| Previous Section | Index | Home Page |
19 Feb 2008 : Column 6WH—continued
We could be forgiven for thinking that because sophisticated anti-fraud card technology has become commonplace, card theft will become a thing of the past. However, the truth is that every time the industry makes a move, criminals become equally innovative in the pursuit of a circumvention of the systems, in particular regarding their ability to clone cards, as the hon. Gentleman has described. However, we should never lose sight of the potentially devastating effect of becoming a victim of credit card fraud. It appears that victims are increasingly in a David and Goliath fight with the banks to get back what has been stolen. In the good old days, banks and
institutions automatically reimbursed people, but it is becoming more of a fight as we move towards a cashless society.
I was shocked to find—perhaps I should not have been surprised—that there are more debit cards in circulation than people. In the last quarter, more than £91 billion was spent on plastic card purchases, which puts the matter in perspective and shows the honeypot that attracts the criminal fraternity.
Cards have huge benefits for retailers, because they entail handling less cash and reduced staff fraud. Consumers also benefit—I am sure that we can all find a card or two in our purses. The chip and pin system has been tremendously successful in reducing fraud in shops. Bank costs have fallen from £218 million in 2004 to £72 million in 2006, which is quite an achievement. The system required significant investment from the banking industry, but as returns on investments go, I am sure that they are making their money back.
Mr. Leech: The problem with improving security is that people become less concerned about checking whether they are the victims of fraud. They are lulled into a false sense of security and believe that their details are secure. We need to return to a situation in which people check their statements every single month and are far more careful. People used to be like that, but these days they are lulled into a false sense of security because the system is allegedly safe.
Lynne Featherstone: My hon. Friend is right that everyone should take personal responsibility for checking their bank statements and not relax into thinking that everything will automatically be okay.
The banks should not use the security of the chip and pin system as an excuse to reverse one of the fundamental principles of the banking code, which underpins consumer confidence in the plastic card industry. Without customer confidence, the whole house of cards would fall and the system would no longer work. The principle is that the onus is on the banks to prove that a card has been used fraudulently before they can refuse to reimburse a transaction, and the evidence shows that it is coming under attack.
The banks may say that they have invested zillions—or billions or whatever—in chip and pin technology. They may be more reluctant to refund money, because they feel that that investment has made the system relatively secure, but there are two problems. First, credit card fraud has not disappeared with the advent of chip and pin. Secondly, the havoc and hardship to which customers are potentially exposed if they are victim to fraud is totally unacceptable.
The recent increase in disputed payments has ended up with the Financial Ombudsman Service, which is a real indication of a worrying trend. It is not automatic for such transactions to be reimbursed automatically, and there is a quite a time lag. Reports indicate that the service is now dealing with between 20 and 30 cases a week, and, as is the case with any ombudsman service, that is likely to be only the tip of the iceberg. As the hon. Member for South-West Bedfordshire has pointed out, the harsh reality is that many people can ill afford to be without the considerable sums involved.
Andrew Selous: Before the hon. Lady leaves the subject of the security checks that the banks have in place, one of my constituents told me how surprised he was to find that money had been withdrawn on the same day in Malaysia and Canada from the same credit card account. The bank did not pick up on that. The system is so automated that checking systems do not seem to be in place, otherwise the bank would have realised that it is a physical impossibility to fly from Canada to Malaysia on the same day.
Lynne Featherstone: I thank the hon. Gentleman for that intervention. I am reminded that my bank called me recently to check on some strange movements in my account, which were all done by me on the same day. The banks are obviously working on the problem, but they have not got their ducks in a row when it comes to realising that it is pretty difficult to withdraw money on two different sides of the world on the same day.
If there is an increase in disputes about reimbursement and a time lag in the return of the money, people will suffer hardship if they are caught up in credit card fraud. Government policies include encouraging pensioners to have a bank account, so that payments can be made directly to the bank and so pensioners no longer need to use the post office. How will someone living on a state pension cope, perhaps on £83 a week, if money goes missing from their bank account for a few months? They may have to go through a protracted battle with the bank.
