A review of The House of Lords Fraud Act 2006 and Digital Fraud Committee’s new report, ‘Fighting Fraud: Breaking the Chain’
“Fraud is the most commonly experienced crime in England and Wales today and represents a substantial national threat. If this were any other type of crime, this would be a matter of national importance.”
Last week, on 12 November 2022 the House of Lords Fraud Act 2006 and Digital Fraud Committee published their report “Fighting Fraud: Breaking the Chain”. My initial thoughts were “oh no, not another report outlining how bad fraud is in the UK, but not actually adding substance to combating it!”, but I was mistaken; the report is very much more than that, and is an imperative read for anyone involved in combatting financial crime, fraud prevention or compliance, across financial services, telecommunications, social media, regulatory bodies, or Government.
Firstly, I should point out that the report runs to 189-pages, so here is my summary of its main findings.
The report goes into some considerable detail around the cost of fraud, the impact of fraud and the actors involved in the fraud lifecycle. Not only does it give a good overview of the current state of affairs and where responsibilities currently lie, outlining the frameworks of the fraud chain and discussing common fraud typologies, but it makes positive recommendations as to how we need to work more cohesively across the industry. The report puts its weight firmly behind proposed legislation and concludes with recommendations for proposing new offences to be brought into legislation to create, for example, a “failure to prevent fraud” type offence, and outlines the opportunities for improvement.
The Report is divided into six distinct chapters:
- Background: This section examines the increase in digital fraud, citing digitalisation and how the UK as an English language hub makes an attractive opportunity for fraudsters, the business model of digital fraud, the emergence of crypto assets and where the responsibility for responding lies.
- The Inbound Route: This section presents an overview of fraudster modus operandi with some real-life case studies from victims, ranging from phishing to romance fraud, and looks at the significant issue of fraudulent advertising, the role of the metaverse, and the urgent need for the Online Safety Bill to be ratified through Parliament.
Interaction: Here, the interaction between fraudsters and their victims is discussed. Number spoofing, social engineering and fraudulent websites are assessed, and recommended actions to tackle them are made.
- Cashing out: This section concerns the payment infrastructure, AML enforcement and KYC, transaction monitoring, the rise of money mules, and the need to regulate crypto assets.
- The Government response to fraud: This reviews the current multi-agency approach by the Government to fraud, the plethora of Government ministers, agencies and committees involved – the “alphabet soup” and, damningly, how ineffective they are. This section considers the victim and the impact of fraud, reimbursement and the need for consumer education – should fraud awareness be on the curriculum at an early school age?
- The Fraud Act 2006 and the legislative framework: The final section reviews the current pertinent legislation including a positive assessment of the Fraud Act 2006, as well as discussing the Computer Misuse Act 1990, the Data Protection Act 2018, GDPR, the Telecommunications (Security) Act 2021. Furthermore, the report outlines firm support for the upcoming Online Safety Bill, currently working its way through the Commons.
I think what most surprised me about the report was the sheer scale of fraud in the UK. I have been working in payment card fraud prevention for over 20 years, and have seen a multitude of changes and initiatives come and go, fraud levels rise and fall across issuers, merchants, acquirers, countries and industries, but to read that fraud now accounts for 41% of all crime, including violence or burglary, against individuals in the United Kingdom, surprised me. Everyone is vulnerable to fraudsters, regardless of background or age, and “an adult today is more likely to become a victim of fraud than any other individual crime”, cites the report.
The Report reveals that in the year ending March 2022, fraud had increased by 25% since the pre-pandemic year to March 2020. While these figures have begun to stabilise, fraud remains higher than before the pandemic and their latest data shows that losses over the past year total a staggering £4 billion. Scathingly, the report denigrates the Government for excluding fraud statistics from public statements on crime rates and claiming that crime rates are falling,
The financial and emotional impact of fraud is devastating, as evidenced by the ordinary members of the public who bravely shared their stories and experiences to the committee; and many victims will never see the perpetrators face justice. It’s concerning to see that proceedings, guilty charges and sentencing rates for fraud have fallen by almost 60% in criminal prosecutions of fraud over the last decade. Of those convicted fraudsters that were handed a sentence, 50% were handed a fine, a discharge of a suspended sentence. No wonder the UK is a hotspot; there are few repercussions for most fraudsters.
