Select Committee on Science and Technology Minutes of Evidence

Examination of Witnesses (Questions 793 - 799)



  Q793  Chairman: We are being broadcast and televised. Thank you very much, Ministers, for coming to help us in this inquiry, and Mr Smith and your colleague. We are fairly well into this inquiry into Personal Internet Security now, as you might be aware, so we appreciate it very much that you are coming to talk to us now and can answer some of our questions. Would you like to proceed by first of all introducing yourselves and then, if you wish, making an opening statement, or we can go straight into questions? Perhaps we could start with Mr Smith first.

  Mr Smith: Thank you, Chairman. I am Geoff Smith, Deputy Director of Communications Policy in the Department of Trade and Industry.

  Margaret Hodge: I am Margaret Hodge and I have ministerial responsibility in the DTI.

  Mr Coaker: Good afternoon, Chairman. My name is Vernon Coaker and I am the Home Office minister with responsibility in this area.

  Mr Webb: Good afternoon. Stephen Webb, Head of the Organised and Financial Crime Unit in the Home Office.

  Margaret Hodge: The position is that we have not got an opening statement because we thought you would like to use the time to quiz us.

  Q794  Chairman: Yes, we do have quite a long list of questions. I appreciate that. Let me go straight into the questions then. What is your estimate of the direct and indirect cost of Internet-related crime to the UK economy?

  Mr Coaker: Chairman, I thought I would start with answering that question and I hope the Committee will bear with me because I thought it would be helpful if I lay out the statistics we have got. I thought it might be useful for the Committee's information to look at the actual statistics we have got at the present time. Could I just say that the police figures do not actually record the medium used to perpetrate the crime, only the offence committee, therefore online fraud will actually be recorded as fraud. I think that is just a statement to make in the first instance. In terms of direct losses, the most reliable figures we have got at the present time are from the 2003/4 British Crime Survey which we actually published in April 2006, which showed 27% of households with Internet access reported that their computers had been affected by a virus and a third of those reported that the virus had damaged their computer. Two per cent of households with Internet access reported that someone had accessed or hacked into files on their home computer in the previous 12 months. According to APACS, £154.5 million in card fraud losses took place over the Internet during 2006, and that figure is actually an increase of 32% from 2005, where the losses were £117 million. With respect to online banking fraud, in 2006 the losses were £33.5 million, which is an increase of 44% from 2005, where the figure was £23.2 million. Much of the increase has been driven by the increase in phishing incidents and if I tell you, you can actually see the increase. In 2005 the figure was actually 1,713 and that had risen last year to 14,156. Online banking fraud losses are smaller compared with plastic card fraud losses, which are as a whole £428 million, but as I say that is a considerable figure as well. I thought it would be of interest to the Committee as well to lay the statistics on the Chairman. APACS pointed out in the second half of the year enhancements to fraud prevention systems used by the banks to detect fraud actually were reflected in the figures, in that losses were greater in the first half of the year, at £22.5 million, than they were in the second half of the year, at £11 million, where the enhanced fraud prevention measures were put in place. I think that again, to be helpful to the Committee, shows the importance of the implementation of these measures and the effect and impact that can actually have when it comes to the prevention of crime. The latest research shows in the first half of 2006 16.9 million people used the Internet banking services in the UK. The last statistical point, again trying to be helpful Chairman, is that the Office of Fair Trading estimated Internet dialler scams and Internet matrix scams cost the public a total of £70 million each year, but if we actually looked at scams where using the Internet plays only a part, for example an African advance fee fraud victim who may have been targeted using the Internet, if we included that the figure would be much higher. I apologise to the Committee for a bombardment of statistics, but I thought it would be helpful to share that statistical information with the Committee as far as we had got, Chairman.

  Q795  Chairman: That is very useful. So in general you would say that the situation is getting worse rather than better, however there are some means being applied which are improving things?

