1.Fraud is the act of gaining a dishonest advantage, often financial, over another person.17 Colloquially, fraud may be known as a ‘scam’, ‘swindle’, ‘con’, ‘hoax’, ‘trick’ or ‘extortion’.18 It is a form of economic crime, which covers activities involving money, finance or assets with the purpose of unlawfully obtaining a profit or advantage or causing loss to others.19
2.Digital fraud describes fraud conducted using online services and digital technology. Fraudsters may use emails, websites, malicious software or other digital tools to steal personal details or money.20 Digital fraud is often cyber-enabled, which happens when technology like computers and networks are used to advance the fraud (see Box 1).
3.In the UK, digital fraud is committed at scale and with relative impunity. Our digitised society has transformed fraud from being the preserve of opportunist individuals to the illegal revenue streams of Organised Crime Groups and global malign actors. These organised criminals use the profits from fraud to fund further organised crime, including human trafficking and the drugs trade. Fraud is the most commonly experienced crime in England and Wales, accounting for approximately 41% of all crime against individuals.21 Criminals turn to fraud because it can be conducted cheaply, at pace and without fear of likely or successful prosecution.
4.In the first half of 2022, it is estimated that over 40 million UK adults were targeted by scammers and data shows that a total of £609.8 million was lost to all types of fraud.22 In this time period, losses due to Authorised Push Payment (APP) fraud, which happens when a person or business is tricked into sending money to a fraudster posing as a genuine payee, were £249.1 million. Impersonation scams, such as when a fraudster impersonates bank staff, were the largest category in terms of loss (£90.5 million), followed by investment scams (£61.2 million). While APP losses were down 17% in the first half of 2022 compared to 2021 (13% down for all types of fraud), UK Finance suggests this is due to the first half of 2021 being “an exceptionally high period for fraud, rather than the start of a downward trend”.23 Total losses due to APP fraud were £583.2 million in 2021.24
5.The scale and volume of APP fraud is complex to measure and difficult to compare with fraud rates in other countries. Data appears scarce and is compounded by challenges linked to under-reporting. However, estimates of the impact of other types of fraud by country do exist. Using European Central Bank data from the pre-pandemic year 2019, the Social Market Foundation has found that, the UK had the highest number of card fraud victims per 1000 people as well as the highest losses to fraud in comparison with other European countries (see Figure 1).
Source: Social Market Foundation, ‘UK is card fraud capital of Europe: think tank’ (3 August 2022): https://www.smf.co.uk/uk-is-card-fraud-capital-of-europe-think-tank/ [accessed 1 November 2022]
6.Despite the scale of fraudulent activity in the UK, Chair of the Bar Mark Fenhalls KC told us that “the state has retreated from the investigation and prosecution of fraud over the last 15 years”.25 Only 1% of police and support staff are working on economic crime issues.26 Estimates suggest that despite the substantial growth in fraud, the decline in convictions could be as high as by two-thirds in 10 years.27 The Government appears to suffer from a culture of complacency when it comes to getting a grip on fraud (see Chapter 5). This was echoed by former Treasury and Cabinet Office Minister Lord Agnew of Oulton, who described an attitude of complacency towards tackling fraud in evidence to us.28
7.Tackling digital fraud requires a collective effort across the public and private sector. The fraudsters’ business model starts with approaching a victim and ends with cashing out stolen goods. Along the way criminals interact with numerous platforms and services. Within this fraud chain it should be the responsibility of the stakeholders along the way to recognise the threat of fraud and act to mitigate the risk of it wherever they are in the chain. Unfortunately, the UK’s response is too often driven by siloed working and the shifting of responsibility to other actors within the chain. The UK’s response to fraud appears largely to focus on the financial harm caused, with little attention given to the devastating wider impacts that this crime has on victims or bringing the perpetrators to justice.
