Policing for the future Contents

3Online fraud


42.The use of internet-enabled smartphones and tablets has increased drastically during the last decade, and data suggests that 86% of people go online “daily or almost daily” in 2018, compared with 35% in 2006.60 Unsurprisingly, this explosion in internet use has been accompanied by an upsurge in online crime, including fraud. Earlier this year, it was reported that victims of online fraud are turning to private investigators, due to dissatisfaction with the police response.61 This chapter explores the police response to fraud, particularly online, including key trends in offending, the role of Action Fraud, the quality of the police response, capacity and structural issues, and the role of industry. Cyber skills and training are crucial issues, but we return to them in Chapter 7, when we consider police technology.

Prevalence and trends

43.The ONS estimates that there were 3.2 million fraud offences in the year ending March 2018, including 1.7 million cyber-related offences (54% of the total). Based on these figures, approximately one in six offences are incidents of online fraud, and fraud (more broadly) is now the most commonly-experienced crime, accounting for 42% of all estimated offences.62 New questions on fraud and computer misuse were only added to the Crime Survey for England and Wales in October 2015, so long-term trends are difficult to assess, although City of London Police (the national lead force on fraud) told us that “Fraud and cyber crime have grown exponentially”,63 and many witnesses referred to this as a significant and growing area of demand.

44.Police-recorded crime figures should be treated with caution due to changes in recording practices, but the police recorded 105,181 fraud offences in the year ending March 2007, compared with 261,943 recorded by Action Fraud in the year ending March 2017 (a 149% increase over the decade).64 Nevertheless, only 13% of incidents of fraud are reported by the victim to either the police or to Action Fraud,65 suggesting either that demand on policing could increase significantly in future, or that victims have little confidence in (or knowledge of) the system.

45.The latest annual fraud indicator estimated that fraud costs the UK £190 billion per year, including £134 million from online banking fraud and £568 million from plastic card fraud. Individual loss can also be substantial: in the year ending March 2017, of the 68% of victims who suffered financial loss from fraud, 37% lost more than £250 and 5% lost £2,500 or more66 £101 million was lost to bank transfer scams in the first six months of 2017, and only a quarter of those funds were returned to the victim.67

Action Fraud

46.Action Fraud is a centralised reporting centre for victims of fraud in England, Wales and Northern Ireland. It is run by the City of London Police, although the contact centre is contracted out, and it works alongside the National Fraud Intelligence Bureau (NFIB). The NFIB assesses and analyses reports to identify patterns, referring viable lines of inquiry to the relevant police force or regional organised crime unit (ROCU).68 Victims of fraud who go to the police are advised to report the crime to Action Fraud, unless there is a ‘call for service’ and the offender is committing or has recently committed the crime at that time, or there is a local suspect. If a victim declines to report the crime to Action Fraud, the police should take full details of the incident and pass them to the NFIB via Action Fraud.69

47.Action Fraud has repeatedly attracted negative press attention, after a series of administrative problems and reports of poor service. It was reportedly forced to apologise to almost 2,500 people in 2013, after their crime reports went missing due to an IT error.70 In 2015, the not-for-profit organisation contracted to run Action Fraud’s contact centre, Broadcasting Support Services, went into administration.71 The US company Concentrix took over the contract in July 2015.72

48.Action Fraud has undergone reform in recent years, with £35 million of government funding spent on improvements to the helpline and website, including a new online reporting tool. Since October 2016, the call centre has been available 24/7 and the Home Office has invested £5.5 million in a new IT system for Action Fraud and the NFIB.73 Nevertheless, The Times reported in May that only cases involving losses of over £100,000 are being passed to a human investigator, with others being “dismissed by a computer algorithm as unworthy of investigation”.74 In August, it was reported that Action Fraud only picks up two-thirds of phone calls, with an average wait of 11 minutes and 8 seconds.75

