The pensions sector is facing a looming digital pension fraud crisis that could see millions of pensioners scammed out of their retirement savings, according to a report from LexisNexis Risk Solutions and the Pensions Administration Standards Association (Pasa).
The report, Digital Pension Fraud: A looming crisis awaits, stated that industry experts were fearful that greater access to drawdown cash from pension savings as digital pension services become operational will leave savers highly vulnerable to a wide-scale wave of scams.
Given this, it warned the pensions sector against ‘burying its head in the sand’ on the issue of security around digital pension services.
LexisNexis and Pasa also noted that, with dashboards on the horizon, most schemes were in the process of implementing digital access for members.
However, they pointed to research that found only 29 per cent of schemes had implemented any electronic ID verification processes and 43 per cent had not tested the strength of their resilience to cybercrime.
The report therefore urged pension providers to implement robust fraud and identity checks upfront when establishing new digital services.
Schemes that did not include multifactor authentication, multi-layered device and biometric intelligence at login risked allowing scammers to gain access to member accounts with a few pieces of stolen information, the report warned.
It identified two key issues contributing to the lack of urgency amongst schemes: That trustees are not currently held accountable for protecting members from fraud, and that regulations that create obligations around fraud and identity protection for workplace pensions are yet to be established.
The report also highlighted that many pension schemes’ fraud prevention measures come too late in the online member journey to adequately protect them.
“Whenever you have a self-service portal or similar that centralises data, it's going to be a target for fraudsters wanting to gather information and then attack the end users to get them to commit transfers, cash-outs or other movements,” commented LexisNexis Risk Solutions fraud and identity expert, Jason Lane-Sellers.
“Centralised systems, like the dashboard, are a source of pre-canned information potentially to facilitate the various attacks in the digital space.
“We’ve seen similar trends in other industries such as banking, finance, ecommerce, telecoms and more recently with BNPL.
“It’s really important the pensions industry learns lessons from other sectors that are ahead of them on the digital journey, rather than waiting for a major breach and for the regulators to mandate action.”
Pasa director and chair, Kim Gubler, added: “Until now the pensions sector has been largely protected from widescale digital fraud, but that is about to change as the industry embraces digital transformation. You can guarantee the fraud community is waiting to exploit this opportunity.
“Prevention is better than a cure – we need to learn from other sectors that have been fighting this battle for a number of years, identify the weak points in the process and strengthen defences using data and technology to protect members – including being proactive in educating people about the risks.”
Recent Stories