8.With these challenges in mind, the House of Lords appointed this Committee in January 2022 “to consider the Fraud Act 2006 and Digital Fraud.”29 On 12 May 2022, we were re-appointed at the start of the new parliamentary session.30
9.We are grateful to all who contributed expertise and time to this inquiry. The Committee published a call for evidence in March and received over 90 individual submissions from a range of respondents. We have also heard oral evidence from over 45 witnesses ranging from academics to victims and law enforcement representatives. We are grateful to Tom Tugendhat MP, Minister for Security at the Home Office and Damian Collins MP, former Parliamentary Under Secretary of State at the Department for Digital, Culture, Media and Sport (DCMS), and their respective senior officials, who appeared before the Committee on 17 October 2022.
10.We are especially grateful to victims of digital fraud who shared their experiences with us. Our thanks go also to members of the Midlands Fraud Forum who hosted the Committee on 7 July in Birmingham.
11.Justice is devolved in Scotland and Northern Ireland and some justice matters are reserved in Wales. Whilst we endeavoured to learn from the experiences of the UK as a whole, our recommendations focus on the jurisdiction of England and Wales.
12.The members of the Committee are listed in Appendix 1, alongside their declared interests. We are grateful for the support of Kathryn Westmore, Senior Research Fellow, Royal United Services Institute (RUSI) and Sam Thomas, barrister and author (2 Bedford Row) as Specialist Advisers to the Committee. We would also like to thank the staff team who supported our inquiry: Mark Gladwell (Committee Operations Officer), Francesca Crossley (Policy Analyst) and Alastair Taylor (Clerk).
13.We have chosen to focus our inquiry on two specific areas that we felt required urgent attention: authorised push payment (APP) fraud and the impact of digital fraud on individual consumers.
14.The vast majority of fraud victims over the past 13 months are individuals (89%) rather than organisations or businesses.31 Criminals may target individuals in several ways, for example credit card theft and account takeover, which does not necessarily require direct contact with the victim.
15.In cases of APP fraud, individuals are targeted by fraudsters directly in order to coerce them into making a payment. This is because individuals are seen as the most vulnerable link in the fraud chain. Katy Worobec, Managing Director of Economic Crime at UK Finance told us:
“The most common business model from the frauds we are seeing in the industry is that of targeting the individual as the weakest link in the chain … through social engineering, often on online platforms or by phone, to get the personal information in the first place, and then use that information to dupe the customer into making payments from their account into another account.”32
16.APP scams occur when a person or business is tricked into sending money or data to a fraudster posing as a genuine payee so that the business or person has authorised the transfer. There are two types of APP scam; ‘malicious payee’ scams happen when someone is tricked into purchasing goods that don’t exist or are not received, and ‘malicious redirection’ scams happen when a scammer impersonates someone, such as a member of bank staff, to direct a victim to transfer funds.33 APP fraud losses stood at £583.2 million in 2021 (up from £479 million in 2020), with £505.8 million lost by scammed individuals (up from £387.8 million) and the rest lost by non-personal accounts or businesses.34
17.Data from the Office for National Statistics (ONS) Crime Survey for England and Wales (CSEW) shows that there were 4.5 million fraud offences in the year to March 2022, an increase of 25% on the pre-pandemic year ending March 2020. Computer misuse offences increased by 1.6 million, an 89% increase. In contrast, crime excluding fraud and computer misuse decreased by 18% compared with the year ending March 2020.35 Computer misuse differs from fraud because it takes place “when fraudsters hack or use computer viruses or malware to disrupt services, obtain information illegally or extort individuals or organisations”, whereas fraud involves a person dishonestly or deliberately deceiving a victim for personal gain or to cause a loss to another.36
18.This trend does appear to have stabilised in recent months, with the latest figures indicating that fraud has returned to pre-pandemic levels. ONS data shows that there were 3.8 million fraud offences in the year to June 2022, only a slight increase on the 3.7 million offences in the year to March 2020. However, advance fee fraud increased tenfold to 611,000 offences compared with the year ending March 2020 (60,000 offences). 37 The ONS defines advance fee fraud as when a payment is made to fraudsters, who claim to be in a position of authority, to transfer money or for a promise of employment, wealth or gifts. This includes some types of APP scams, for example lottery scams or where victims transfer funds to a fraudster posing as a delivery company.38 Despite this stabilisation, fraud remains the only main crime type in the CSEW that is increasing (see Figure 2).