49.In written evidence, City of London Police suggested that public expectations of Action Fraud are unrealistic. It said that there is “an expectation by some members of the public that most, if not all, frauds should be investigated. Operationally this is not feasible”. The force argued: “The volume of fraud means that investigative resources need to be prioritised towards the most harmful and organised frauds and, where offenders cannot be identified or offenders are based outside the UK, criminal justice outcomes are not always achievable”.76 Giving evidence to us, Temporary Commander Dave Clark, then the national lead officer for online fraud, emphasised that “Action Fraud does not investigate anything. [It] is simply a call centre and an online reporting facility”.77

50.Despite efforts to improve its response to victims of fraud, Action Fraud has irretrievably lost the confidence of the public, and reasonable expectations from victims are not being met. It is sensible to have a centralised reporting facility for fraud, but this must not simply become a way to divert and fob off victims of crime. Most importantly, it must be accompanied by a proper system to investigate crimes and respond to victims, or it will become irrelevant.

The police response to fraud

51.T/Commander Clark told us that a quarter of Action Fraud crime reports (those meeting the Home Office counting rules) are disseminated to local forces, around 14% of which receive “outcomes”.78 Cases are sent to the force where there are relevant lines of inquiry, such as a local bank account, postal address, internet address or telephone number, rather than where the victim is based (if the crime crosses force boundaries).79 T/Commander Clark acknowledged this disconnect can be “very frustrating for the victim”, but said that this is a “very complex area”, and “the best chance of pursuing an investigation is to give it to the organisation or law enforcement agency where the offender is based”.80

52.T/Commander Clark argued that “pursuit is not always the best option” in this area of criminality; and highlighted that, in 170,000 cases in 2017, “disruption was seen as the best form of action over investigation” due to “all kinds of difficulties”. This might include central disruption by removal of a website, seizure of money in a bank account, or disablement of telephone lines, for example.81 Overseas offenders account for a substantial proportion of offences, with approximately 14,000 criminals identified outside the UK in 2017.82 Organised criminal groups also play a prominent role: last year, for example, Europol disrupted a group which stole more than 8 million euros from over 130,000 payment card holders in 29 EU countries.83

Criticism of the police response

53.A series of reports have been highly critical of the police response to online fraud. A 2015 study of digital crime by HMIC, covering six out of the 43 forces, found “very few police officers and staff who understood either their own roles and responsibilities or those of their force in relation to the investigation of fraud.” HMIC found a particularly poor level of knowledge, at all ranks, of the functions of Action Fraud and the NFIB. It also criticised an “absence of strategic leadership and direction” on digital crime in all but one of the forces examined.84 One chief officer told the inspectorate that chief constables considered that they had: “given [fraud] in its entirety to Action Fraud”.85 In June 2017, the NAO found that forces had different approaches to reporting and recording fraud, that they lacked “performance information” about reporting and investigating fraud, and that poor advice was being provided to victims. The Public Accounts Committee (PAC) subsequently said that the Home Office “must prioritise efforts to improve the collection and reporting of data on fraud”, and called for the department to work with the City of London Police to establish “opportunities to identify, develop and share good practice in a more systematic way”.86

54.As well as passing on lines of enquiry to the relevant force, the NFIB sends them the details of all local victims on a monthly basis. HMIC found that few officers were aware that this data existed or, if they were aware, “they did not use them for any beneficial purpose”. It also found “little evidence of effective care for fraud victims generally”.87 T/Commander Clark told us that an “Economic Crime Victim Care Unit” has been piloted in London and was due to be launched in Greater Manchester and the West Midlands during 2018, but he conceded that “volume has outstripped any [ … ] implementation” of HMIC’s recommendations about victim support.88