Hon. Members are capable of having a good stand-up row with the bank, and we all know how difficult it is when one is passed from pillar to post while finding someone who knows what they are talking about. It must be much more difficult for those who are more vulnerable, when sorting out such a mess creates havoc for the most able. Such a situation could be disastrous, possibly forcing people into emergency debt, if they do not know how to handle things. At my surgery, recently widowed pensioners who have never dealt with money before ask for my help. How are they to cope with that sort of problem?
The answer is not always to legislate. As a Liberal Democrat, I do not always jump to regulation as the first option. I obviously prefer to talk it out, but if banks persist in pushing the burden of proof on to the customer, there will be no alternative to regulators taking a tougher line in order to ensure that the police are informed by the banks or financial institutions. The presumption of innocence is a cornerstone of British justice, but if the banks want to continue to rely on British justice when it suits them—protecting their interests in court over fraud problems—they must continue to have faith in their customers.
Andrew Selous: Has the hon. Lady considered the position of the Financial Services Authority? I received this letter from the FSA last week:
“We require all regulated firms to have systems and controls to protect themselves and their customers from financial crime, whether committed by staff, customers or others. We monitor the effectiveness of these controls and we take action, including enforcement action, where we find that firms’ controls have fallen seriously short.”
Does the hon. Lady believe that the FSA should be looking into that, to ensure that those controls are more robust?
Lynne Featherstone: I believe that the FSA should take a tighter view. To be fair, the crime has been zooming up at every stage and at every move and countermove, but it is now time to ensure that what is in place works or to put things in place that will work if there are failures in the system, which there clearly are.
I wish to consider the future of credit card fraud and efforts to foil those who use cloning technology. Figures show that a significant proportion of such fraud is now online. Indeed, online banking losses due to fraud have increased by 44 per cent. from £23.2 million in 2005 to £33.5 million last year. That is easy pickings for would-be online fraudsters. In a virtual world, it is possible completely to bypass the complexity of replicating chip and pin technology—put a reader in place, get your hands on stolen card details and you’re away. Only yesterday in Hornsey and Wood Green, a cupboard filled with people’s personal data was found in an old housing benefits office. The papers had been dumped by the council when the staff moved out, and squatters reported the matter to The Sun. Details are not always entirely safe, and bank details such as those found in that pile of papers yesterday are enough to make a start.
It is already possible to get plug-in chip readers for personal computers, and it will become easier to do so. It will not be long before the online industry works out how to use personal physical identification—the Government have gone down that road with identity cards and passports. I could go to Tottenham Court road today and buy a laptop computer complete with a fingerprint reader. It does not take a great leap of the imagination to envisage how the industry might turn its mind to the verification of who is using a computer and who is ordering. That might play an important part in helping to authenticate online transactions.
I am a Liberal Democrat—we are nothing if not persistent—and we are averse to automatic biometric database systems. I throw into the pot the fear that such hugely sensitive information can be accidentally lost, whether the situation is similar to that in Haringey yesterday, whether a laptop is stolen from a bank employee’s car or whether a data disc turns up in a dumpster. If people are worried about receiving a letter from the bank stating that their banking details had been lost, how would they feel if they received a letter saying that their fingerprints, their iris scan or another physical record—details that are theirs for life—has been mislaid?
Before banks contemplate going down that route, they should give a cast iron guarantee that such monumental data breaches are physically impossible—as we were promised with other data. That is where we could go in an effort to stop fraud. Frankly, I find it incomprehensible that such a large amount of data can be physically downloaded from a computer system on to a disc and taken out of a building. In my view, that should be impossible.