19.This trend may continue. Commander Nik Adams, Economic Crime Portfolio Lead at the City of London Police, recently told the House of Commons that the force predicts there could be anywhere from 25% to 65% growth in fraud over the next four to five years.39
Source: ONS, ‘Crime in England and Wales: year ending June 2022’ (27 October 2022), Table 1: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingjune2022#fraud [accessed 1 November 2022]
20.Fraud can be reported in several ways, which leads to challenges when making an assessment of the true scale of fraud in the UK. Action Fraud is the UK’s national fraud reporting service based in the City of London Police. Other groups also record fraud, such as UK Finance and Cifas, a not-for-profit fraud prevention service.40 The CSEW has been used to collate information on fraud and computer misuse since 2015.41
21.What is clear is that a person aged 16 or over is more likely to be a victim of fraud than other individual crime types (7%) (see Figure 3).42
Source: ONS, ‘Crime in England and Wales: year ending June 2022’ (27 October 2022): https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingjune2022#fraud [accessed 1 November 2022] Percentages show the proportion of adults who experienced a crime.
22.The difficulties in analysing the scale of fraud are compounded by under-reporting, and result in the likely under-estimation of the true extent of the problem. Mike Haley, CEO of Cifas, told us:
“It is not a crime that people speak to others about because there is this embarrassment and shame about being a victim of fraud. Therefore, it is underreported.”43
23.As of October 2022, Action Fraud data shows that over the past 13 months there have been 357,129 reports of fraud, totalling reported losses of £4 billion. 89% of victims are individuals (316,520 reports totalling £1.9 billion losses) and 68% of these reports were recorded as cyber-enabled (see Box 1).44
24.Within this group of individuals, there are no typical victims of fraud and all people, regardless of age, gender, education or financial situation are vulnerable.45 In the past 13 months, 44% of individual victims were female, 43% were male and the rest did not identify their gender.46 Contrary to popular opinion, the likelihood of being a victim is generally lower in the older age groups. By age, most individual victims were aged 20 to 29 as shown in Figure 4.
Source: City of London Police, ‘NFIB fraud and cybercrime dashboard: 13 months of data’: https://colp.maps.arcgis.com/apps/dashboards/0334150e430449cf8ac917e347897d46 [accessed 1 November 2022]
25.The ONS recognises that there is “considerably less variation in fraud victimisation rates across different demographic groups than with other crime types.”47 Joe Lycett, presenter of the consumer programme Joe Lycett’s Got Your Back, told us that “anyone can be caught out by it, and it can completely ruin your life”.48
26.However, there are some features that may make a person more likely to become a victim of fraud. Examples of such variations include:
27.A range of long and shorter-term factors have made the UK a centre for digital fraud. We heard evidence that long term factors include globalisation, the position of the UK as an English language hub, and rapid digitalisation. Short-term drivers include the COVID-19 pandemic, the recent cost of living crisis, and the emergence of cryptoassets. A further significant factor has been the UK’s leading adoption of the Faster Payments service.
