SAVERS are getting penalised by financial firms for taking out a popular anti-fraud protection.

An investigation by The Sun has found that Cifas protective markers, which are designed to protect users from fraud or data breaches, are being viewed as red flags by some financial firms.

1

This is leading to customers’ applications being blocked when they try to take out financial products such as credit, mortgages or insurance policies.

Cifas Protective Registration is a service that helps protect people from ID theft and fraud.

Tens of thousands of people have used the service. Cifas said over 26,000 people had been protected by it in 2016.

It works by placing a warning flag against their name on the Cifas National Fraud Database, which prompts lenders and financial firms to do extra checks to verify their identity.

It has long been known that this can cause delays when taking out products because of the extra layers of security.

But it has now come to light that this product designed to protect people is actually impacting their ability to get financial products.

We have spoken to fraud and cyber-security experts who say that while the marker should simply prompt firms to do extra checks, this is often not happening and firms are outright rejecting them instead.

There are several upheld decisions published on the Financial Ombudsman Service’s website from over the past few years where customers complained that they were rejected by the lenders because of protective registrations.

And we have found dozens of posts on online forums where people have shared their experience of being blocked by lenders for using the service.

One user, who said they took out a protective registration on their employer’s recommendation following a data breach, said: “I have seen it state it would cause delays, but doesn’t seem to mention it will cause you to get blocked by many lenders totally.

“Some lenders do carry out the checks, but overall I have found it’s a firm no.”

Benson Varghese, managing parter of law firm Varghese Summersett, told The Sun: “CIFAS protective registration is intended as a safeguard, flagging an individual’s account or identity to warn financial institutions about potential risks, often at the request of the individual.

“However, this marker can create unintended consequences. Banks and lenders often view CIFAS markers with caution, interpreting them as potential signs of fraud or risk—even in cases where the individual is the victim seeking protection.

“I’ve worked with several clients who were denied mortgages or loans due to a CIFAS protective registration, despite having strong credit histories.”

How do CIFAS protective registrations work?

Cifas is an organisation that helps to prevent fraud and theft.

One of the services it offers is Protective Registration, which you can purchase for £30 for two years.

This puts a marker on your credit report which can be seen by financial institutions.

It is supposed to warn the firm that they should take extra care to verify your identity, which helps protect you from fraud.

People are sometimes encouraged to take out this protection if they have been a victim of fraud, for example if they had ID documents stolen or their personal details were leaked in a data breach.

These markers are not supposed to affect your credit rating and should not indicate to banks that you are a fraud risk.

However, it is understood that in some cases, banks and other organisations have been automatically raising red flags when they spot these markers rather than confirming the reason behind them.

A Protective Registration should indicate to the lender that it is a warning to investigate further, but more often than not, it immediately puts a hold on the account

Sam LewisHeligan Group

In one upheld decision published by the Financial Ombudsman Service (FOS), a customer complained that Starling Bank treated him unfairly after it refused him credit because of his protective registration.

As part of the investigation, Starling Bank reportedly said the customer did not meet its risk apetite because it had seen something averse returned on fraud database checks.

But it turned out this was actually due to the presence of a protective registration.

When asked by the FOS if it had asked the customer about the Cifas marker, Starling admitted it had not asked about the circumstances surrounding it.

In a separate case, the FOS upheld a complaint against Barclays after it rejected a customers’ commercial credit card application because of the presence of a Protective Registration.

In the case, the FOS investigator said: “In its submissions to us, Barclays said that it declined the customer’s application because of a category 6 marker.

“I’ve reviewed the CIFAS report Mr M has provided from July 2021, and the filing related to a “protective registration” made on 22 October 2019.”

Rob Meakin, director, fraud and identity at Creditinfo, told The Sun he is aware of legitimate credit applications being declined because of these markers.

“CIFAS protective registrations play a vital role in protecting fraud victims and combating fraud overall, but if not carefully reviewed, they can create challenges for banks and lenders,” he said.

“While these markers are important tools, relying solely on them may result in legitimate applicants being unfairly rejected.” 

Why are protective registrations causing issues?

The issue with Protective Registrations is that some banks have systems that automatically flag fraud risks, and this can flag markers on accounts without knowing the reason behind them.

Sam Lewis, head of debt advisory services at Heligan Group, explained: “Fraud is a huge issue in the UK with over £1 billion directly attributable to bank fraud, so Lenders, who are risk-averse at the best of times, will take Cifas markers very seriously. 

“When a Protective Registration is issued, the lender takes this seriously because there is a risk of fraud or impersonation for that account. 

“A Protective Registration should indicate to the lender that it is a warning to investigate further, but more often than not, the lender immediately puts a hold on the account out of caution.”

A spokesperson for Cifas said: “We were not aware of Cifas customers being routinely denied credit by some lenders because they have taken out Protective Registration with us, and are grateful to The Sun for raising this with us.

“Identity theft is one of the most commonly committed crimes in the UK, it causes enduring harm and can devastate lives. Cifas’ Protective Registration helps keep individuals safe, with thousands of UK consumers benefiting from the additional security this service provides.”

What can I do if I think I have been treated unfairly?

If you think you have been treated unfairly by a financial firm because of a Cifas Protective Registration, make a formal complaint first.

Contact the company and explain what happened and that you have a Protective Registration, and ask the firm to look into your case again.

The spokesperson for Cifas added: “If users of our Protective Registration Service are denied credit, they should raise this with their lender in the first instance, who should be able to provide them with information as to why their application was rejected.

“Full information about how our Protective Registration Service works is available on the Cifas website.”

If you do not get an adequate response or you disagree with the outcome, you can escalate your case to the FOS.

You will need to make a complaint to the FOS within six months of receiving your final response from the firm you are complaining about.

Try to provide as much information as possible, particularly if the FOS requests it to help examine your case, and make sure to respond to all questions.

Keep a record of anything to back up your claim including correspondence with the firm and evidence that you told them it was a Protective Registration.