By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.

ID theft: How bank account fraudsters may steal your identity

Which? Money combed the internet for volunteers' personal data and the results were alarmingu2026
Faye LipsonSenior researcher & writer

It could be easier than you think for fraudsters to open an 'impostor' bank account in your name, a Which? Money investigation has found.

We 'data swept' volunteers and found a level of personal information available online which police believe could be enough for a fraudster to open a UK bank account.

It comes after a recent report from fraud prevention body Cifas highlighted 'growing concern' that fraudsters are opening accounts using stolen identities.

How much information is available online?

We recruited 10 volunteers (a mixture of Which? staff and members) who were willing for us to 'data sweep' them as an identity fraudster might, to see how much information we could gather using legitimate sources.

This involved combing social media profiles, personal websites, the Land Registry, Companies House, the electoral roll and ancestry sites.All of our sources could be easily accessed by anyone with an internet connection.

For half of our volunteers, we found full names, dates of birth and residential addresses, plus at least two other pieces of identity information, such as their mother's maiden name, their place of birth, marital status and occupation. Police believe this is likely to be enough for a fraudster to open an account online with a high street bank.

Chris Felton, National Fraud Intelligence Bureau (NFIB) detective inspector, said: 'As long as you've got the basic name, date of birth and address right, you're probably pretty much there.'

Some volunteers were particularly vulnerable because they were company directors, charity trustees or web domain registrants. But we also found examples of people giving away large amounts of personal information through social media.

Subscribe to Which? Money Weekly

A free newsletter from Which? Money Compare offering unmissable news, deals and money-saving tips delivered to your inbox every week.

Register here

How do criminals steal your identity?

Impostor applications often take place in order to deposit the proceeds of scams, or as a 'link within a mule network'.

They can also be lucrative for 'acquisitive reasons' such as raiding an account's overdraft facility or associated credit card offers. Overdrafts can also be transferred to another account for easier access to cash.

Criminals have many ways of obtaining the details needed to apply for a current account in your name. Cifas told us they use methods 'from data loss and stealing mail, through to hacking, obtaining data on the dark web, as well persuading people to give up personal information by pretending to be from a bank, the police or a trusted retailer'.

No paper documents required

While it's widely believed that you must show a physical ID document and proof of address when opening a UK bank account, that's no longer always the case. Accounts are increasingly opened online rather than in branch - often without recourse to physical documents.

Instead, checks are done electronically by comparing your identity data, given as part of the online form, against your credit file and several other sources (such as databases of fraud victims or deceased people).

While practice varies between account providers (with some requiring scans or images of documents while others do not), the basis of electronic checks is your full name, address and date of birth, as laid down by the Joint Money Laundering Steering Group guidelines.

This may explain why 96% of identity frauds across all financial products were committed using a real person's identity in 2016. A completely fictitious identity wouldn't have a credit profile at all, and so might prompt extra checks such as a request to visit a branch.

'I had an account with a bank I'd never heard of'

Which? member Vincent Armstrong (pictured) was shocked to come home and find a current account welcome pack from First Direct - a bank he hadn't heard of.

Photo by Aaron McCracken

On calling First Direct, he was told an account had been opened in his name. He asked for it to be closed immediately, but the bank initially refused.

The bank's fraud team later told him the impostor who'd opened the account had done so with his name, date of birth and address.

Even more worryingly, they had a £500 overdraft that they had the option of transferring to another account so they could access the cash.

Mr Armstrong found his credit score had been affected by the fraudulent application. He told us that when he first approached the bank, he felt it 'didn't care about my worries, nor did it want to help'.

He added: 'I still find it very strange no ID or proof of address was needed.'

First Direct told us it had 'acted quickly' to close the account and correct Vincent's credit history, but recognised it 'could have done more to reassure him along the way'.

It also enrolled him to a protective anti-fraud database operated by Cifas. It apologised and added that it had since 'completely overhauled our account opening process, which has greatly reduced this type of fraud'.

Banks respond to bank account fraud

We asked the UK's four biggest banks to respond to our findings, and all stressed they had sophisticated systems in place to prevent impostor applications.

Barclays told us: 'We apply the same rigorous security policies online as take place in branch. This includes using the information provided to validate an applicant's identity in real time with a number of credit reference agencies. In addition, we will also ask questions specific to the applicant's credit history, which is unlikely to be in the public domain.'

HSBC also confirmed it completed 'a number of checks as part of our online account opening, which includes identity and address checks as well as running anti-impersonation checks'.

RBS said online applicants are required to show ID documents, either by uploading them to its 'DigiDocs' service, or by presenting them in person at a branch.

Lloyds - encompassing Halifax and Bank of Scotland - said obtaining an applicant's name, address and date of birth is just the first step in a 'multi-layered approach' which draws on sources including 'credit information, fraud prevention data, previously identified fraudulent applications and information about the device being used to make the application'.

Related articles

About Us

Which? Limited is registered in England and Wales to 2 Marylebone Road, London NW1 4DF, company number 00677665  and is an Introducer Appointed Representative (FRN 610689) of the following:


1. Inspop.com Ltd for the introduction of non-investment motor, home, travel and pet insurance, who are authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635). Inspop.com Ltd is authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635) and is registered in England and Wales to Greyfriars House, Greyfriars Road, Cardiff, South Wales, CF10 3AL, company number 03857130. Confused.com is a trading name of Inspop.com Ltd. 


2. LifeSearch Partners Limited (FRN656479), for the introduction of Pure Protection Contracts and Private Health Insurance, who are authorised and regulated by the FCA to provide advice and arrange Pure Protection Contracts and Private Health Insurance Contracts.  LifeSearch Partners Ltd is registered in England and Wales to 3000a Parkway, Whiteley, Hampshire, PO15 7FX, company number 03412386.


3. HUB Financial Solutions, for the introduction of equity release advice and an annuity comparison service, who are authorised and regulated by the Financial Conduct Authority (‘FCA’) to provide advice and guidance on financial products for those who have retired or are approaching retirement (FCA Firm Reference Number: 455713). HUB Financial Solutions is registered in England and Wales to Enterprise House, Bancroft Road, Reigate, Surrey RH12 7RP, company number 05125701.


4. Alan Boswell Insurance Brokers Ltd (FRN 301), for the introduction of non-investment landlord insurances, who are authorised and regulated by the Financial Conduct Authority to provide advice and arrange insurance contracts. Alan Boswell insurance brokers Ltd is registered in England at Prospect House, Rouen Rd, Norwich NR1 1RE, company number 02591252.


Other financial services:

Mortgage service provided by London & Country Mortgages (L&C), Unit 26 (2.06), Newark Works, 2 Foundry Lane, Bath BA2 3GZ. London & Country are authorised and regulated by the Financial Conduct Authority (registered number: 143002). The FCA does not regulate most Buy to Let mortgages. Your home or property may be repossessed if you do not keep up repayments on your mortgage.


We do not make, nor do we seek to make, any recommendations or personalised advice on financial products or services that are regulated by the FCA, as we’re not regulated or authorised by the FCA to advise you in this way. In some cases, however, we have included links to regulated brands or providers with whom we have a commercial relationship and, if you choose to, you can buy a product from our commercial partners. 


If you go ahead and buy a product using our link, we will receive a commission to help fund our not-for-profit mission and our campaigns work as a champion for the UK consumer. Please note that a link alone does not constitute an endorsement by Which?.