This is fraudscape 2024

The flagship intelligence report from Cifas, the UK’s Fraud Prevention Community

Start report


Welcome to this year’s edition of Fraudscape, which sets out the challenges and threats facing the fraud prevention community, as well as the areas on which we need to focus to fight fraud and financial crime together more effectively. This report combines data from our National Fraud Database (NFD) and Insider Threat Database (ITD), along with intelligence provided by Cifas members, partners and law enforcement.

In 2023, our members prevented more than £1.8 billion of fraud losses, but we know we can help prevent and detect even more fraud and financial crime by developing a better understanding of key threats and enablers. The information and intelligence included in Fraudscape is key to us doing that.

Continuing uncertainty around the UK economy, the rise in the cost of living, and the growth in hybrid working has provided a rich seam of opportunity for criminals to exploit. These circumstances have also increased incentives for those who may be struggling financially to commit fraud to generate additional income. The fraud trends we identified in 2023 continue into 2024, with an increased risk of identity theft, first party fraud and internal fraud.

Against this background, our role in protecting members, the public, and the wider UK economy from fraud and financial crime is now more important than ever. As the threat continues to evolve and threat actors innovate to fraudulently open and abuse accounts, steal identities and take over customer accounts, Cifas will accelerate development of new products and services to protect businesses and consumers.

We will also continue to educate young people to provide them with the skills to recognise the serious consequences of financial crime through our counter fraud lesson plans and roll out our counter-fraud training to many more employees, recognising their important role as the first line of defence against fraud and financial crime.

The sharing of data and intelligence across a broader coalition of organisations is one of the most effective defences we can put in place to prevent fraud, and we are proud to bring together a community of organisations from a wide variety of sectors to create a defensive wall against fraud.

I hope that you find our analysis insightful and, more importantly, a call to action to strengthen your defences against fraud and financial crime.

Mike Haley
- Cifas CEO


Following a surge of cases in 2022 (over 400,000 – the highest ever recorded), filings to the National Fraud Database (NFD) fell by 9% in 2023 to 374,160 cases. Despite this reduction, there were increases across the categories of facility takeover (+13%) and misuse of facility (+5%). Key increases in 2023 include a rise in asset conversion cases (+55%) and cases of facility takeover (+13%), particularly against telecommunication products and personal credit cards. Misuse of facility now accounts for one in five cases on the NFD (previously 17%) with the increase centred on pre-paid cards, asset finance-hire purchase, and Coronavirus Business Interruption Loans (CBILs) filings.

Moreover, NFD filings remain higher than 2021 by 4% (nearly 14,000 cases), with organisations recording a case to the NFD every two minutes, on average. Market conditions and the tightening of controls and lending criteria due to economic uncertainty, may be a driver behind the decline in filings in 2023.

Identity fraud continues to be the dominant case type recorded to the NFD (64% of filings, 237,642 cases). Increases were observed across personal bank accounts (+12%) with concerns centred on social media enablers and the growing threat of AI and sophisticated data harvesting techniques designed to exploit an array of cost-of-living pressures.

One in ten cases relate to facility takeover, which saw the largest volume increase across all case types (+4,809, +13%). Intelligence and NFD data support a shift in tactics, with threat actors increasingly targeting existing accounts to obtain new products or upgrades, particularly within the telecommunications sector.

Misuse of facility remains the second most dominant case type, now accounting for 21% of filings (73,459 cases), following a rise of 5%. A key driver is evasion of payment across several products. There was a 6% reduction in cases that held intelligence indicative of money muling, however, these cases still account for 65% of misuse of bank account filings.

False application cases fell by 17% overall, but there was an uplift against the loan (+36%), insurance (+20%) and telecommunication sectors (+17%). False documents (usually bank statements and utility bills) are the dominant filing reasons, with individuals filed for providing false information or omitting details to obtain products and services.

Filings to the Insider Threat Database (ITD) increased by 14% in 2023. The rise is focused on dishonest action by employees (49%), with many organisations citing increasing financial pressures as a driving factor behind the uplift. Most individuals filed to the ITD (38%) had been in their position for less than a year (previously 21%). This could be an early indication that employees are more willing to risk engaging in dishonest conduct in the early stages of employment although, equally, there are signs of improved controls and staff awareness, with cases detected by internal controls and staff up by 20% and 44% respectively.

