This is fraudscape 2023

The flagship intelligence report from Cifas, the UK’s Fraud Prevention Community

Start report


Welcome to this year’s edition of Fraudscape, which sets out the challenges and threats facing the fraud prevention community, and the areas on which we need to focus to fight fraud and financial crime together more effectively.

This report combines data from our National Fraud Database (NFD) and Internal Fraud Database (IFD), along with intelligence provided by Cifas members, partners and law enforcement. In 2022, our members prevented more than £1.3bn of fraud losses through the use of the NFD but we know we can help prevent and detect even more fraud and financial crime by developing a better understanding of key threats and enablers – which is the main purpose of this report.

Continuing uncertainty around the UK economy, the rise in the cost of living, and the increasing number of employees now working from home have provided a rich seam of opportunity for exploitation by criminals. These circumstances have also increased incentives for those who may be struggling financially to commit fraud in order to generate additional income during these difficult times. The trends that we have identified in 2022 are continuing into 2023 and we continue to see an increased risk of identity theft, first party fraud and internal fraud.

This background means that our role in protecting our members, the public, and the wider UK economy from fraud and financial crime is more important than ever. As the threat continues to evolve and threat actors innovate in order to fraudulently open and abuse accounts, steal identities and take over customer accounts, Cifas will accelerate development of new products and services to protect businesses and consumers.

We will also continue to educate young people and give them the skills to recognise the serious consequences of financial crime through our counter fraud lesson plans, and roll out our counter fraud training to many more employees, recognising their important role as the first line of defence against fraud and financial crime.

The sharing of data and intelligence across a broader coalition of organisations is one of the most effective defences we can put in place to prevent fraud, and Cifas is proud to bring together the counter fraud community from multiple sectors to create that defensive wall. Only by working together can we stem the rising tide of fraud and financial crime.

I hope that you find our analysis insightful and, more importantly, a call to action to strengthen your defences against fraud and financial crime.

Mike Haley
- Cifas CEO
Terms Explained


2022 saw an unprecedented 409,000 cases of fraudulent conduct recorded to the NFD – the highest volume of cases ever recorded. This is an increase of 14% (+48,840) on 2021 and up 12% (+44,738) on the number of cases recorded pre-pandemic.  

The highest ever volume of identity fraud cases was recorded in 2022 – over 277,000 cases. This is up by nearly a quarter – 23% – on 2021 and accounts for 68% of all cases on the NFD.

Misuse of facility is the second highest recorded case type, with over 70,000 cases – down 11% on 2021. Although a large proportion of cases are related to bank accounts, there has been an increase within the loans and plastic card sector.

68% of misuse of facility cases on bank accounts have intelligence indicative of money mule activity. The key age range for this continues to be 21-25 years, with social media a key enabler in the recruitment of mules.

False application increased by 40% compared to 2021, with nearly 24,000 cases, which is back to pre-pandemic levels. False documents are an issue, with a rise in false utility bills provided in false applications for products and services.

Levels of facility takeover are similar to 2021, with over 37,000 cases recorded. The online retail and telecom sectors are primarily targeted for facility takeover, as threat actors look to take over existing accounts to order goods to sell on.

294 individuals were recorded to the IFD, an increase of 9% on 2021, with employment application (unsuccessful) the main case type. A large number of these cases are related to concealment of information, such as hiding adverse credit history or employment history. The combination of rising living costs and remote working is a key challenge as employees may be tempted to supplement their incomes from dishonest conduct.

Main Findings podcast Cifas Commentary 6 Month Update 6 Month Analysis 6 Month Podcast


Identity fraud rose by nearly a quarter – 23% – in 2022 compared to 2021 (+51,499). Identity fraud cases have now reached an unprecedented level, accounting for 68% (277,234) of cases in 2022.

Impersonation – current address fraud accounts for 74% of filing reasons (206,534) and is up 16% on 2021 (+27,855). This filing reason is linked heavily to the plastic card sector, which has seen a 37% increase in 2022 (+13,390). There has been an 84% rise (+5,887) in false identities with organisations reporting the increased use of synthetic identities.

86% of identity fraud occurs through online channels, though there was a significant increase in cases linked to retailers (+132%, +9,732) and dealers (+246%, +4,530). This may be a direct result of threat actors trying to circumvent online identity verification controls.

Threat actors continue to target plastic cards in order to purchase goods that can be sold on. There has also been a rise in identity fraud against telecom products, where victim identities are used to purchase mobile phones to sell on.

Most victims are over 31 years, with those aged 61+ also seeing significant increases.

Identity Fraud Podcast Cifas Commentary


Misuse of facility is the second highest recorded case type, with over 70,000 cases – down 11% (-9,071) on 2021. Although a large proportion of cases relate to bank accounts, there was an increase within the loans and plastic card sector. In addition, there has been a growth in evasion of payment as well as fraudulent chargeback claims – which may be reflective of the current economic climate.

Misuse of loan products saw a 114% increase (+1,387) and plastic cards a 28% increase (+1,091) in 2022.

In 2022, 39,578 cases on bank accounts were recorded that hold intelligence indicative of money mule behaviour. This is a reduction from 2021 (-21%). However, these cases still account for 68% of misuse of bank accounts.

Although personal current accounts are mainly targeted (87% of products), there has been a 35% increase in personal savings – instant/easy access (+221).

The key age range for mule activity continues to be 21-25 years, with social media remaining a key enabler in the recruitment of mules.

