The cost of online fraud in England and Wales is estimated at £10 billion annually, with 2 million cyber-related fraud incidents occurring last year. And yet, the British Home Office and UK banks are not doing enough to tackle the growing problem.
New technology is needed, leadership has to come from the centre of government, and industry and the public sector need to share data to get on top of the issues – according to the latest report from the influential Public Accounts Committee.
MPs said that the government has been late to recognise online fraud as a threat to consumers, having only last year begun to put in place objectives and organisations – such as the Joint Fraud Task – to help target cyber criminals targeting financial institutions and consumers’ money.
Only around 20% of fraud is actually reported to police, and according to the report, the crime “is indiscriminate, is growing rapidly and shows no signs of slowing down”.
The Committee has called for urgent action from government, stating that the Home Office’s response has been “too slow” and that banks are unwilling to share information about the extent of fraud with customers.
Committee Chair, Meg Hillier MP, said:
Online fraud is a virulent and unprecedented threat that has taken hold rapidly, causes untold misery and costs individuals and businesses billions of pounds each year.
The Government accepts there is an enormous amount of work needed to tackle the problem—work that in our view must put people first. Banks in particular need to step up, take responsibility and focus sharply on protecting and informing their customers.
Technology is clearly critical to combating cyber-crime, and developing effective common defences should be a priority. Policing must also be more consistent. Government has a vital role in ensuring this happens.
Meanwhile, the public cannot be left in the dark. Online fraud affects people of all ages and backgrounds. Young people are increasingly likely to fall victim to a crime which is perceived primarily as affecting the elderly and vulnerable.
The Government must get better at explaining the tricks employed by fraudsters to target different groups, and set out clearly the action it is taking to tackle them.
The role of government
Whilst the Committee recognises that the Home Office is not solely responsible for tackling the problem of online fraud, it does urge the government to recognise that is in charge and is the only organisation that can provide the necessary national, strategic leadership. And its response has been “too slow”.
The Department itself says that there is an “enormous amount to be done”, but added that it relies on voluntary participation from industry and law enforcement. And while the Home Office reassured the Committee about its ‘scale of ambition’, MPs still believe that it has no sense yet of how to quantify what success would look like – not even a range for what might be plausible to achieve.
The Committee has recommended that the Home Office should develop specific plans for how it will measure progress in tackling online fraud and judge the success of the Joint Fraud Taskforce, regularly publishing information on progress and performance.
The report also states that the departments lacks data to judge whether its response to tackling online fraud is working. Rightly so, the Committee argues that effective action can only be underpinned properly if the Department understands the nature and the scale of the threat.
However, the Home Office only first attempted to measure fraud in 2016, where it found that fraud accounted for a third of all crime. MPs found that victims of online fraud are often too embarrassed to report it and that there are also difficulties in making a report.
And whilst the City of London Police has said that it is important to share information to prevent crime, there is no formal requirement for banks to report fraud or share reports with government or the policy.
In short, the use of data to measure and assess the impact of online fraud is patchy and disjointed. The Committee has urged the Home Office to prioritise efforts to improve the collection and reporting of data on fraud.
Banks are responsible too
Whilst the government is under pressure to do more, so are the banks – where the report states that the financial institutions themselves to not accept enough responsibility for preventing and reducing online fraud. It notes that the protection that they provide to customers is variable, with some willing to invest more in educating customers and anti-fraud technology than others.
Part of the problem is that banks are not required to provide data on their individual performances to the government or police, and as such, no-one knows which banks are the best at protecting against fraud.
The banks argue that data on individual banks performance would help criminals target the weakest banks, but the Committee believes that there is clearly scope for more transparency over individual banks’ performance at an aggregated level.
The Committee said:
The Department should set out minimum standards for banks to follow on preventing online fraud and on protecting bank customers and require banks to report to government on their performance.
The Department should press the banking industry to make relative online fraud vulnerability performance data publicly available. We expect the Department to provide us with a plan for publication of this data by Spring 2018. We encourage banks to develop a voluntary scheme in the meantime to be more open with customers about the extent of fraud and how they are tackling it.
MPs also state that unless banks start working together, including making better use of technology, there will be little progress on tackling card fraud and returning money to customers. For example, it has been reported that banks are holding at least £130 million that has been frozen because it is fraud related, but which cannot be accurately traced and returned to victims, often because it has been passed through numerous ‘mule’ accounts.
The Home Office is apparently taking forward an initiative with the banks to make the “best use of technology” to spot mule accounts and repatriate money quickly, but has said that it will be a couple of years before it is likely to have a fully fledged system.
The Committee’s recommendation is that the Home Office should make sure all banks make better use of technology and information to reduce card fraud and return money to customers. This should include establishing minimum technical standards for strong customer authentication for electronic payments.
Image credit - Internet fraud © Gajus - Fotolia.com