Simon Fell is Chair of the APPG for Cyber Security, Co-Chair of the APPG on Fair Business Banking, and MP for Barrow and Furness.
Fraud is a serious and growing problem. It is now the most common crime in the UK, accounting for 41 per cent of all offenses committed. It has been described variously as an epidemic and a national security risk. But despite this, only around 1 per cent of all police resources in the UK are focused on it.
If fraud were considered to be high harm crime (and anyone who has heard the testimony of a vulnerable person conned out of their life savings would consider it to be one) this would be a scandal. But the sad reality is it is not. By and large, there is a collective apathy about the challenge it presents, in spite of the huge harm it causes, and the disturbing links that are easily drawn between it and wider organised crime.
We have an opportunity to change that. The Government is due to publish its National Fraud Strategy shortly. Here are my suggestions for the 5 things it must focus on to truly bear down on the challenge that the volume of crime in our times presents.
1 – Break down the silos. Whether opportunist fraudsters or organised criminal gangs, fraudsters don’t care where they go to steal money – they just follow the path of least resistance. The Government needs to lean into this and ensure that the public sector is working hand in glove with the private sector. The banks, telcos, and insurers, for instance, share data, trends, and threats on fraud in order to prevent further fraud. Imagine how much more powerful it would be if DWP and HMRC did the same, and the number of frauds that they could prevent as a result.
2 – The whole ecosystem needs to be involved. According to UK Finance, for instance, more than 70 per cent of scams originate from an online platform, with almost all investment, romance, and purchase scams starting online. This is why the National Fraud Strategy must compel tech companies and telcos to take action to prevent fraud and protect consumers.
We need a fair and sustainable model that creates and aligns financial incentives for firms to prevent fraud. While banks currently shoulder the full costs of reimbursement, tech, and telcos do not contribute to reimbursing fraud victims in any way despite the majority of fraud originating on their platforms. Large tech, social media, and telcos should have a duty to share some of these costs which will, in turn, incentivise them to introduce controls to intercept and stop fraud at the source.
3 – We must use what we have against criminals. Fraudsters are bold because they know they will likely get away with it. But yet every year over 300,000 cases of fraud are given to the City of London Police by the private sector. Rather than allowing these cases to wallow in a black hole, why aren’t we weaponising this data against the criminals? I propose an Economic Crime Prevention Order – essentially a fraud ASBO. Do it once and you get a fine. Do it again, and we’ll come after you – hard.
4 – We need to provide the Police with the tools they need to move against the criminals responsible. Police are hamstrung in a few ways. Fraud is ‘too hard’ – it often crosses force and geographic (sometimes country) boundaries. It also requires skilled people who, let’s be honest, can earn far more outside of law enforcement. So we need to look at how we work with industry to change that – seconding experts who can work with the Police to build cases and get results. We have a sclerotic Cyber Specials programme – let’s put rocket boosters underneath it. Similarly, we need to step up the response available to victims.
5 – We need to help people to help themselves. There are mountains of guidance out there. But much of it is conflicting. For instance, try and find the latest advice for what a secure password looks like and then attempt to enter one like it the next time you set up an account with a retailer. I’d give it a 50/50 chance that it wouldn’t be accepted. Our words don’t match our actions. So Government needs to use its convening power to kite-mark good common standards and promote clear advice.
There’s a second part to this too – we need to take off the training wheels. This will be uncomfortable, but I believe it to be necessary. Industry and the public sector are a little too good at protecting the public from the consequences of everyday frauds.
So, while the public and private sectors still both need to up their games, the public must too. Behaviour change comes from awareness and fear of consequences.
No one would leave their front door wide open and expect their insurance to pay out if they were burgled. And when we practice bad cyber hygiene we should similarly expect to pay the price. Once good guidance is in place and widely shared we should be prepared to have this difficult conversation with the public.
Criminals are constantly finding new ways of tricking people into handing over their money. They are very, very good at it – extracting £190billion from the economy each year. We cannot simply accept defeat and go home, so we have to change our response to it.
Reducing the emotional and financial suffering of victims requires all those involved in the fraud journey (public/private, tech & telcos, government and law enforcement) to play their role in stopping it from happening in the first place, and in dealing with its consequences.
I hope that the upcoming Fraud Strategy will be the starting shot in the race to get us there.
