19 Feb 2008 : Column 1WH

Westminster Hall

Tuesday 19 February 2008

[Miss Anne Begg in the Chair]

Card Cloning

Motion made, and Question proposed, That the sitting be now adjourned.—[Mr. Blizzard.]

9.30 am

Andrew Selous (South-West Bedfordshire) (Con): May I say what a pleasure it is to serve under you this morning, Miss Begg? I had the pleasure of working alongside you in the Work and Pensions Committee in the last Parliament.

I am very grateful to Mr. Speaker for granting me this debate. This important subject does not get the attention that it deserves, and it is extremely distressing and upsetting to our constituents. I speak this morning directly at the request of a number of my constituents who have urged me to bring the issue of thefts from the cloning of debit and credit cards to the attention of the House, the police and the banks and credit card companies—or financial institutions as they are known. I have endeavoured to do that over the past few weeks.

I am particularly grateful to Bedfordshire police for the specific briefing that they have given me on the matter, and I look to the Minister to assure us this morning that the Home Office will hold an urgent and serious review of the current procedures. The procedures are clearly failing and I will try to set out why.

In brief, at the end of November or in early December, a skimming machine was inserted in the credit and debit card machine at a garage in the south of my constituency. Bedfordshire police tell me that, to date, 745 debit and credit cards have had money stolen from them, often on multiple occasions. One credit card may have had five, six, 10 or 12 amounts of money stolen from it. We are not talking about small amounts of money either. Typically, sums of £1,000, £2,000 and £5,000 are taken. I declare a personal interest. My wife had £1,000 stolen in four or five withdrawals from cash points in New York in early January. It was lucky that she checked her bank statement pretty soon after that and realised that something was wrong.

I shall quote briefly from letters from some of my constituents, who are unhappy with the current system for dealing with this serious crime. On many occasions, I have told Bedfordshire police that if 745 purses and wallets had been stolen, mainly in the two villages of Studham and Kensworth, there would probably have been police officers behind almost every hedge trying to catch the culprits. Card crime is no less serious. We are talking about a lot more money than most people have in their purse or wallet. The fact that the money is almost always reimbursed by the financial institutions does not make the theft any less traumatic, difficult and upsetting for the person, or any less of a crime. I object
19 Feb 2008 : Column 2WH
to the fact that the people who have money stolen from them in that way are not described as victims in the legislation.

Financial institutions are described as the victims because they have to reimburse the money, but if someone steals my wallet, I am a victim even if I get the money back later. I do not like that terminology. One police officer said to me, “We don’t report gun crime to the small arms manufacturers. We don’t report alcohol-fuelled violence to the drinks manufacturers.” Yet, in the current system, card crime is reported to the financial institutions. I am not calling for that law to be scrapped because I understand the reasons for it. However, there are serious flaws in the procedure.

My constituents have written to me to say that they are outraged about what is going on. One stated:

A woman from Luton had her card skimmed from another garage close to my constituency. She wrote to me:

In many cases, banks and credit card companies try to reimburse people as quickly as possible, but that does not always happen. Imagine the person who is abroad and reliant on their credit card. Suddenly, because of illegal withdrawals, they go over their credit card limit and their card issuer will not let them take out any more money. They could be completely stuck. What about small businesses which have their accounts frozen and are not able to pay their suppliers? The ramifications of this crime are absolutely huge.

It is interesting to look at the range of countries from which money is being withdrawn. Britain has chip and pin—all credit to UK financial services, we are the most chip and pin compliant country in Europe and possibly the whole world. We are even better than Luxembourg, which is the next best in Europe. However, that does not mean that as UK citizens we are any safer. Highly organised criminal gangs clone the details from the magnetic strips on the back of our credit and debit cards and take our pin numbers through the skimming machines, and money is then withdrawn all over the world. From talking to my constituents and the police, I have found out that money is being withdrawn from the following countries: Malaysia, America, India, Hong Kong, Philippines, Dubai, Australia, Canada, Sri Lanka, Singapore, Germany and Thailand. There was an attempt in Ghana, but it was not successful. Let us pause for a moment and consider the scale of that highly organised, sophisticated criminal operation.

Furthermore, there is the question of the use to which the money is put. I have no evidence, but it has been suggested to me that some of the money may have found its way to the Tamil Tigers in Sri Lanka, to Pakistan and possibly to funding terrorism. It is, therefore, a very serious issue. I am talking about not just theft from our constituents but also the use to which the money is put.

