Six months after it was promised, the new UK Fraud Strategy has been published by the Home Office. It will aim to tackle the 40% of crimes committed in England and Wales, but cybersecurity experts have told Tech Monitor that the strategy has come too late and doesn’t offer anything substantial to protect consumers.
Announcing the launch of the strategy earlier today, home secretary Suella Braverman said that one in 15 adults was affected by fraud last year. Action Fraud estimates that £4.1bn has been lost to scammers across the UK since April 2022. The government has said that £7bn was lost to fraud and in tackling fraud in 2019/20.
The strategy is designed to help cut fraud by 10% by the end of 2024 while tackling ‘fraudsters head-on’ to protect people. Braverman said that the UK government had already made a £100m investment in tackling fraud in the last year.
“The strategy to tackle fraud has three elements,” she said. “First, government and law enforcement will pursue more fraudsters and bring them to justice. Second, government and industry will work together to stop fraud attempts. And third, the British people will be more empowered to recognise, avoid, and report fraud when they encounter it, and better supported when they do fall victim to it.”
The policy document contains over 50 tactics from the government to tackle fraud, including banning SIM farms and exploring the regulation of mass texting and number spoofing. The Home Office is also calling on tech companies to make it easier to report scams as well as driving industry action through the Online Safety Bill.
Last month the Home Office was criticised by parliament’s Public Accounts Committee for making “slow progress” on tackling fraud, and cybersecurity experts across the board are concerned that the strategy has come too late and doesn’t do enough to tackle the issues at hand.
Banning technologies won’t stop fraudsters
As part of the fraud strategy, a consultation has been launched by the Home Office on taking measures to stop criminals from using telephone networks for fraudulent purposes. This includes a proposed ban on SIM farms as well as how to regulate mass texting services and number spoofing.
“The Government will not tolerate the barrage of scam texts and bogus phone calls that are causing misery to so many,” Braverman said. “Many scam text campaigns can be traced to SIM farms, devices that can send thousands of scam texts in seconds. While most frequently used for fraudulent texts, we know that they are widely used by criminal gangs. Today, the Government has published a consultation on banning SIM farms and is also asking what other technologies or devices should be made illegal.”
The Secretary of State also said there would be considerations made for legitimate uses of mass texting services such as restaurant bookings, appointment reminders and delivery updates. But there is “some evidence” that suggests the services are being abused by criminals.
The strategy also puts forward a proposal to ban cold calling on financial products such as fake investments so citizens cannot be “duped”.There is already a ban on this activity for pensions that was made in 2019.
However, Chris Hauk, a consumer privacy advocate at Pixel Privacy, told Tech Monitor that the ban won’t stop fraudsters: “There is an old saying; ‘when guns are outlawed, only outlaws will have guns’,” Hauk says. “Just because you make doing or using something illegal, it doesn’t mean people will stop doing it or using it. This applies to ‘banning’ certain technologies. Bans don’t worry the bad guys.”
Action Fraud will be replaced within a year, says Home Office
As part of the strategy, the Home Office says that Action Fraud – the current reporting system for fraud – will be replaced by a “new state-of-the-art national fraud and cybercrime reporting service.”
The policy paper says that the City of London Police (CoLP), which currently operates Action Fraud, will see investment from the Home Office of over £30m across three years alongside contributions from the City of London Corporation to replace and improve the service.
The existing service is already seeing improvements, according to the strategy paper, to enhance the “victim reporting experience” and the timeliness and quality that cases are sent to police forces across the country for action. The Home Office says that recent improvements have also included the use of automation to increase effectiveness as well as increasing the number of staff in the call centre and the introduction of a chatbot for the website.
The full replacement service is said to be launched within a year, which will include a new portal where victims can get updates on the progress of their reports. The National Fraud Intelligence Bureau (NFIB), which is responsible for assessing victim reports and passing them onto investigators across law enforcement, will have access to new “advanced analytic capabilities” as well as more data to help them work better with industries such as banking.
Government’s Fraud Strategy investment isn’t enough
But Hauk told Tech Monitor that the £30m investment into the government’s proposed new system “amounts to nothing.” He says: “£30m is a rounding error when it comes to government funding.
“This program appears to be more of a public relations effort instead of a real effort to protect users from the bad actors of this world.”
The Home Office will also create a new national fraud squad, with 400 new investigators, which will be led by the National Crime Agency and CoLP. The aim of this squad will be to assist police in tackling fraud – while fraud accounts for 40% of crimes in England and Wales, only 1% of police resources is used to deal with the crimes.
However, it’s unclear whether the new squad is actually new. Dr Rick Muir, director at the Police Foundation, questioned the nature of the squad: “Is this a new organisation or a network of teams across different organisations or a wrapper label for existing capability?,” Muir says. “That requires some clarification.”
The tech industry will have to play its part says Fraud Strategy
Braverman has also said that technology companies will have to play their part in rooting out fraud on social media platforms. As part of the Online Safety Bill, user-to-user platforms will have to put in place systems to prevent fraudulent content from appearing on their websites, which includes scam adverts and fake celebrity endorsements.
The Home Office also says that reporting fraud needs to be easier and confirmed that the government has asked tech companies to adopt a “simple and consistent way” to report: “It should be as simple as possible to report fraud on all platforms – ensuring action is taken and suspect content removed,” the strategy says.
“[The] government have also asked all large tech companies to check that firms advertising financial investments on their platforms are registered with the Financial Conduct Authority. Government, working with regulators, will also publish data on which websites and social media platforms are the safest to use and which ones host the most fraudulent content.”
The strategy will only have a short-term impact
But Carl Wearn, head of threat intelligence analysis and future ops at Mimecast, told Tech Monitor that the problem exists in and outside of the UK and that while regulation is good, it might only help short term.
“Regulation and enforcement can be highly effective when targeted against criminal groups who are located in the UK, or other cooperative jurisdictions, but the real issue is the challenge posed by the very cross-border, multi-jurisdictional nature of this type of offending, and the impact of criminal groups internationally targeting a wide range of countries, including the UK,” said Wearn, who is former Metropolitan Police detective sergeant.
“It is extremely difficult to coordinate an effective response in a single jurisdiction, alone, and without significant cooperation across multiple jurisdictions,” he explains. “Without a continued, concerted pursuit of international, multi-lateral standards of behaviour, regulation, and law, as well as enhanced cooperation between the wide array of independent enforcement agencies, any intervention focussed solely on the UK alone is likely to have a severely short-term, limited impact on what is now increasingly a global cyber-enabled fraud and cybercrime ecosystem.
MP Anthony Browne has been appointed by the Home Secretary as the Prime Minister’s Anti-Fraud Champion. The former chief executive officer for the British Banking Association will help government work with UK and global businesses to ensure all sectors and industries are “playing their part” in tackling fraud.