelligence that indicates mule activity and these cases have risen by 24% in 2021 compared to 2020. Although the majority of cases are in relation to personal accounts, there has been a 24% increase in the abuse of company accounts for this type of activity.

A large proportion of subjects recorded for this type of activity are aged between 21 and 30 years. However, there has also been a 19% rise in those aged under 21 years.

The rise in cases indicating mule activity may be aligned to ongoing problems with authorised push payment fraud (APP). Mule accounts are often needed to transfer funds gained from illegal activities such as scams and then transferred on to facilitate serious and organised crime.

Analysis Cifas Commentary


Over 37,000 cases of facility takeover were recorded in 2021, similar to 2020 levels. Although the majority of cases impact the telecoms and online retail sectors, 2021 saw 19% growth in cases in the plastic card sector. 

Overall, a large proportion of cases have occurred online (47%) or through telephony channels (43%).

A large number of the cases recorded are in relation to unauthorised security or personal detail changes to the account. There has been a rise in unauthorised facility upgrade particularly targeting the telecoms sector. Victims have been duped into believing they are talking to their provider and are coerced into agreeing to false upgrades so criminals can fraudulently obtain handsets.

Overall, a large proportion of victims of takeover tend to be aged over 41 years. Those aged between 31 and 40 years are more likely to be targeted for online retail products, whereas those aged between 41 and 50 years are more likely to be targeted for telecoms products.

Analysis Cifas Commentary

Insider threat

Nearly 270 individuals were recorded to the Enhanced Internal Fraud Database in 2021. 41% of cases were in relation to dishonest actions, with the majority of filings in relation to theft of cash from the employer. 

There has been a rise in theft of IT equipment. This may be due to reduced controls to monitor staff who are working in a remote or hybrid environment. There have also been examples of staff exiting a business and not returning items provided to them. Most individuals worked within branch or within the contact centre.

False employment application (unsuccessful) accounts for 39% of cases and has increased by 10% since 2020. A large number of filings were in relation to hiding information on applications, such as adverse credit history, concealed address with adverse and concealed employment history.

Overall, a large proportion of those recorded are aged between 21 and 30 years. However, there has been a noted increase in those aged between 41 and 50 years being recorded. There was a 27% increase in those aged between 41 and 50 for dishonest actions. 87% of these people had been in employment 10 years or more.

There was a 33% increase in those aged 31 to 40 for unlawful obtaining or disclosure of commercial data. 57% had been in employment for over 10 years.

Analysis Cifas Commentary The benefits of ongoing monitoring


  • Volumes of cases recorded to the NFD are close to pre-pandemic levels, with over 360,000 cases. 

  • Identity fraud volumes reached over 226,000 cases and account for 63% of all NFD cases – up 22% from 2020. 

  • The sophistication of cyber enabled attacks such as phishing and smishing continues to grow, as does the quality of false documentation provided to support subsequent fraudulent applications.

  • There is a real concern that due to the rise in living costs, criminals will look to target loan products and deferred credit services and exploit those who have more relaxed criteria than others. 

  • Misuse of facility accounts for just over a fifth of cases, with over 79,000 cases recorded, and is up 17% on last year. The majority of cases are in relation to bank accounts, with 72% of cases holding intelligence indicative of mule activity. 

  • There has also been a rise in misuse on plastic cards, with the main filing reason of payment fraud. The sector may be targeted in light of economic stresses experienced in the UK due to rising living costs.

  • Facility takeover has declined slightly by 3%, but 37,000 cases were still recorded.

  • 2021 saw a growth in facility takeover cases in the plastic card sector. 

  • Insider threat still remains a key concern. 2021 saw a growth in false employment application (unsuccessful), particularly in relation to concealing details of adverse credit and/or employment history. 

  • Organisations must ensure that as remote/hybrid working agreements develop and increase in popularity, their policies and procedures are fit for purpose. 

  • The increase in the cost of living may tempt staff members into committing dishonest conduct or becoming more vulnerable to staff approaches. It is therefore essential to have appropriate monitoring in place to audit employee behaviour and ensure wellbeing checks are carried out regularly. 

  • A significant concern is the rise in insider threat as a service, where individuals are actively recruited to work in particular roles to carry our dishonest activity and exploit policies and procedures.


  • It is important that we all report fraud. Only through reporting can we fully understand the nature and scale of the threat the UK faces and adjust our response accordingly. Find out how to report below. 

  • It is important that we all report fraud. Only through reporting can we fully understand the nature and scale of the threat the UK faces and adjust our response accordingly. Find out how to report below. 

  • In uncertain times and with rising living costs many people may be tempted to commit fraud. It is important that we coordinate our messaging to deter people and ensure they understand the consequences of engaging in fraudulent activity. 

  • Members of the public are at more risk than ever of falling victim to fraud and scams. It is important that we encourage the public to take proactive steps to protect themselves as outlined in the Take 5 campaign

  • Businesses should ensure that they have robust cyber risk management protocols in place to protect themselves and their customers. There is a variety of information and tools that can support business and a selection are listed below. 



For any press enquiries please contact  

About Cifas

Cifas is the UK’s fraud prevention community. For over 30 years we have worked with hundreds of organisations to stop fraud and our community is made up of hundreds of organisations from across the sectors, including most banks, credit providers and telecommunication companies. We lead the fight against fraud by sharing data and intelligence, and provide a secure and established home for:

  • Trusted data of unparalleled depth and diversity – hosting the largest databases of fraud risk in the UK.

  • Dynamic intelligence to understand the fraud threat landscape now and in the future.

  • A vast network of organisations and people with a stake in fraud prevention.

  • Accredited education and trusted training for organisations and individuals.

If you are interested in joining Cifas click here 

For more information about our Fraud and Cyber Academy click here

This year will be the first time we regularly update information to Fraudscape over the course of the next 12 months. If you would like to receive notifications when new content is added to Fraudscape let us know here

Join us on the 5th July and the 19th July for two exclusive webinars. Register to attend here