Misuse of facility Podcast Cifas Commentary


Cases of facility takeover in 2022 are similar to volumes in 2021 (37,285 vs 37,305 cases).

Online retail is the most targeted product (38% of cases in 2022). This is due to many retailers offering credit before payment. Demand for credit card usage grew in 2022, highlighting increasing household reliance on credit as rising prices squeezed finances.

The telecom sector is the second most targeted sector (29% of cases). Of note is the 37% increase in plastic cards and, in particular, personal credit cards. A large number of these cases relate to unauthorised security/personal details change (49%).

Social engineering is a key enabler of facility takeover as threat actors engineer consumer and contact centre staff to understand the verification process in order to take over accounts. 64% of facility takeover cases occur through online channels and 26% through telephony channels.

Overall, most victims are over 41 years.

Facility Takeover Podcast Cifas Commentary

Insider threat

294 individuals were recorded to the IFD in 2022 – an increase of 9% from 2021 (268).

42% of cases are false employment application (unsuccessful), which is up 22% (+26) from 2021. Cases are mainly in relation to concealment of information, such as hidden adverse credit history (49%), address with adverse (14%) or employment history (12%).

39% of cases are dishonest actions, which is up slightly by 2% (+2) from 2021. Cases of dishonest actions are mainly linked to theft related incidents, such as theft of cash from employer (13%), theft of IT equipment (8%) and theft of cash from customer (7%).

57% of cases are discovered through internal controls (167), but there was a 27% increase in reports being made by the customer (+6).

Most individuals are between 21-30 years (44%), although there has been a 16% rise in those between 31-40 years (+15).

False references have significantly increased in 2022 (+375%, +15), which is largely in relation to the use of reference houses to facilitate false applications for employment in financial institutions.

Insider Threat Podcast Cifas Commentary

False Application

23,819 cases of false application were recorded in 2022, a rise of 40% compared with 2021. Increases were seen within the bank account sector, mortgage sector, asset finance and loans.

False documents account for 39% of filing reasons for false application and have risen by 109% (+4,840)

77% of false applications came through online channels, but there has been an increase in applications coming through combined channels – such as online applications being finalised in branch (+188%, +261). There has also been a rise in face-to-face channels (+27%, +198).

A large proportion of false documents identified in false applications are utility bills (40%) followed by bank statements (22%). The rise in false utility bills mainly relates to bank accounts.

False Application Podcast Cifas Commentary


  • Over 409,000 cases to the NFD in 2022 – the highest level ever recorded.

  • 68% of cases concerned identity fraud, demonstrating the challenge organisations face in verifying customers through digital channels. There was also rise in the use of synthetic identities to access products and deep fake technology used in document manipulation and voice manipulation. In 2023 it is important that organisations use a layered approach to verification to make it as difficult as possible for synthetic identities to be used.

  • High inflation in the UK may lead to more consumers becoming susceptible to phishing and smishing campaigns offering services to help with finances. There is an increased risk that threat actors will target consumers with existing products as lenders tighten affordability criteria on new applications due to economic uncertainty and high interest rates.

  • Social engineering of customers remains a common tactic, but there is increasing evidence of technology-driven threats, such as bot attacks targeting organisations to access customer accounts.

  • First party fraud will be an increasing threat in 2023 as consumers attempt to appear more creditworthy or are tempted to commit fraud to cope with rising living costs.

  • Challenging perceptions of first party fraud among consumers will require a cross-industry approach. The number of consumers falsely claiming a chargeback increased significantly over the last year, and there are guides available online providing instructions on how to commit such fraudulent conduct.

  • There is scope for an increase in authorised push payment fraud as consumers are targeted with false investment opportunities to generate income.

  • Mule recruitment will continue to be a challenge as mule recruiters convince account holders there will be no consequences for taking part in this type of activity, and coach them on how to respond if challenged by a bank.  

  • The insider threat should also be a priority due to the financial struggles brought about by the cost of living crisis that many employees may be experiencing.

  • Remote working has also made it difficult to manage the insider threat risk. It is essential that organisations carry out regular screening of staff and contractors, as well as wellbeing checks, to help mitigate these risks.


  • It is important that we fully understand the scale of the problem we face. Only through reporting can we fully understand the nature and size of the threat the UK faces and adjust our response accordingly. Find out how to report below.

  • Rising living costs, high inflation and interest rates may push consumers to commit fraudulent conduct. It is important that we coordinate our messaging to deter people and ensure they understand the consequences of engaging in fraudulent activity.

  • Members of the public are at more risk than ever of falling victim to fraud and scams. It is important that we encourage the public to take proactive steps to protect themselves, as outlined in the Take 5 campaign.

  • Businesses should ensure that they have robust cyber risk management protocols in place to protect themselves and their customers. There is a variety of information and tools that can support businesses and a selection are listed below.

Extra COntent

We are Cifas – we protect organisations from fraud and financial crime.

We provide a range of financial crime prevention solutions. For over 30 years we have been trusted by our partners to provide them with the systems and tools they need to detect and prevent fraud and financial crime, saving them billions of pounds in prevented losses.

We are a not-for-profit membership organisation that brings different sectors together for the common goal of eliminating fraud and financial crime. Over 600 organisations work with us, all benefiting from each other’s data, intelligence and learning – using the cutting edge financial crime prevention systems and tools we develop and deliver.

About Cifas

If you are interested in joining Cifas click here 

For more information about our digital learning, courses and qualifications click here

Want to know when new content is added – register to be notified  here