  Mr Coaker: I think it is fair to say that this is an increasing problem which we need to be aware of and also that the criminals who are using the Internet in order to perpetrate crime are also becoming increasingly sophisticated in the ways in which they are trying to attack the system. In a sense, Chairman, I think the best way of describing it is to say that what we essentially have are virtual criminal gangs. They are real people but they are acting in the virtual environment and there are online gangs, if you see what I mean, as well as individuals, and I think we are all becoming increasingly aware of the sophistication of the tactics they use. We have had some success, but increasingly we are going to need to develop the tools that we use against them in a more coordinated way in order to be as effective as possible.

  Margaret Hodge: Could I just add a word of caution to all the statistics, which is that we have not got robust figures, so I do not think any of us have real confidence in the figures, and the sorts of issues which cause us to question them are that firstly, usage is going up, so if the figures go up are they going up proportionate to usage, and the other is that for some people in the industry there is a reputation issue, so we simply have to watch whether or not that gives us a true indication of whether people are reporting the crime. On the other hand, there may be more consumers, more end-users, who do have the confidence and therefore report crime. The only other bit of statistics I wanted to add is that Vernon does all the sorts of surveys around individuals and victims, and we do one with businesses where we talk to 1,000 businesses every two years and it is an information security breaches survey. That captures everything. It does not just look at crime, it can look at operational error and things like that as well, but the interesting things coming out of that survey, which we believe is quite comprehensive, are the indirect costs where you are trying to cost things like disruption and reputation. For a small business it is somewhere between 6,000 and 12,000 if there are one or two days of disruption. For a large business it is between 50,000 and 100,000. Then if you go to the direct costs what the companies tell us, 85% of them, is that there is no direct loss to them from crime, but those who have lost are the other 15%, the small companies. It is not a large amount, it is between 500 and 1,000, they report, and for large companies it is over 50,000.

  Q796  Chairman: Presumably these are difficult to estimate? We have heard from people like eBay that they do suffer from this because every individual who has suffered fraud and who has been ripped off never comes back again. So it is a critical issue.

  Mr Coaker: That is right.

  Q797  Lord Young of Graffham: Unless I misheard, your first statistic was 27% of homeowners with computers on the Internet were infected by viruses. Is that the correct figure?

  Mr Coaker: Yes.

  Q798  Lord Young of Graffham: That is a remarkably high figure when you think of the proportion of people who have protection anywhere in their machine. Do you have confidence in the figure, that people are not just confusing that with a crashed hard drive or some other software fault and are saying, "We've been affected"?

  Mr Coaker: I think that is an important point to make. As my fellow Minister was saying, it is very difficult. I just wanted to say that these are the ballpark statistical figures which we have. It is very difficult to know quite how robust those figures are because I think it is quite right to point out that it may well be just people where something has happened and they describe it as a virus affecting their computers. I think this is part of the problem as well, trying to get robust statistics together, but as I say I thought it was just necessary to say that these are the statistics as far as we have them. But it is an important point you make.

  Margaret Hodge: It is very interesting, again, on viruses that in preparing for the Committee today there was one survey I came across which suggested that only 1% of those who were affected by a virus ever get to talking to the police about it, and a very small percentage, about 8%, even go to their service provider. That is also, on the virus issue, how people perceive and deal with breaches of the legislation.

  Q799  Lord Howie of Troon: Since we will have to pay some attention to these statistics at some stage, can you tell me whether the robustness is an over-estimate or an underestimate, or you just do not know?

  Margaret Hodge: We do not know.

  Mr Coaker: The most reliable figures we have got, as I say, come from the British Crime Survey, which are the figures I have just used, about 27%. As I say, those are the ones who said they had been infected by any virus. If you actually then go on, just 2% reported that someone had tried to access or hack into files on their own computers. That is obviously a much lower figure. I think the BCS figures are the most reliable figures, but I think you can put a health warning on those, to be honest.

  Mr Webb: The BCS figures are the best for total victimisation. The APACS figures which the Minister quoted are actually, we think, very robust. They are collected from the industry as a whole and we have got a lot of confidence in those.

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2007