NewsCase StudiesEvents

Security Loophole Access to Credit Files

Also in the news...

Trade with the UK as a business based in the EU

If you run an EU-based business, check what your business needs to know to continue trading with the UK.

Safety and security requirements on imports and exports

Find out about new safety and security declarations that will apply from 1 October 2021 on goods leaving Great Britain (England, Scotland and Wales).

How to open a company in the USA while maintaining residence in Italy

It is one of the best ways for the Italian citizen to manage their business. This corporate vehicle allows access to multiple advantages of an advanced jurisdiction such as the US and also manages to maintain a low tax rate with very manageable levels of accounting and bureaucracy.

UK-ASEAN Joint declaration

Joint Ministerial Declaration on Future Economic Cooperation between the Association of Southeast Asian Nations (ASEAN) and the United Kingdom of Great Britain and Northern Ireland (UK).


These are exciting times for Dubai and the UAE. With the entire business world’s attention soon to turn to the Emirates with the delayed Expo 2020 kicking off in October (and continuing all the way through to the end of March next year) it’s never been a better time to be a UAE business owner

Security Loophole Access to Credit Files

Back to News

Access to personal credit reports is strictly controlled with legal requirements limiting who can search files. To be authorised to search someone else’s credit file requires the searcher to be registered under the Data Protection Act.

Having access to an online credit checking service is a standard part of the vetting procedure for many companies that deal with consumers. Companies with a licence to search consumers include high street mobile phone companies and letting agents, and stores and supermarkets that offer account and credit facilities.

Credit agencies that provide access to credit checks will screen each organisation that applies to open an account, and will ask the organisation to provide their Data Protection Number. Without a DPN, the application to run credit checks will be denied.

However First Report has seen an increase in fraudulent attempts to get around this. All organisations which are registered under the Data Protection Act can be searched online on the Data Protection Public Register, a public website which is designed to enable anyone to quickly verify the licence details of any registered organisation.

Entering just a single name or word is sufficient to return all organisations that have a similar name on the register. Each entry includes the Data Protection Registration Number, the type of licence held, and name and address details for the holder.

The availability of this data means that criminals can search the public register and record all the details shown. In the cases recorded by First Report, the applicant has registered a domain name that looks appropriate for a division or branch of the company, and then set up an email address at that domain. The scammers then apply to access credit files using all the legitimate information and the Data Protection Registration Number, and their own email address and phone number.

Criminals who attempt to access consumer credit files are commonly hoping to harvest personal information which can then be used for identity theft and fraud.

At First Report we have a detailed due diligence process and we have successfully stopped a number of attempts to gain access to personal credit data using this scam. We have reported this to the Office of the Information Commissioner.

You are not logged in!

Please login or register to ask our experts a question.

Login now or register.