28.Rapid globalisation and the increasing use of the English language globally is believed to make the UK uniquely vulnerable to digital fraud. Duncan Tessier, Director of Economic Crime at the Home Office, argued that London’s place as a global financial centre and the international prevalence of the English language presented criminal gangs with an ease of access which is not afforded by other countries.55 While we recognise that this may factor into the fraud rates in other English-speaking nations such as the USA, groups including UK Finance and the National Crime Agency (NCA) recognise the English language as one compounding factor in the UK’s unique attraction to fraudsters.56
29.The National Economic Crime Centre (NECC), an arm of the NCA which holds responsibility for coordinating the UK’s response to economic crime, told us that: “Globally, the UK is disproportionately targeted by criminals engaged in fraud due to widespread use of English as a second language and the high uptake of digital banking and shopping in the UK, accelerated by COVID-19.”57
30.The digitisation of the global economy has been matched by a growing threat from economic criminals. As technology develops, there has been a proportionate increase in online and technology-enabled scams. Digitalisation has allowed fraud to become “industrialised”.58 According to Action Fraud, the UK’s national reporting centre for fraud and cyber-crime, 80% of fraud is cyber-enabled (see Box 1).59 TechUK, a technology sector trade association, said: “As we have moved our lives online and increased our digital footprint, fraudsters have found ways to adapt their sophisticated techniques to prey on the vulnerabilities of society.”60
ONS statistics show that there were 1.6 million computer misuse offences in the year ending March 2022, an increase of 89% on the year ending March 2020.61 Between November 2020 and 2021, the UK lost £2.5 billion in fraud and cyber-crime cases.62 Dr Alice Hutchings, Director of the Cambridge Cybercrime Centre at the University of Cambridge, told us: “The question as to where offenders are based is a really difficult one if they have good operational security skills. Often, the location where it appears the attack is coming from is the location of a compromised device or server that is being used as a proxy by the attacker. It can be quite difficult if you do not have the resources to do proper in-depth investigations to find out where attackers are based.”63 There is a distinction between cyber-dependent and cyber-enabled fraud. Cyber-dependent fraud can only be committed using ICT devices, and in such cases the devices are both the tool for committing the crime and the target.64 For example, the so-called FluBot attack was a type of malware spread via SMS text in 2021. When the victim clicked on an embedded link, malware was downloaded to harvest data and forward the message to contacts held in the phone. The malware prevented newly contacted numbers from re-contacting the sending device, limiting users’ ability to report it.65 Cyber-enabled fraud can be committed without ICT devices, but its scale and reach are altered by ICT technology e.g., romance fraud using an app.66In 2021, 80% of fraud was cyber-enabled.67 Kathryn Westmore, Senior Research Fellow at RUSI, told us that the response to cyber-enabled crime has not caught up with the response to cyber-dependent crime: “On the cyber dependent-type attacks, I think the strategy and the work of the National Cyber Security Centre is pretty good. Some of the weaknesses are on cyber-enabled frauds, which are the ones that as consumers we tend to notice more because we are being attacked through scam text messages, adverts or emails, for example. I think there is a lack of centralised response to dealing with those kinds of frauds that falls somewhere between the cyber world and the broader fraud world.”68 The Motion Picture Association, a trade association for the UK’s film and television sector, told us that cyber-crime has become a cottage-industry due to the emergence of ‘cyber-crime as a service’.69 Using the dark web, fraudsters can access a way to pay for the skills and tools (such as ransomware and other ‘crimeware’) needed to perform cyber-crime.70 Dr Alice Hutchings explained how this works in action: “We can see people creating crimeware. People use that to compromise credentials. Those credentials may then be traded, and other actors use the credentials to monetise them and cash out. There is a whole level of different services being provided at different points in the supply chain.”71 Europol has identified cybercrime as a service as a key challenge, noting its role in helping fraudsters to increase the technical complexity of their attacks.72 Furthermore, Dr Hutchings explained that its existence adds complexity to the challenge of locating and identifying fraudsters.73 While cybercrime as a service is illegal under Section 7 of the Fraud Act, under which a person is guilty if they make or supply articles designed for use in frauds, it is particularly difficult to identify those who are offering such services online due to the challenges of the dark web.74 Nevertheless, it is clear that more should be done to work with overseas law enforcement agencies to stamp out this threat. |
31.The UK has the eighth highest online banking penetration in Europe, with 76% of adults using such services, up from 30% in 2007.75 Research published in September 2022 shows that people in the UK are nearly twice as likely as other Europeans to prefer applying for financial products online.76 UK Finance expects this trend to continue; while 86% of UK adults used remote banking in 2021 (65% used online banking and 57% used mobile banking), it is forecast that this will rise to 93% by 2031.77
32.The Security Minister told us that the widespread availability of instantaneous payments in the UK is a critical feature in the UK’s attraction to fraudsters over and above other jurisdictions. He said:
“We are one of the very few jurisdictions in the world that allows for pretty much instantaneous transfers; very few others do. That means that you can do two things. One is that obviously you can defraud somebody quickly and therefore have access to the cash immediately, but you can then do the second thing, which is so important, which is to pass it on to 20 or 30 other bank accounts and then other bank accounts and so on, so that by the time the law enforcement authorities are involved, the money has long since left the country, or at least left the jurisdiction.”78
33.While digitalisation has been advancing at pace over the last 20 years, recent short-term drivers, such as the onset of the COVID-19 pandemic, have impacted on how fraudsters have manipulated their victims.