55.Witnesses highlighted resourcing and funding issues as a significant challenge. T/Commander Clark told us that “the sustainability of funding is really important to effect strategy and make a difference in online fraud investigation, and one-year allocation of budgets does not help”. In the face of a 30% increase in demand in this area, he said that his force had experienced a 5% funding reduction in real terms over the previous three years.89 In follow-up written evidence, he called for “more investment in technology across the criminal justice system to deal with the large volumes of digital evidence”, stating that “City of London Police has over 70 million pages of evidence linked to 700 ongoing investigations for scheduling and disclosure”.90 Detective Superintendent Nicky Porter, from the Financial Investigations Unit at Greater Manchester Police, said:

There are real challenges of resourcing. We cannot continue the way that we are operating around investigating fraud. What we will do is create a fertile area for more criminals to diversify into because the chances of being caught are slim unless it hits certain specific criteria.91

56.Last year, it was announced that a new National Economic Crime Centre would be created within the NCA. The NECC will “plan, task and coordinate operational responses across agencies”, “bringing together the UK’s capabilities to tackle economic crime more effectively”.92 It is reportedly due to commence work on 31 October.93 T/Commander Clark said that this would result in “a more coordinated collective response across national law enforcement agencies”, improving prioritisation, tasking and coordination and facilitating “more efficient use of resources”—but he added that it “will not address the fundamental lack of capacity across the system”.94 The Director General of the NCA, Lynne Owens, reportedly told The Sunday Times in January that the banking and insurance industries should channel some of their profits into the new Centre.95

Case outcomes

57.Action Fraud received over 23,000 crime reports per month, on average, during 2016/17; in the same reporting year, 71,133 cases were disseminated to forces, and there were 37,632 “Home Office outcomes”–this includes judicial (8,214) and non-judicial (29,245) outcomes. The latter category can include failure to identify a suspect and a determination that prosecution would not be in the public interest, among other outcomes. These figures suggest that little more than one in five (22%) recorded outcomes involved charges or summons, and that as little as 3% of cases reported to Action Fraud may result in charges or summons.96 Current recording methods do not, however, generate figures on the proportion of all Action Fraud reports that result in a criminal justice outcome (or otherwise)—rather they provide a snapshot of all reports and outcomes during a specified reporting year.

58.There is significant variation between forces in the number of fraud outcomes relative to the number of NFIB referrals. In the year ending March 2017, for example, Devon & Cornwall received 1,055 referrals from the NFIB but recorded just one judicial outcome, along with 33 non-judicial outcomes. In contrast, West Mercia police received 388 referrals but recorded 288 judicial outcomes and 274 non-judicial outcomes. In theory, any investigation should result in an outcome, suggesting that in many forces, a substantial proportion of fraud offences are not being investigated (or they are not recording outcomes accurately). Detective Superintendent Nicky Porter told us that Greater Manchester Police investigated just 4% of the disseminations that it received from Action Fraud last year.97

59.A report published by the Home Office in June examined the causes of attrition in fraud and cybercrime cases. It concluded that a number of factors contributed to cases being dropped after referral to forces, including confusion in police forces about who is responsible for investigating these crimes; the sheer number of cases disseminated, “and the risk that there are so many crimes they are unmanageable for forces”; a lack of recording of non-judicial outcomes; and a lack of clarity regarding inter-force cooperation, when cases cross force boundaries.98

60.The proportion of fraud cases being investigated is shockingly low, in the context of 1.7 million offences per year and substantial costs to the UK economy, as well as to individual victims. Our findings indicate that, although multiple cases may relate to a single charge, as little as 3% of cases reported to Action Fraud may result in charges or summons. Of the 1.7 million offences committed annually, it appears highly unlikely that more than one in 200 victims ever sees their perpetrator convicted. Given the paltry number of justice outcomes, it is no surprise that so few fraud victims report their experience to the police or Action Fraud. While we recognise that many offences are committed overseas, it is nevertheless clear to us that the Government has failed to get a grip on this problem, and that major changes are needed to the way in which fraud is reported, investigated and prevented. We commend the City of London Police for its leadership, but one under-resourced police force, facing the same budget pressures as every other force, does not have the capacity or the leverage to introduce the sort of drastic improvements needed at a national and regional level.