Most of this fraud happens online. Digital technology has led to new opportunities for fraudsters, and the COVID-19 pandemic accelerated this trend as people moved more of their lives online. Around 80% of fraud is cyber-enabled which means it was supported by technology and social media features in thousands of fraud reports every year, yet only around 1% of police resources are directed to economic crime and local police forces are too preoccupied with competing priorities and under-trained to effectively manage digital fraud, and the people in charge of these digital technologies are not doing enough to prevent the exploitation of their services.
The report vilifies the telecommunication companies in their lack of any appetite to examine their infrastructure and take a good look at their role in facilitating fraud. Likewise with the social media sector who must slam the brakes on fraudsters using online advertising and their ‘metaverse’ platforms to reel in consumers, and do more to verify the identity of those using online dating platforms before they commit romance fraud.
Although we are now starting to get better at it, the financial services industry has long discussed the struggle to share data and insights, and engage unilaterally to prevent smishing, vishing, SIM swapping and SIM farms, and it is good to hear this being addressed by the committee in this report.
The Government’s approach to counter-fraud policy lacks accountability and is spread across multiple departments, task forces and ministers. There is complexity and finger-pointing throughout. Lots of ‘responsibility’, but without a single entity accountable across them. No wonder the system moves so slowly and there is a lack of progress in properly tackling fraud.
Likewise in the industry, a number of sectors identified as not pulling their weight, the report posits that until all fraud-enabling industries fear significant financial, legal and reputational risk for their failure to prevent fraud, they will not act. Banks are now increasingly having to take the financial hit of fraud – to some extent they should, but it is also possible to argue that the other actors in the chain should also be liable – including at times, [somewhat controversially] the victim. The industry can put in all the controls and checks that are available at their disposal, trying to convince their customer that they are sending their money to a fraudster, but at the end of the day, it is the consumer that tends to have the final say on where they want to send their money, and they cannot [currently] stop them.
In essence, the report makes six key recommendations to the Government to break the fraud chain:
- Tackling fraud is the responsibility of too many government departments, agencies and ministers. This has led to a lack of accountability and inefficient policymaking. The Government needs to establish a Cabinet subcommittee with a clear mandate to tackle fraud, chaired by and accountable to the Home Office Security Minister (the minister responsible for tackling fraud, Tom Tugendhat, who was among witnesses who gave evidence).
- Fraud makes up 41% of all crime against individuals, but at the moment only 1% of law enforcement is focussed on tackling economic crime. The way that fraud is policed is ineffective, and agencies lack the digital skills to properly tackle digital crime. Fraud should be written into the Strategic Policing Requirement, which sets out the top priorities that the police must focus on.
- Several sectors are involved in the fraud chain, but they do not all face the same incentives to tackle the problem. Until all fraud-enabling industries fear significant financial, legal and reputational risk, they will not act. A new corporate criminal offence of ‘failure to prevent fraud’ should be introduced, applicable across all sectors, accompanied by significant financial penalties.
- There is no single, national campaign to raise awareness about how to protect yourself against fraud, and how to report it if it happens. The Government should introduce a single, centrally funded consumer awareness campaign in partnership with industry to remedy this.
- The Online Safety Bill contains several important measures to prevent fraudulent content and scam advertising from appearing on online platforms and to hold tech companies accountable when they fail. The Online Safety Bill must be brought to parliament urgently.
- The UK has one of the most advanced digital banking systems in the world. While this is great for businesses and consumers, it makes the UK a lucrative market for fraudsters who want to quickly cash out stolen funds. A delay lasting no more than several hours on certain high-risk payments should be introduced. This would give banks more time to analyse whether a payment might be fraudulent.
In conclusion, the report is a welcome rundown of what is a complex and constantly evolving area that does not hold back when it comes to identifying the problem areas in the fraud chain. It makes some good strong recommendations that, if adopted into legislation, will make a difference. We will never completely stop fraud, what we need to do is make it difficult for the fraudsters, understand them, investigate their crimes, disrupt them using the technology at our disposal, and throw the book at them when they are caught.
The Government has two months to respond with their views on the report’s proposals, which will be published on the House of Lords’ website. This will then be debated in the House of Lords.
By Jonathan Hancock, Payment Gateway & Fraud Solutions at ai
Read the full article in Finextra here