34.There has been an increase in fraud because of the COVID-19 pandemic and the impact it has had on consumer behaviour. Unlike other crime types, fraud rose during lockdowns. ONS data shows that there were 5.1 million fraud offences in the year ending September 2021, a 36% increased on the previous year.79 UK Finance told us that: “The pandemic environment has provided rich pickings for fraudsters, in the form of new-to-digital consumers, heightened vulnerabilities and anxieties, as well as new channels to exploit.”80 The City of London Police said that the increase in fraud was primarily due to the increased use of online services, most notably shopping and dating.81
35.Impersonation scams saw the biggest increase during the pandemic, with fraudsters impersonating trusted services like the NHS or government departments.82 At the onset of the pandemic, Google reported blocking 18 million hoax emails about COVID-19 every day.83 The City of London Police in their evidence raised the fear that the same predatory behaviour may be replicated during the developing cost of living crisis.84
36.An example of the increase in technology-linked scam attempts during the pandemic can be seen in the 86% increase in screen sharing scams. Screen sharing scams occur when a victim is prompted to download software that allows a fraudster to take control of the victim’s screen, allowing them access to the user’s personal details. The pandemic led to greater use of online video-sharing platforms and screen-sharing facilities. The Financial Conduct Authority (FCA), the UK’s financial services regulator, saw 2,142 cases of this between July 2020 and May 2022, with over £25 million lost between 1 January 2021 and 31 March 2022.85
37.The pandemic increased the rate of online shopping, and this was matched by a rise in fraud relating to e-commerce activity. The West Midlands Police and Crime Commissioner told us that in the past year, 89% of all fraud in the West Midlands was cyber-enabled, with online shopping appearing most frequently.86 This was supported by Will Semple, Director of Global Information Security Group at eBay, who described an uptick of fraudulent attacks on the platform during the pandemic but also the wider long-term trend of a “major transition from high street retail-type crime to cybercrime.”87 Cifas told us:
“ … [Online] platforms are exploited at scale, whether through the posting of fraudulent adverts, social engineering via direct messaging, or the sale of data, documents and guidance on how to commit fraud.”88
38.The use of online dating platforms and subsequent rates of romance fraud both increased during the pandemic.89 Romance fraud occurs when a person is duped into sending money to a fraudster who has gained their trust and convinced them their relationship is genuine. Action Fraud identified that scammers often manipulate, persuade and exploit their victims using emotive methods, such as claiming they need money for medical care.90 38% of people who have dated online in the past year have been asked for money.91 Romance scams often prey on individuals at their most vulnerable using aggressive social engineering tactics. Mark Shelford, Police and Crime Commissioner for Avon and Somerset, told us that victims can be too embarrassed to tell family or friends about the fraud, which sustains feelings of isolation, increasing the likelihood of becoming a repeat victim.92
39.COVID-19 was a catalyst for the growth of fraud, however the impact of the pandemic is unlikely to be short-term, nor is there likely to be a return to ‘normal’ as we emerge from the crisis. This is due to a range of factors including changed habits and the role of other emerging and longstanding trends.