61.There is a lack of transparency in the way that fraud statistics are published. At present, two sets of records are available: recorded crime figures and outcomes, with no way of linking the two. The Office for National Statistics and other agencies should take immediate steps to ensure that figures can be published on the proportion of online fraud offences resulting in justice outcomes, and the proportion for which no suspect is charged.

Structural issues

62.The evidence we received suggested that there are significant structural problems surrounding the police response to fraud. City of London Police highlighted issues arising from the “dislocation” between nationally-reported fraud and the location of offenders and victims, with the result that “victims’ home forces are not always taking responsibility for safeguarding victims and monitoring changes to their circumstances”. Echoing HMIC’s 2015 findings, the force said that it is “apparent that not all forces identify the significant life changing impact” that fraud can have on individuals and businesses, and it argued that victim support services should be coordinated nationally and supported by a local response.99

63.Detective Superintendent Porter said that the regional response (the regional organised crime unit, or ROCU) in Manchester, is a “very small team, so they can become overwhelmed with large cases very quickly”. She agreed that a restructure was needed, telling us that there is currently a “postcode lottery”, and that crimes such as murder and sexual exploitation inevitably take priority when devices need examining:

When we are looking at examining computers and phones locally, that is also against our colleagues who are investigating murders, sexual exploitation. In terms of threat, risk and harm, fraud is then put to the bottom of the list of priorities. Having a national service with some regional hub-and-spoke models would feel like we could gain some capacity.100

64.T/Commander Clark also argued that changes were required:

[ … ] there has to be a national standardised approach, specifically in reporting, recording and accountability, with a national investigation capability that takes on the most impacting economic crimes that affect the wellbeing and infrastructure of this country [ … ] I would have regional investigations as the main structure in this space, with the local services providing essentially victim care and local policing responsibilities whereby victim, offender and location are in the same place.101

65.The Policing Minister conceded that “we are nowhere near where we need to be on this issue”. When he spoke to “every single police chief” last year and asked them which victims of crime “get the worst deal” from the police, he said they “invariably” say victims of online fraud and cybercrime. He also told us that the Security Minister, Ben Wallace MP, is “very clear in his mind” that “capabilities need to be aligned more intelligently between national, regional and local” structures.102

66.The police response to fraud is in desperate need of a fundamental overhaul, and we welcome Government ministers’ recognition that the current system is not fit for purpose. There remains a clear requirement for a national reporting and analysis centre, but the current system of tasking and undertaking investigations needs to be overhauled, and standards of victim support are often extremely poor. The Government must show leadership in this area, working with the City of London Police, the NPCC, the National Economic Crime Centre within the NCA and other key stakeholders to implement a ‘hub and spoke’ structure for fraud investigation and victim support, with all investigations undertaken at a national or regional level.

67.This must be accompanied by proper resources and enhanced capabilities: the level of regional resource in this area is not commensurate with the threat or the cost to the economy of this growing form of crime. We return to the wider issue of police funding in Chapter 6. However, given that much online fraud takes place on platforms provided by extremely profitable global tech giants, or exploits weaknesses in the security of private sector companies, it is reasonable to expect the private sector to contribute to the funding of policing and safety online. Likewise, banks, credit card companies and insurance companies have a lot to lose from the continued escalation of this form of crime, so they too have a considerable interest in contributing to the policing of online fraud.

68.Not enough is being done to identify and support vulnerable victims of fraud. This is compounded by pressures on Trading Standards offices. With investigative resources and capabilities focused at a national and regional level, forces should be given the space to focus predominantly on victim support, based on intelligence from Action Fraud. When reporting a crime to Action Fraud, victims should be asked a series of questions to assess their levels of vulnerability and their need for follow-up support. This information should be disseminated to forces immediately, so that neighbourhood officers or PCSOs can respond accordingly, with timely and tailored support.

