CIFAS Markers Explained: What They Mean and How Long They Last

CIFAS (Credit Industry Fraud Avoidance System) is a UK not-for-profit membership organisation that facilitates the sharing of fraud risk data and intelligence across sectors. Founded in 1988, its membership comprises over 750 organisations spanning banking, building societies, telecommunications, insurance, retail, loan providers, the public sector, and other industries.

CIFAS operates the National Fraud Database (NFD), which holds records of fraudulent conduct reported by its member organisations. A new case is added to the NFD approximately every 90 seconds. In 2024, over 421,000 cases were filed to the database — the highest number ever recorded.

This article explains what CIFAS markers are, the different types that exist, how long they last, and how the system operates.

A CIFAS marker is a record placed on the National Fraud Database when a member organisation believes that fraud has been committed or attempted.

• Fraud Markers (6 Years): Filed against individuals suspected of fraud (e.g., "Misuse of Facility"). These trigger automatic declines from most lenders and can lead to the closure of existing accounts.
• Victim Markers (2 Years): Filed for Protective Registration or Victim of Impersonation. These warn lenders that your identity may have been stolen. They do not block credit but prompt lenders to carry out extra checks to confirm it is really you applying.

CIFAS members share data to prevent fraud. When a member organisation identifies fraud or attempted fraud, they file a case to the National Fraud Database. Other members searching the database can then see this information.

Members are required to follow the "Principles of the National Fraud Database." The standard of proof for filing a fraud marker is high. Members must not file a marker based on mere suspicion. According to CIFAS rules, a member must have "clear, relevant and rigorous evidence" such that they could confidently report the matter to the police.

When a lender receives an application, they check the National Fraud Database. If a marker is found, the lender is alerted to the risk. The presence of a marker does not mandate an automatic decline — CIFAS itself does not make lending decisions — but practically, most mainstream lenders will decline applications associated with a fraud marker due to their internal risk policies.

Types of Markers and Retention Periods

1. Protective Registration (2 Years)

   • What it is: A service paid for by the consumer (£30 for two years) or placed by a lender if you are a victim of data theft. It places a warning flag on your file.
   • Effect: Lenders will subject applications in your name to extra verification checks. It does not damage your credit score; it protects you.
   • Retention: 2 years.

2. Victim of Impersonation (13 Months)

   • What it is: Filed by a lender when they identify that an application made in your name was not made by you.
   • Effect: Warns other lenders that your identity has been compromised. Protects you from further fraud.
   • Retention: 13 months.

3. Misuse of Facility (6 Years)

   • What it is: The most common adverse marker. Filed when an account is used for fraudulent purposes — for example, allowing money to move through your bank account for a third party (acting as a "money mule") or paying in a fraudulent cheque.
   • Effect: Extremely damaging. Usually results in the closure of accounts and inability to open new ones.
   • Retention: 6 years.

4. First Party Fraud (6 Years)

   • What it is: Filed when an individual promises to pay for goods or services with no intent to do so, or when an account is opened with no intent to repay.
   • Effect: Severe. Blocks access to most financial products.
   • Retention: 6 years.

5. Application Fraud (6 Years)

   • What it is: Filed when an applicant provides false details (e.g., false employment, false income, falsified documents) to obtain a product.
   • Effect: Severe.
   • Retention: 6 years.

6. Asset Conversion (6 Years)

   • What it is: Selling goods (like a car) that are subject to a hire purchase agreement and do not belong to you.
   • Effect: Severe.
   • Retention: 6 years.

Verification Standard

CIFAS rules state that a member must examine the case and be satisfied that there is sufficient evidence to justify a filing. If a marker is challenged, the member organisation must produce the evidence to support their decision.

DSAR (Data Subject Access Request)

Consumers have the right to know what data CIFAS holds about them. This is done through a Data Subject Access Request (DSAR). CIFAS provides this free of charge. The request can be made via the CIFAS website. The report will show exactly which marker has been applied, by which institution, and on what date.

"I didn't steal anything, I just let my friend transfer money."

This is a classic "money mule" scenario. If you allow someone to transfer money through your account (often in exchange for a small fee), and that money is proceeds of crime, your bank may close your account and file a "Misuse of Facility" marker. This is treated as fraud. Ignorance of the source of funds is often not accepted as a defence if the bank determines you were complicit or negligent in allowing the misuse.

"Can I just pay to remove it?"

No. There are companies that claim to remove CIFAS markers for a fee. Be extremely cautious. If the marker is accurate, it cannot be removed before the 6-year period expires. Legitimate removal requires a formal dispute process proving that the marker was applied in error.

"Does a CIFAS marker show on my credit report?"

Not directly in the same way as a CCJ. However, the section of your credit file entitled "CIFAS" (if you request your statutory report) will show the entry. When lenders check your file, they query the CIFAS database simultaneously.

• Vulnerable Customers: If a person was coerced or exploited (e.g., a vulnerable adult tricked into being a money mule), evidence of this vulnerability can sometimes be used to appeal the marker. The member organisation must consider whether the individual was a victim rather than a perpetrator.
• Direct Complaints: To remove a marker, the first step is always to complain to the institution that placed it, not CIFAS. CIFAS acts as the database holder; the institution is the data owner. If the institution rejects the complaint, the consumer can then escalate to the CIFAS Independent Review Service. If that fails, the final escalation point is the Financial Ombudsman Service (FOS).

A "Misuse of Facility" or "Application Fraud" marker effectively locks an individual out of the mainstream financial system for six years. Opening a bank account, getting a student loan, obtaining a mortgage, or even getting car insurance (as insurers check CIFAS data) becomes extremely difficult.

If you discover a marker on your file:

1. Don't ignore it. It won't go away.
2. Request your DSAR from CIFAS to see the details.
3. Contact the institution that filed it to understand their reasons.
4. Appeal if you have evidence that the marker is incorrect or if due process was not followed.

• CIFAS is a fraud database: It is used by over 750 UK organisations.
• Fraud Markers last 6 years: They severeley restrict access to credit and banking.
• Victim Markers last 13 months - 2 years: They protect potential victims of impersonation.
• High Standard of Proof: Members need clear evidence to file a fraud marker.
• Right to Access: You can check your status for free via a CIFAS DSAR.