40.The emergence of cryptoassets presents new challenges to the counter-fraud landscape. Cryptocurrencies are a form of cryptoasset which can be defined as cryptographically secured digital representations of value or contractual rights that can be transferred, stored or traded electronically”.93 There are two major kinds of cryptoassets; unbacked assets like Bitcoin that are considered speculative and volatile, and stablecoins, which are tied to another asset like Pound Sterling.94
41.Cryptocurrency uses blockchain technology to form a transactional database. Blockchain is a type of distributed ledger technology, which is a means of recording and sharing data across multiple data stores. Blockchain is encrypted and uses algorithms to create a growing data structure. Data cannot be removed from this structure.95
42.Fraud is the most frequently identified predicate offence in the illegal use of cryptocurrencies.96 There are multiple ways in which crypto-fraud can be committed, including ‘rug pull’ scams in which scammers persuade investors to put money into a new crypto token before disappearing with their money.97 A similar process is followed during an Initial Coin Offering scam in which the ‘latest’ token is promoted by someone offering an investment that is essentially worthless. These are often facilitated by fraudulent advertising including false celebrity endorsements on social media.98
43.A core issue surrounding fraud and cryptocurrency is the lack of regulatory oversight of the sector. Cryptoasset scams are the type of fraud most frequently reported to the FCA alongside new types of boiler room and recovery scams. However the regulator told us it does not have the “power to tackle” many of these cryptoasset frauds.99 Boiler room fraud is a type of investment fraud run out of an office where criminals contact victims to convince them to invest in bogus schemes.100
44.We have heard that, despite the use of blockchain technology, cryptocurrency provides an outlet for fraudulent finance that is harder to trace than payments made via traditional banking infrastructure.101 While not necessarily the case for simple crypto transactions that are accessible on the blockchain, the use of technology such as crypto mixers, which disguise transactions by shuffling coins, may create anonymity. Around 15% of all proceeds of crime were routed through mixers in 2021. In March, the NCA called for regulation of mixers to force organisations operating them to comply with money laundering laws, which would include customer checks and audit trails.102
45.There are hundreds of different fraud ‘business models’ that are operated by fraudsters, and several different ways that they are categorised by fraud authorities and law enforcement agencies. Common examples are categorised by Action Fraud as follows (excluding ‘Other’):
Source: Action Fraud, ‘A-Z fraud’: https://www.actionfraud.police.uk/a-z-of-fraud-category/business [accessed 1 November 2022]; Action Fraud, ‘What is fraud and cyber crime?’: https://www.actionfraud.police.uk/what-is-fraud [accessed 1 November 2022]; Investopedia, ‘The most common types of consumer fraud’: https://www.investopedia.com/financial-edge/0512/the-most-common-types-of-consumer-fraud.aspx [accessed 1 November 2022] ;The Pensions Regulator, ‘Avoid pensions scams’: https://www.thepensionsregulator.gov.uk/en/pension-scams [accessed 1 November 2022] and Europol, ‘Telecommunications Fraud’(6 December 2021): https://www.europol.europa.eu/operations-services-and-innovation/public-awareness-and-prevention-guides/telecommunications-fraud [accessed 1 November 2022]
46.The interaction between a fraudster and a victim can be analysed in a step-by-step process that we have called the ‘fraud chain’. We prefer this to the ‘kill chain’ that has been used elsewhere.103 The fraud chain tracks the development of fraud from the first approach by the fraudster through to the point when a criminal ‘cashes out’. There are different ways in which this can take place. A simplified version of the chain is shown in Figure 6.
Source: Q 14 (Katy Worobec) and written evidence from CCSG (FDF0063)
47.The Home Office have overall responsibility for the Government’s response to fraud against individuals and businesses. As noted, fraud against the public purse is outside the scope of this Inquiry. However, there are multiple departments, regulators and law enforcement agencies who contribute to the counter-fraud landscape.