The Joint Fraud Taskforce

69.The Joint Fraud Taskforce is a Home Office-led initiative which aims to prevent individuals and organisations from becoming victims of fraud, change consumer behaviour through communication (such as the ‘Take Five’ campaign), and protect the UK by making it a hostile environment for fraud. In addition to Government, its membership includes the City of London Police, the NCA, Trading Standards, Cifas, UK Finance and individual banks. The NAO said in June 2017 that the Taskforce had “no clear success measures for its initiatives”, and that there was no public information on its progress to date.103 Which? said last October that it was concerned about the “lack of transparency both in terms of what the taskforce is working on, but also importantly what progress it has made to date”.104 In the same month, the Taskforce began publishing information online, shortly before Sir Philip Rutman, the Home Office’s Permanent Secretary, gave evidence to the PAC.105 Nevertheless, Richard Piggin from Which? told us in January that he would “like to see an action plan of what the taskforce is doing, what its objectives are, what its priorities are and [ … ] what progress it is making against those”, in a “regular report”.106

70.Minutes from the Taskforce Management Board’s June 2018 meeting refer to an independent review of its work, which had concluded that it had “huge potential”, but that “certain aspects of the Taskforce needed strengthening”. It was agreed that a “focussed blitz” would take place in July, to “work up proposals for JFT [Joint Fraud Taskforce] 2.0” based on the review findings. It was agreed that “all constituent parts of the Taskforce had to be accountable for delivery”.107 In its response to the Public Accounts Committee’s report, published in March, the Government said that it would publish an annual report setting out the objectives and achievements of the Taskforce by summer 2018, and thereafter every 12 months. At the time of writing, this had not yet been published.

71.The Joint Fraud Taskforce is a welcome initiative, but it has little to show for two and a half years of work and at the moment we are not sure what the point of it is, in practice. We agree with Which? that more transparency is needed, including a clear action plan and ownership of key tasks, regular reports on progress against that plan, and measurements of success in key areas, including public awareness campaigns. It is disappointing that the first annual report, promised for summer 2018, has not yet appeared. By the end of November, the Government should also publish the recent independent review of the Taskforce, which is referred to in the minutes of the June Management Board meeting, along with an action plan to address the weaknesses identified in that review.

The role of industry

72.Although our focus was on the police and Government response to online fraud, witnesses also called for industry to do more to protect consumers and cooperate with law enforcement efforts. City of London Police said that banks and other companies hold 90% of fraud and cyber-crime data, and the law enforcement sector would benefit from this information, but the sector demands “legal indemnities and protections” for providing it.108 T/Commander Clark told us that a central register of bank accounts would speed up fraud investigations, because officers “would not have to rely on banks coming two weeks later to answer [ … ] We would be able to look at the central bank register for accounts and we would be able to identify where the suspect account is”. He made a further suggestion for the banking industry:

I would publish the suspect accounts that are made available to the national reporting centre for fraud. If a bank account is made available, or is 10 times, for example, across those 600,000 contacts, I would publish it. It will make the banks take action, it will mean that there is a warning list for citizens to check against and it will mean that action is taken.109

73.Similarly, some commentators have suggested that a ‘naming and shaming’ approach to banks would force them to take more action in response to online fraud. Academic witnesses giving oral evidence to the previous Committee last year drew parallels with steps previously taken by car manufacturers to improve security and reduce car theft, after the Home Office began publishing figures showing the number of car thefts by manufacturer. This was credited with contributing to a drastic reduction in vehicle thefts.110 UK Finance has argued that the publication of banks’ fraud statistics could result in exploitation by fraudsters, and would not reflect the fact that online fraud can occur because of “vulnerabilities or choices in other sectors, such as a retailer choosing not to use two-step verification for a card payment”.111