Simon Fell is Chair of the APPG for Cyber Security, Co-Chair of the APPG on Fair Business Banking, and MP for Barrow and Furness.
Fraud is a serious and growing problem. It is now the most common crime in the UK, accounting for 41 per cent of all offenses committed. It has been described variously as an epidemic and a national security risk. But despite this, only around 1 per cent of all police resources in the UK are focused on it.
If fraud were considered to be high harm crime (and anyone who has heard the testimony of a vulnerable person conned out of their life savings would consider it to be one) this would be a scandal. But the sad reality is it is not. By and large, there is a collective apathy about the challenge it presents, in spite of the huge harm it causes, and the disturbing links that are easily drawn between it and wider organised crime.
We have an opportunity to change that. The Government is due to publish its National Fraud Strategy shortly. Here are my suggestions for the 5 things it must focus on to truly bear down on the challenge that the volume of crime in our times presents.
1 – Break down the silos. Whether opportunist fraudsters or organised criminal gangs, fraudsters don’t care where they go to steal money – they just follow the path of least resistance. The Government needs to lean into this and ensure that the public sector is working hand in glove with the private sector. The banks, telcos, and insurers, for instance, share data, trends, and threats on fraud in order to prevent further fraud. Imagine how much more powerful it would be if DWP and HMRC did the same, and the number of frauds that they could prevent as a result.
2 – The whole ecosystem needs to be involved. According to UK Finance, for instance, more than 70 per cent of scams originate from an online platform, with almost all investment, romance, and purchase scams starting online. This is why the National Fraud Strategy must compel tech companies and telcos to take action to prevent fraud and protect consumers.
We need a fair and sustainable model that creates and aligns financial incentives for firms to prevent fraud. While banks currently shoulder the full costs of reimbursement, tech, and telcos do not contribute to reimbursing fraud victims in any way despite the majority of fraud originating on their platforms. Large tech, social media, and telcos should have a duty to share some of these costs which will, in turn, incentivise them to introduce controls to intercept and stop fraud at the source.
3 – We must use what we have against criminals. Fraudsters are bold because they know they will likely get away with it. But yet every year over 300,000 cases of fraud are given to the City of London Police by the private sector. Rather than allowing these cases to wallow in a black hole, why aren’t we weaponising this data against the criminals? I propose an Economic Crime Prevention Order – essentially a fraud ASBO. Do it once and you get a fine. Do it again, and we’ll come after you – hard.
4 – We need to provide the Police with the tools they need to move against the criminals responsible. Police are hamstrung in a few ways. Fraud is ‘too hard’ – it often crosses force and geographic (sometimes country) boundaries. It also requires skilled people who, let’s be honest, can earn far more outside of law enforcement. So we need to look at how we work with industry to change that – seconding experts who can work with the Police to build cases and get results. We have a sclerotic Cyber Specials programme – let’s put rocket boosters underneath it. Similarly, we need to step up the response available to victims.
5 – We need to help people to help themselves. There are mountains of guidance out there. But much of it is conflicting. For instance, try and find the latest advice for what a secure password looks like and then attempt to enter one like it the next time you set up an account with a retailer. I’d give it a 50/50 chance that it wouldn’t be accepted. Our words don’t match our actions. So Government needs to use its convening power to kite-mark good common standards and promote clear advice.
There’s a second part to this too – we need to take off the training wheels. This will be uncomfortable, but I believe it to be necessary. Industry and the public sector are a little too good at protecting the public from the consequences of everyday frauds.
So, while the public and private sectors still both need to up their games, the public must too. Behaviour change comes from awareness and fear of consequences.
No one would leave their front door wide open and expect their insurance to pay out if they were burgled. And when we practice bad cyber hygiene we should similarly expect to pay the price. Once good guidance is in place and widely shared we should be prepared to have this difficult conversation with the public.
Criminals are constantly finding new ways of tricking people into handing over their money. They are very, very good at it – extracting £190billion from the economy each year. We cannot simply accept defeat and go home, so we have to change our response to it.
Reducing the emotional and financial suffering of victims requires all those involved in the fraud journey (public/private, tech & telcos, government and law enforcement) to play their role in stopping it from happening in the first place, and in dealing with its consequences.
I hope that the upcoming Fraud Strategy will be the starting shot in the race to get us there.