Identity Theft in the Security Sector: An immediate threat to act on

In this article we will briefly unpack how identity theft is impacting the Security Sector – and what a massive risk that poses. While Security Sector providers are employing due diligence to verify the identities of recruits, the official bodies of this industry are letting them down.

Our continued risk assessments indicate a sharp increase in both the prevalence and adeptness of identity fraud/identity theft within the Private Security Industry.  These occurrences expose our clients, the security industry and clients to a wide array of risks, including the deployment of untrained and undocumented “Security Officers”.

What is identity theft?

Identity theft generally occurs when another person creates the impression of being someone else. They will typically do this by linking their biometric information to the details of another, e.g. photographs, etc. A fraudster will subsequently link his/her photograph to the details of a properly trained and registered security officer, thereby utilising his/her identity number, name, PSIRA number etc.

The risk of identity theft in the Security Sector

The prevalence and severity of these occurrences place identity fraud/theft amongst the highest priority risks within the Private Security Industry and deserves immediate attention by all participants within the security sector.

Most, if not all, security service providers employ the following due diligence process during their take-on process of new applicants:

• Inspecting the Applicant’s original Identity Document
• Retaining a copy of the applicant’s Identity Document for assurance purposes
• Inspecting the Applicant’s PSIRA Registration Certificate
• Verifying the Applicant’s PSIRA Registration Certificate against his/her identity document
• Retaining a copy of the applicant’s PSIRA Registration Certificate for assurance purposes
• Inspecting the Applicant’s Training Certificate
• Verifying the Applicant’s Training Certificate against his/her identification document
• Retaining a copy of the applicant’s Training Certificate for assurance purposes
• Conducting an online individual verification through PSIRA’s records in respect of the applicant’s identity
• Conducting an online individual verification through PSIRA’s records in respect of the applicant’s training
• Conducting an online individual verification through PSIRA’s records in respect of the applicant’s registration status
• Retaining a copy of the applicant’s PSIRA verification for assurance purposes

Assessing the risks of identity theft in the Security Sector

Proper due diligence, as a general rule, is dependent on verification from independent or third-party sources.

As explained above, identity theft generally occurs when another person creates the impression of being someone else by linking their biometric information to the details of another. A fraudster will subsequently link his/her photograph to the details of a properly trained and registered security officer, thereby utilising his/her identity number, name, PSIRA number, etc.

Proper due diligence during the “take-on” process of an application is therefore dependent on the physical identification of the applicant – either through a photograph or another biometric identifier.

No biometric identification system is currently available to Security Businesses and as a result they must rely on photographs from external photographs/images for proper applicant verification. Only three independent sources are available to Security Service providers: identity documents, PSIRA individual verification, and PSIRA Identity Cards.

Fraudulent IDs used for identity theft

Fraudulant Identity Documents form the basis for most, if not all, cases of identity fraud/theft. The skillful and refined manner in which these documents are counterfeited makes it impossible for everyday citizens, even police officers, to identify.

Security Service providers are subsequently forced to seek verification at another source.

PSIRA Registration Certificates and identity theft

Although the Private Security Industry Regulatory Authority (PSIRA) has both the means and information to emboss its registration certificates with a photographic impression of the security officer, they are not doing so.

Doing so would ensure that even renewed registration certificates will verify the true identity of the security officers.

PSIRA Individual Online Verification

A similar situation presents itself as with the PSIRA Registration Certificates. The individual online verification system of PSIRA did contain photographic impressions of the security officer in the past, but unfortunately, this was not updated or renewed and most (if not all) records are without any photographic material.

PSIRA Identification Certificates

PSIRA Identification Certificates are required to include a photograph of the Security Service provider (Regulation 9) and expire from time to time, which would make it most suited to prevent identity theft and fraud. However, there are some challenges with this which we’ll discuss next.

PSIRA’s Contribution

Upon first registration, each applicant with PSIRA is required to present a Home Affairs National Identification System (HANIS) certificate, as well as recent identity documents. During the renewal of their registration and identification documents, applicants are again required to provide PSIRA with recent photographs. PSIRA is subsequently in possession of the most recent identifiers of each registered and trained security service provider within the industry and can play a significant role in reducing identity theft /fraud.

These identifiers have, however, proved to be almost inaccessible by stakeholders because:

• It is not published on the individual verification system, which could easily be resolved by changes to PSIRA’s information system
• PSIRA Registration Certificates are not endorsed with photographic identifiers while it is rather easy to implement
  • The renewal and re-issue of PSIRA Registration and Identification Certificates are severely delayed by:
  • Shortages of required stationery. for example during February 2021 where the Government Printers neglected to provide PSIRA with the required stationery to issue Certificates
  • Technical difficulties experienced with the online appointment system
  • Restricted access to the PSIRA Offices due to the COVID Pandemic
  • Various other difficulties like specialised printers not functioning

Is PSIRA fulfilling its object and function?

The Private Security Regulation Act is a cornerstone in the Compliance Universe of the Private Security Industry. Section 25, read together with Regulation 9, enjoins to Authority to issue Identification Certificates to security officers. The objects and functions ascribed to the Authority further enjoin it to promote a legitimate private security industry, protect the interests of the users of security services, and take steps to achieve its objectives with the means at its disposal.

One question remains

Why would PSIRA neglect or refuse to endorse its online verification system with photographic material to increase compliance levels, especially in the wake of increased identity theft and fraud?