Finally, I would like to consider what the state can do to help banks fight that crime. As the hon. Gentleman has said, we are discussing an international racket supported by organised crime. We welcome the moves to make reporting of the crime easier for the victim, but I have not found much evidence that the Government are responding to an international problem with an international solution. I would welcome some comments from the Minister about what the Government are doing to co-ordinate their response with European police
forces. We cannot treat this issue in a silo, because such treatment would ultimately lead to failure as organised criminals pay scant regard to borders and pick off police forces one by one. Some parts of the Lisbon treaty, which is going through now, address some of those issues, but I would welcome the Minister’s comments about what she feels can be done specifically to deal with that crime, which, as we have heard, leaps around the world with such ease and causes such grief for its victims.
10.11 am
James Brokenshire (Hornchurch) (Con): May I congratulate my hon. Friend the Member for South-West Bedfordshire (Andrew Selous) on securing this morning’s debate on what is a very serious and growing issue, and one that affects all our constituents? I can think of a particular case in my constituency in which a petrol station was subject to a skimming attack. Many of my constituents were defrauded and that fraud had a major impact on them. We can look at individual cases. As my hon. Friend said, in one case the details of 745 individual cards were taken from just one outlet. That example highlights how quickly this crime can be carried out and the number of people who can be involved.
My hon. Friend was absolutely right to state clearly that this is not a victimless crime: neither for the individuals concerned nor for the financial institutions that seem ready to bear some significant losses arising from the fraud perpetrated through the skimming and cloning of cards. There is also the direct and personal impact on individual victims of credit card fraud or any other kind of financial fraud. It can be quite traumatic for many people and it dents and knocks their confidence in terms of their willingness either to use their credit card or to engage in other financial transactions.
The hon. Member for Manchester, Withington (Mr. Leech) highlighted an individual case involving his relative. In many ways, he put this crime into a physical context, demonstrating the impact that this type of fraud can have. The person involved has a sense of their security or safety being invaded or breached, especially as they do not expect to become a victim. So it is perhaps even more shocking when they do become a victim, because the fraud comes out of the blue, when they are least expecting something like that to happen.
The hon. Member for Hornsey and Wood Green (Lynne Featherstone) was right to make the point that things are moving quickly in relation to this crime. Innovation among criminals presents a growing and changing threat. The banks, Government and law enforcement agencies must be equally fast-moving and reactive in examining criminals’ changing patterns of behaviour, and in considering how best we can confront the organised criminal gangs that perpetrate such offences and use the funds obtained for various unsavoury purposes.
APACS, the Association for Payment Clearing Services, is the trade body for the banks and financial institutions, and its figures indicate that the use of counterfeit cards is a growing trend. For the first six months of 2007, plastic card fraud losses as a whole rose by 26 per cent. to £263.6 million. Of that figure, counterfeiting losses, of which skimming forms a part, amounted to £72.3 million, which was a rise of 37 per cent. Given that
counterfeiting losses for the whole of 2006 were less than £100 million, we can safely say that the 2007 figures to be released next month will show a significant increase in the losses that have occurred due to the skimming, cloning and counterfeiting of cards and of the metallic strip, which is then put on the back of a number of these fraudulent cards that are subsequently used overseas.
APACS describes the operation of this counterfeiting process quite clearly:
“Most of this fraud involves skimming, whereby a card’s magnetic stripe data (on the back of the card) is electronically copied by a criminal. Fraudsters often skim cards by using a device that is fitted to a cash machine or a PIN pad. This data is then transferred onto a fake magnetic stripe card. A counterfeit magnetic stripe card can potentially be used in any UK or overseas shop that hasn’t upgraded to chip and PIN or at an overseas cash machine that hasn’t been upgraded to chip and PIN - although to use a fake card at a foreign cash machine a criminal will also need to have obtained the card’s PIN by separate means.”
I suppose that that explains how the advent of chip and pin and the use of other technology has provided an element of protection, but we cannot be complacent about this crime, given that criminals will use technology and other means to get round the chip and pin mechanism and to try to obtain details of the pin numbers. Such numbers can be obtained by various means.