The Fraud Act 2006 is in general a good Act. Much of it is sensible and is welcomed by the police. It simplified things and I am not calling for its repeal, but since 1 April 2007, if someone finds that thousands of pounds have been stolen from their bank account or from their credit card, they can no longer go to the
19 Feb 2008 : Column 3WH
police unless the card has been stolen. In most cases, however, the card has not been stolen; the details have been skimmed and the card has been cloned. One must go to one’s financial institution—bank or credit card company—and it will be up to them to inform the dedicated cheque and plastic crime unit, which will then liaise with local police forces. However, Bedfordshire police tell me that of the 745 debit and credit cards that were cloned, they did not have one single referral back from a bank or a credit card company.

That is where the current system is completely failing. The most serious issue is this: had just one bank been even semi-switched on, perhaps action would have been taken after five or 10 cards had been cloned. Everyone knew locally that one particular garage was involved. Do not ask me how they knew, but everyone said, “It’s that garage that is doing it.” If Bedfordshire police had been alerted, they could have gone in within days. If they had raided the garage immediately, they probably would have seized the skimming machine. They might have mounted a covert operation if they had seen that the skimming machine was there, because such machines need to be in place only for three or four days to capture thousands of details. Then they could have caught the criminals coming back to remove the machine, perhaps to take it to another garage. The police would have had fantastic intelligence and would have been able to question the criminals involved.

I understand from Bedfordshire police that typically a lone employee is in a garage, perhaps late at night. The criminal gang arrives and threatens violence, offers bribes or perhaps both. The criminals say, “We’ll beat you up. We’ll do in your family unless you turn a blind eye. We’re going to put something into the card reader. You keep quiet or you’ll be in trouble.” The machine is there for only a few days and then they remove it. That is how the crime happens.

The current system is failing. The public are not being protected. Bedfordshire police raided the garage to which I have referred, partly because my constituents were not content just to tell their banks and credit card companies; they got on to the police. Prompted by my constituents, I got on to the police as well, but when they eventually raided the garage, two or three weeks ago, it was a classic case of locking the stable door after the horse had bolted. The key point that I want the Minister to do something about is ensuring that information is passed on to local police forces as soon as a pattern emerges, so that the public can be protected. If action had been taken earlier, many hundreds of my constituents and, indeed, other people passing up and down the A5 could have been protected. It is the first duty of Government to protect their citizens from crime, and that is crime by any standard.

It is often said that such activity is victimless crime because people are, by and large, compensated by banks and credit card companies. I refute that suggestion entirely because, as the British Bankers Association said,

19 Feb 2008 : Column 4WH

That is clearly the case. At the very least, the Government are losing out on the corporation tax they could be receiving from the banks, because it is a legitimate expense when they repay customers from bank profits. Banks will recoup that money in the form of higher charges or higher interest rates, just as shops have to do from shoplifting and insurance companies have to do from illegal activities. We all lose out, including the Government, from this crime.

Since the introduction of the Fraud Act 2006, particularly the provisions that took effect from 1 April 2007, people have commented that because the police are not directly informed, card cloning will become a forgotten crime. Derek French, a banking campaigner, has certainly said that. Ross Anderson, the professor of security engineering at Cambridge university’s computer laboratory, is also unhappy about the procedures now that

I also have concerns about the position of fraud as a police priority. There is only one police force in the whole country for which fraud is a paramount consideration, because its police authority insists that should be the case—the City of London police. The view of the British Bankers Association is that fraud is largely “a Cinderella function” for every police force in the country. I do not say that just to score a cheap point. Fraud is not given the priority that it deserves, which is surprising because I am informed by the British Bankers Association that the Home Office’s own assessment of different types of crime

Many of us might be slightly surprised by that prioritisation, but it is apparently the Home Office’s view of the seriousness of fraud in general, of which the cloning of credit and debit cards is a very serious part. As that is the Home Office’s view, people might reasonably assume that one or more of the 147 statutory performance or key diagnostic indicators would relate to fraud or financial crime, but that is not so. Again, I am informed by the British Bankers Association that not one of the statutory performance or key diagnostic indicators relates to fraud or financial crime. I happen to know that only last week the association wrote to the Minister for Security, Counter-Terrorism, Crime and Policing to ask why that was the case.

The police are ranked according to the targets and indicators that they have to meet. They are only human, like everyone else, so if fraud is not one of the priorities put on them, they will put their resources towards the areas on which they are ranked and from which league tables are created to show how well or badly they are doing. If the Home Office says that fraud is the second most serious type of crime, why does it not feature among the priorities? That is a fair question, to which I do not have an answer, so perhaps the Minister can enlighten us when she replies to the debate.

