Impersonation fraud risk flagged by pensions regulator

The recommendations were made by The Pensions Regulator (TPR) after “a heightened risk” of impersonation fraud was flagged in respect of members of UK pension schemes now living in Africa. The regulator said that particular risk had been identified by one of its own intelligence analysts seconded to Report Fraud, a service run by the City of London Police, with that analysis based largely on the data generated by reporting by pension professionals.

Pensions experts Hayley Goldstone and Charlotte Scholes of Pinsent Masons said the warning should trigger industry action.

Goldstone said: “Fraud is becoming increasingly common and the methods used are increasingly convincing. It is imperative that administrators are vigilant and tighten their security processes to protect scheme members.”

Scholes added: “For trustees and scheme administrators, this is a timely reminder to stress‑test identity verification and payment controls, particularly where members are overseas or where claims are time‑critical. Strong processes, well‑trained staff and healthy scepticism around documentation remain the most effective defences against increasingly sophisticated impersonation fraud.”

According to TPR, Report Fraud analysis has identified a year-on-year increase in reports of impersonation fraud impacting UK pension scheme members residing in Africa over the past decade. It said the “sharpest rise” in cases occurred last year.

The regulator said the fraud has been perpetrated a number of different ways, including via email hacking or interception of post, the creation of fake duplicate pension accounts, or by exploiting weak credentials, including an absence of two-factor authentication. In some cases, it added, fraudsters were able to divert funds belonging to deceased scheme members to alternative accounts before family members could stop them.

Pension scheme administrators and trustees have been urged to notify Report Fraud about cases of cyber crime and fraud and to educate scheme members about the risks of impersonation fraud, about actions they can take to strengthen online security, and about reporting channels open to them. They were also advised to take internal steps to address the risks.

“Review measures you have in place to adequately prevent identity fraud such as member identity and verification checks,” TPR said. “Make sure staff are appropriately trained to identify fraudulent documentation, especially for death and ill health claims.”

“Review and strengthen security for overseas post, think about how to make overseas post more secure – for example, you could use recorded delivery and avoid sending personal or sensitive information in envelopes that show your organisation’s name,” it added.