What do the findings tell us? The key themes of 2024 Cifas Commentary

What do the findings tell us?

The key themes of 2024


Identity fraud cases are down 14% following a reduction across several sectors. However, identity fraud remains the dominant case type, accounting for 64% of filings (237,642 cases) in 2023; a slight decrease as a proportion of total filings compared to 2022 (68%).

Despite the overall reduction, bank accounts observed the largest increase (up 12%, +5,811), with personal current accounts being the most targeted. Plastic cards continue to be the most afflicted product, but also observed an 8% decrease.

The most notable reduction by volume was across telecommunications products (-49%) which can, in part, be explained by a shift in criminals targeting these products via facility takeover activity, as opposed to identity fraud.

Overall, impersonation involving a current address fraud accounts for 77% of filing reasons, however, this has decreased 11% compared to 2022.

Most victims of impersonation filed to the NFD continue to be over 61 years (accounting for 24%) in both 2022 and 2023, followed by 51-60 years (21%).

Of note, those aged 21-30 years saw an 11% increase. This is mainly linked to impersonations for mobile phones, personal credit cards and current accounts.

Cifas Commentary


In 2023, organisations filed 73,459 cases of misuse of facility. This represents a 5% increase (+3,261) compared to 2022.

Whilst bank accounts recorded a decrease (-2%), loan products recorded a notable increase (+82%), followed by asset finance (+45%) and plastic cards (+17%). Increases across loan products were due to an uplift in evasion payment of loans issued under the CBILs scheme (+2,727), whilst asset finance cases were centred on theft of assets and evasion of payment.

These increases were spread across several organisations, highlighting the impact of the cost-of-living pressures and individuals looking to avoid payments or financially gain from stealing assets.

Deep dive – Money mules

In 2023, 37,261 cases were recorded to the NFD that held intelligence indicative of money mule behaviour. This is down 6% from 2022 (39,611 cases).

Despite the reduction, these cases still account for 65% of misuse of bank account filings recorded to the NFD. Personal current accounts continue to be the dominant product impacted, accounting for 90% (previously 87%). Company current accounts observed a small reduction (-9%) and continue to account for just 6% of filings overall.  

Where recorded, most individuals filed for this type of behaviour are aged between 21-25 years (23%), which is consistent with 2022. The average age of filed individuals is 29 years, which is also identical to 2022. Of note, under 18 years was the only age group to record an increase (+43%, +425). Within this age group the largest increase was observed across those aged 16 years (+42%) and 17 years (+48%). The relatively low volumes from a small number of members make it difficult to determine any meaningful judgement about a potential shift towards younger age groups at this stage.

Cifas Commentary


Cases of facility takeover increased by 13% compared to 2022, which is primarily attributed to a 59% rise in filings from the telecommunications sector (+6,431). The online retail sector recorded the largest volume reduction but continues to be the second most impacted sector, accounting for 27% of cases (previously 38%).

The telecommunications sector is the most impacted for facility takeover filings, now accounting for 41% (previously 29%) of cases, following a spike in filings from several organisations. This increase partly reflects a shift in behaviour by criminals who are increasingly targeting mobile phone products for account takeover, compared to identity fraud in previous years.

Cifas Commentary

Insider threat

A total of 325 individuals were recorded to the ITD (Insider Threat Database) in 2023 (up 14%, +41). In contrast to 2022, the most dominant case type recorded is now dishonest action to obtain benefit by theft or deception which now accounts for nearly half of cases (49%, previously 39%).

Feedback from Cifas member organisations indicates that this could be a result of financial pressures in light of the cost-of-living crisis.

The second most prominent case type is false employment application (unsuccessful) which accounts for 33% compared to 44% in 2022.

Overall, cases detected through internal controls have increased by 20% but continue to account for a similar proportion to last year (56%). This increase could be linked to organisations adopting greater monitoring/controls.

Most subjects engaged in dishonest conduct (38%) had been in their position for less than a year (previously 21%). This might be an early indication subjects are more willing to risk engaging in dishonest conduct in the early stages of employment. Alternatively, it could be linked to an uplift in more effective internal controls.

