Security Experts:

UK Audit Office Says More Effort Needed to Combat Online Fraud

UK's National Audit Office Says Online Fraud Needs to be Treated More Seriously by Government

Fraud is now the most commonly experienced crime in England and Wales; and most takes place online. In a newly released report, the UK's National Audit Office (NAO) welcomes some steps taken by the government to combat online fraud, but suggests that much more could and should be done.

The problem is growing rapidly. Card-not-present (CNP) fraud (a problem already increasing in America with the move to EMV cards) rose from 709,000 incidents in 2011 to approximately 1.4 million incidents in 2016 -- an increase of 103%, and 16% of all estimated crime instances. It is estimated that £10 billion was the loss to individuals in 2016, while the individual loss to victims in each incident was £250 or more.

The overall message of the report (PDF) is that online fraud is given sufficient importance by neither the government, the banks, nor law enforcement. For example, despite it being the most frequent crime, only one police officer in every 150 is primarily involved in economic crime. This compares to one in six officers whose primary function is traditional neighborhood policing.

The banks are also criticized. Although they play an important role in protecting people against fraud, the report finds the quality of their action to be inconsistent. "In 2016, the Payment Systems Regulator found that banks needed to improve the way they work together in responding to scams, that some banks needed to do more to combat scams, and that data available on the scale of scams were poor," notes the NAO report.

The government's primary response so far has been to establish the Joint Fraud Taskforce led by ministers in 2016. However, the report says, "there is a lack of proper governance, such as through a senior responsible owner or equivalent role. Despite setting up the Taskforce in February 2016, the Department has not yet reported on the Taskforce's progress or established measures for its performance." It is also concerned that banks are the only industry represented on the Taskforce: "many other organizations, including those in the retail, telecommunications and digital sectors, have responsibilities for preventing and reducing online fraud."

The report concludes, "Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response. Yet fraud is not a strategic priority for local police forces, and the response from industry is uneven." It suggests that although online fraud is not the sole responsibility of the government, the Home Office is the only body that can oversee the system and lead the necessary change. 

"At this stage, it is hard to judge that the response to online fraud is proportionate, efficient or effective," comments Amyas Morse, head of the National Audit Office.

"We welcome the report findings from the National Audit Office and a number of its recommendations," said Cifas deputy chief executive Mike Haley. "In particular, we would welcome the expansion of the membership of the Joint Fraud Taskforce to include other stakeholders, such as the retail and digital sectors, improving the collection and reporting of fraud, and examining sentencing guidelines for fraud, which are all proposals that Cifas has called for previously."

Cifas is a an independent, not-for-profit organization that protects businesses and individuals through secure data and intelligence sharing between the private, public and third sectors. In 2016, Cifas members prevented over £1 billion of fraud losses. It claims that its National Fraud Database and Internal Fraud Database are the most comprehensive databases of confirmed fraud in the UK; and that every day, it sends approximately 800 fraud cases to the City of London Police for potential investigation.

"Last year, our cross-sector membership reported a record 324,683 fraud crimes, 66% of which was cyber-enabled and nine out of 10 identity frauds committed online. These statistics speak for themselves: this is a high-volume crime that needs to be given more priority by government, law enforcement and industry. We therefore strongly agree that tackling online fraud should be a strategic priority for policing. 

"We also endorse the need for government, law enforcement and industry to work together to raise awareness of how people can better protect themselves, and specifically we want to see fraud education in the school curriculum so that young people can be made more aware of the consequences of falling victim to a fraud as well as committing fraud."

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.