74.The Public Accounts Committee recommended last December that the Home Office should set out minimum standards for banks to follow on preventing online fraud and protecting customers, and require them to report to the Government on their performance. The Committee also called on the Department to “press the banking industry to make relative online fraud vulnerability performance data publicly available”, and said that it “expects the Department to provide a plan for publication of this data by Spring 2018”. In its response, the Government said that it would start collecting performance on fraud losses to report to the Financial Conduct Authority (FCA) from January 2018. It stated that “there may be risks and unintended consequences with publishing some fraud performance data”, and committed to working with JFT partners “to determine how to avoid these issues”.112

75.Banks were not the only organisations singled out by witnesses. T/Commander Clark told us that more companies need to be “secure by design”, criticising those that store millions of customers’ personal details “on a cost-over-security basis in a third-world country that has lower demands and standards placed upon it”.113 Richard Piggin from Which? also told us that telecommunications companies need to do more to prevent text scams, in which messages appear to come from banks, but are actually sent by fraudsters. He said that there are “opportunities for telecoms companies to work with banks and others to tackle the systemic vulnerabilities that are in these systems, which could do a lot to prevent fraud from happening in the first place”.114

76.The private sector could do much more to reduce the demand on policing from online fraud. This problem can only be addressed effectively with a whole-system approach, including by regulatory reform, if necessary, to force companies to be ‘secure by design’. Key private sector companies—those whose customers create the most substantial workload for the police and NCA—should also employ analysts internally to facilitate evidence-gathering by law enforcement agencies. If industry partners will not do so voluntarily, the Government should consider imposing statutory requirements on companies to cooperate with law enforcement agencies.

77.We agree with the Public Accounts Committee that data should be available on banks’ relative performance in preventing and responding to fraud, including online fraud. The key counter-argument—that this could expose vulnerabilities that could be exploited by criminals—could equally have applied to the publication of statistics on car thefts by manufacturer, which had a significant impact on the incidence of vehicle theft. Consumers have the right to choose their banking provider based on the full knowledge of the risks they may be taking with their finances. Greater transparency may provide the commercial impetus required to ensure that industry does more to tackle this problem at source, and reduce demand on an overstretched police service.

62 ONS, Crime in England and Wales: year ending March 2018, 19 July 2018

63 City of London Police (PFF0065)

65 ONS, Crime in England and Wales: year ending March 2018, 19 July 2018

66 ONS, Crime in England and Wales: Additional tables on Fraud and Cybercrime, Year ending March 2017

67 ONS, Overview of fraud and computer misuse statistics for England and Wales, 25 January 2018

68 Action Fraud website, What is Action Fraud? Accessed 5 September 2018

69 Home Office Counting Rules for Fraud, with effect from April 2018

73 HM Treasury, Government response to the Committee of Public Accounts on the Fourth to the Eleventh reports from Session 2017–19 (Cm 9575), March 2018

76 City of London Police (PFF0065)

79 Home Office Counting Rules for Fraud, with effect from April 2018

86 Public Accounts Committee, The growing threat of online fraud, 27 November 2017

90 T/Commander David Clark, National Coordinator for Economic Crime, City of London Police (PFF0003)

92 NCA news item, National Economic Crime Centre announced, 11 December 2017

94 T/Commander David Clark, National Coordinator for Economic Crime, City of London Police (PFF0003)

96 T/Commander David Clark, National Coordinator for Economic Crime, City of London Police (PFF0003)

98 Home Office, The scale and drivers of attrition in reported fraud and cyber crime (Research Report 97), June 2018

99 City of London Police (PFF0065)

103 National Audit Office, Online fraud (HC 45), 30 June 2017

105 Home Office website, Joint Fraud Taskforce, accessed 5 September 2018

107 Joint Fraud Taskforce Management Board, Minutes of meeting held 20 June 2018

108 City of London Police (PFF0065)

110 Oral evidence taken on 29 March 2017, Q12

112 HM Treasury, Government response to the Committee of Public Accounts on the Fourth to the Eleventh reports from Session 2017–19 (Cm 9575), March 2018

Published: 25 October 2018