  • 31% of those recorded for dishonest actions had been in employment for under one year, and 17% for over 10 years.

  • 64% of those recorded for account misconduct had been in employment for less than one year.

  • 80% of those recorded for bribery had been in employment for 10+ years.

  • 75% of those recorded for unlawful obtaining or disclosure of commercial data have been in employment for less than five years.

Cifas Commentary

False Application

In 2023, 19,840 false application cases were recorded to the NFD, representing a decrease of 17%.

This is primarily linked to a reduction across the bank account sector (-31%) which now accounts for 44% (previously 53%) of cases. Despite the overall reduction, there were increases across the loan (+25%), insurance (+20%), & telecoms sectors (+17%).

False documents recorded a 35% decrease, but this continues to be the dominant filing reason accounting for 30% (previously 39%). This reduction was spread across several sectors, but particularly bank accounts, with cases down 50% and fewer members recording this filing reason overall.

Falsifying proof of no claims rose 100% compared to 2022 (+878) and now accounts for 9% of cases when compared to 4% in 2022. This increase is attributed to several insurance members filing higher volumes in 2023.

False bank statements make up the largest proportion of filed documents (31%) followed by utility bills (28%).

Cifas Commentary


In 2023, 374,160 cases were recorded to the NFD, representing a decrease of 9% compared to 2022. Despite this reduction, levels are still higher than 2021 by 4% (an increase of nearly 14,000 cases). The reduction in filed cases must be viewed in the context of the unprecedented volumes seen in 2022, but also as a result of some members within certain sectors enhancing their controls and tightening their criteria for new products and services throughout economic uncertainty.

Many organisations are concerned about the potential growth in AI generated fraud, enabling sophisticated phishing scams and synthetic identities.

Social media continues to offer threat actors numerous opportunities to access new victims or recruit dishonest individuals into fraudulent conduct.

Organisations also report continued social engineering of vulnerable consumers struggling with the cost-of-living crisis to divulge their personal data, allow access to their accounts, or authorise the payment of funds into fake investment schemes.

The challenges of the current economic uncertainty are driving some employees to dishonest conduct and this, combined with hybrid working, is making supervision more difficult. There are, however, positive signs that improved controls, a focus on wellbeing and staff awareness are mitigating these risks.

Changes in UK regulation and legislation in 2023 bring opportunities and challenges across the fraud prevention landscape. These include the Payment Systems Regulator’s mandatory reimbursement requirements for Authorised Push Payment (APP) fraud, the Online Safety Act and the Economic Crime and Corporate Transparency Act 2023 (ECCTA). In addition, there are Bills in progress including the Data Protection and Digital Information Bill and the new Criminal Justice Bill which are likely to have an impact on counter-fraud efforts.


As the data in this report shows, the impact of fraud on individuals, businesses and the public sector has reached unprecedented levels. In order to drive down fraud we believe that action should be taken in five key areas:

  • Provide cross-government leadership in the response to fraud, including through creating a Minister for Economic Crime.

  • Improve the policing response to fraud through a ring-fenced fraud policing budget and by better harnessing the capabilities of the private sector to disrupt crime.

  • Enhance support to victims of fraud, including business victims and victims of identity fraud.

  • Modernise the criminal justice response to fraud, including through reviewing the law on identity theft.

  • Ensure social media and online platforms are included in the multi-sector response to fraud, including by implementing the Online Safety Act Code of Conduct.

The legislative and policy landscape

Extra COntent

We are Cifas – we protect organisations from fraud and financial crime.

We are a not-for-profit membership organisation that brings different sectors together for the common goal of eliminating fraud and financial crime. Over 700 organisations work with us, all benefiting from each other's data, intelligence and learning - using the cutting edge financial crime prevention systems and tools we develop and deliver.

For over 30 years we have been trusted by our partners to provide them with the systems and tools they need to detect and prevent fraud and financial crime, saving them billions of pounds in prevented losses.

About Cifas

If you are interested in joining Cifas click here 

For more information about our digital learning, courses and qualifications click here

Want to know when new content is added – register to be notified  here