I do not think that we know the scale of this crime, but I found out that, according to the Association for Payment Clearing Services, the incidence of overseas fraud using cloned UK cards rose by 126 per cent. in the first six months of 2007, so it is a fast-growing area of crime—probably limited only by the criminal gangs’ capacity to manufacture or put skimming machines in
19 Feb 2008 : Column 5WH
place. Frankly, it is easy money. I am not aware that the gang to which I referred have been caught up with. They must be laughing their heads off somewhere with suitcases or bank accounts full of money. Given how they acquired it, perhaps they have better systems to ensure that their bank accounts are not skimmed.

There is a loss to the Exchequer—to UK plc—from the activities that I have been describing. I wrote to all four main high street clearing banks last week and one of them, a major one that may hold many of the bank accounts for the 745 cards that Bedfordshire police knew about last week, said that

If the bank was doing that, what did the people at the DCPCU do with the information? Did they just sit on their hands from late November through to the end of January, when enough of my constituents were so fed up that they were almost beating down the doors of Dunstable police station? I was regularly on the phone to acting Chief Superintendent Andrew Street asking him what he was going to do about the crime. I am afraid that the information flow is not working well and something needs to be done about it.

The purpose of the debate is not simply to have an interesting discussion but to bring about change so that something is done. My hope that something really will be done rests in part on a written answer to my hon. Friend the Member for Hornchurch (James Brokenshire), who will speak from the Conservative Front Bench in this debate. The Minister for Security, Counter-Terrorism, Crime and Policing affirmed the Government’s commitment to

I hope that I have demonstrated as reasonably, clearly and logically as possible that the arrangements are not working well. Of course the Government have good intentions; they clearly have no interest in fraud being perpetrated on such a scale. However, I contend that although the Fraud Act 2006 was put on the statute book with the best of intentions, it is failing our constituents in a major way when they could be protected.

Having money stolen from one’s bank account is as bad psychologically as having one’s house broken into. Someone comes into the most personal and private area of another person’s life and takes from them what they use to feed their family, put petrol in their car, put clothes on their family’s backs, pay their mortgage and so on. I want action to follow from the debate, and I hope that when the Minister replies she will assure me that it will happen urgently.

9.51 am

Mr. John Leech (Manchester, Withington) (LD): I did not intend to speak in this debate, but having heard the hon. Member for South-West Bedfordshire (Andrew Selous), I decided to make a few comments. I congratulate the hon. Gentleman on securing a debate on this important issue, which is a problem for all our constituents who have suffered credit or debit card fraud.

19 Feb 2008 : Column 6WH

The hon. Gentleman made a pertinent point when he suggested that we are talking about an invasive crime. When a person is burgled, they know that the crime is over and done with, but people who suffer credit or debit card fraud are never sure what scale of fraud has taken place. A close relative of mine was recently a victim of such a crime, so I know about the impact on individuals.

I want to make some brief points, not about what action the Government can take, but about banks. Banks could do more to assist the victims of credit and debit card fraud, as I know from the comments that were made to the member of my family who was recently a victim. When my relative found out that she was a victim of debit card fraud, she immediately went to the bank and asked it to stop all transactions on her account. She was informed that money was due to go out of her account, but she had certainly not spent it. Although she informed the bank of the fraud before the money actually went out of her account, the bank told her that it had to honour the transaction, because it had taken place.

The bank told my relative that it could not do anything, because its fraud department had to investigate the matter. It said that unless the fraud department was satisfied that the transaction was fraudulent, it could not stop the money going out of her account. In such circumstances, banks should at least delay pre-arranged transactions until their fraud departments have concluded their investigations. Sometimes, members of the public are made to feel that they are in some way responsible for credit and debit card fraud when, in fact, they have done everything possible to ensure that their credit and debit card details are kept secret. In my relative’s case, either somebody in a shop used her details to access her bank account or someone in a shop passed those details to somebody else.

Banks could do an awful lot more to reassure customers and to protect their money. Customers should at least be given the opportunity to stop additional money going out of their accounts while investigations take place.

9.55 am

Lynne Featherstone (Hornsey and Wood Green) (LD): I am grateful for the opportunity to discuss identity theft and fraud, which is a growing concern for everyone. I congratulate the hon. Member for South-West Bedfordshire (Andrew Selous) on securing such an important debate. I know victims of such crimes, and one of the things that most shocked me is that there is no mandatory requirement for the banks to inform the police, as the hon. Gentleman has mentioned. That is complete nonsense when it comes to detecting and convicting for fraud.

Next Section Index Home Page