In discussing this issue, we must look at it in its wider context; by that, I mean the overall cost of financial fraud, including banking and credit card fraud. A report for the Association of Chief Police Officers’ economic crime portfolio in February 2007 tried for the first time to demonstrate the total cost of financial fraud, of which this type of credit card fraud forms a part, to the UK economy. That report came up with the staggering figure of £13.9 billion in 2005—including the cost of having to deal with financial fraud—of which fraud against private individuals amounted to £2.75 billion. Those are huge numbers and they demonstrate the real cost of fraud and the fact that it is certainly not a victimless crime. Furthermore, it shows the impact that fraud has on our economy, if this level of finance is getting into the hands of organised criminal gangs.
Credit card fraud is part of a wider picture of financial fraud. We might be talking this morning about counterfeit card fraud, skimming and cloning, but that fraud links into the selling of details abroad, using the internet and other technology that is now available. It also links into identity fraud, with the matching of information, such as matching credit card details with other personal information, and how that information is then combined to commit other frauds. Furthermore, once individuals have been identified by fraudsters, they can be targeted time after time.
Also, with the advent of mass e-mailing, phishing e-mails and spam have been used to try to attract people either to some sort of direct fraud or to attract them to visit another website, where they can input their pin number and other information. If fraudsters can identify an individual and match their personal information with the information that has been skimmed off a credit card, it is easy to see how that combined information can be used to perpetrate perhaps even more convincing
frauds. Therefore, this crime needs to be focused on clearly, because it is developing very quickly.
My hon. Friend made the point about the use to which these fraudulently obtained funds are being put. Increasingly, questions are being asked about whether such funds are going not only to those involved in organised criminal activity—sophisticated, international, organised gangs—but to those involved in terrorist activities. That is why it is so important that, for our own safety and security, we do all that we can to counteract this very serious criminal activity.
My hon. Friend talked in detail about the changes to the reporting of financial fraud that were introduced last April, since when I have been concerned about not only their practical impact, to which I shall return, but the message that they send. If an individual cannot report financial fraud to the police, that sends the very damaging message that it is not an important priority; indeed, it almost sends the message to criminal gangs that we are not bothered about financial fraud.
Therefore, I remain critical of the way in which the changes were introduced. It was suggested that the aim was to reduce the bureaucracy involved in fraud recording and to streamline the reporting, recording and investigation of fraud. However, nothing happened in the case highlighted by my hon. Friend, in which 745 individual cards were, effectively, stolen after their details were obtained. That highlights a real failure in the system, which is not even operating in the way that was intended or meeting the goals that were set for it in terms of recording and reporting financial fraud.
Last summer, I put several questions to the Government about the manner in which the new arrangement was to operate. In response, the Minister for Security, Counter-Terrorism, Crime and Policing stated:
“From 1 April 2007 each police force now has a single point of contact...that has been set up to receive reports of cheque and plastic card crime direct from financial institutions. It is a matter for the financial institutions which crimes they decide to refer to the police for recording. It is then a matter for individual chief officers to decide which crimes will be investigated.”—[Official Report, 2 July 2007; Vol. 922, c. 462W.]
The system almost has two limbs: there is the question of whether financial institutions report fraud to the police, and whether the police do anything about it. From the individual case highlighted by my hon. Friend, it seems that the system is falling down on two levels, because there are questions about whether any of the incidents are properly reported to the police and—even when they are—whether anything is done about them.
It is almost as if a double inertia has been created in the system, which masks the true extent of what is going on. Although we have the figures provided by APACS, the association admits that banks and financial institutions have no common standards governing the reporting of data to the centre or, indeed, whether to report it at all. That raises significant concerns because financial institutions almost have an incentive not to report. There is a fear that they do not want to show the true scale and nature of the problem, and nothing actively encourages them to do so.
| Next Section | Index | Home Page |