48.Eight different departments have a key role in mitigating fraud. The Ministry of Justice has overall responsibility for the Fraud Act 2006. Other departments with a role include His Majesty’s Treasury (HMT), the Department for Digital, Culture, Media and Sport (DCMS), the Department for Business Energy and Industrial Strategy (BEIS), Attorney General’s Office (AGO), Foreign, Commonwealth and Development Office (FCDO) and the Department of Work and Pensions (DWP) (see Figure 7).
Source: Home Office, ‘Fraud Act 2006 and Digital Fraud Committee paper on cross departmental fraud responsibilities’: https://committees.parliament.uk/publications/23100/documents/169176/default/
49.A number of law enforcement bodies have responsibility for tackling fraud. In England and Wales, these include the City of London Police who act as the lead force for fraud, Action Fraud, the National Fraud Intelligence Bureau (NFIB), the NCA and the NECC. Regional Organised Crime Units (ROCUs) are specialist policing units that provide capabilities at regional level (see Chapter 5).
50.To co-ordinate economic crime policy across the public and private sector, the Government convenes the Economic Crime Strategic Board (ECSB) (see Box 9). The ECSB, chaired by the Home Secretary and Chancellor, is a ministerial-level public-private board to oversee the Economic Crime Plan. The Economic Crime Plan 2019–22 set out plans to understand better the threat from fraud while at the same time promoting information-sharing, better victim reimbursement, and enhancing the overall response to economic crime.104 In April 2021, a Statement of Progress set out further action to tackle fraud, including the delivery of a Fraud Action Plan, measures to improve the effectiveness and efficiency of the whole system response to economic crime, and to develop legislative proposals to tackle fraud, seize more criminal assets, and reform Companies House.105
51.Overseen by the ECSB, the Joint Fraud Taskforce (JFT) was relaunched in October 2021 by the then Home Secretary and is chaired by the Security Minister.106 The Taskforce is a partnership between the Government, the private sector and law enforcement, which is designed to foster collaboration (see Box 10).107
52.The two bodies suffer from a lack of transparency and infrequent meetings. The last set of publicly available minutes from the Economic Crime Strategic Board date from 2019.108 It is understood that the JFT will continue under the new Security Minister Tom Tugendhat, however it has not yet met. 109 The Home Office confirmed to us that the JFT will meet in Autumn 2022 and the ECSB will meet in the new year.110
53.In addition to Government and law enforcement agencies, a number of regulators have a key role in fraud. These include the FCA, which regulates the financial service industry and the Payment Systems Regulator (PSR), which regulates payment systems like bank transfers and contactless payments. Ofcom regulates the telecommunications industry including tech platforms. The Competition and Markets Authority (CMA) is the regulator with responsibility for competition regulation and has recently established a Digital Markets Unit to oversee a new regulatory regime for digital firms that includes protecting consumers from unfair practices.111 The Information Commissioner’s Office (ICO) regulates data controllers and has responsibility for the Data Protection Act 2018 and the General Data Protection Regulations (GDPR), legislation critical to the efficacy with which fraud data can be shared.112 These regulators are members of the Digital Regulation Cooperation Forum (DRCF) which was formed in July 2020 and fosters collaboration in tackling challenges posed by online regulation.113 The PSR works alongside the forum but is not a member.114
54.The efficacy of the Government’s multi-agency approach to tackling fraud is detailed in Chapter 5.
55.There are several pieces of legislation that are important when analysing the fraud landscape. The Social Market Foundation said that there is a “panoply of laws” relevant to the economic crime, cyber-crime and organised crime space, and they called for greater consolidation.115 The key legislative tools are outlined in brief below. Chapter 6 contains more detail on the legislative instruments outlined below.
56.The Fraud Act 2006 (see paragraph 426) came into force in 2007 with the objectives of clarifying and modernising the law surrounding fraud and to make fraud law more straightforward for juries and legal practitioners.116 Under the Act, a person is guilty of fraud if they are in breach of any of the following means of committing the offence:
(1)By false representation (Section 2): A representation may be express or implied. It is false if untrue or misleading and the person making it knows that this is or may be so. Most incidents fall within this category.117
(2)By failing to disclose information (Section 3): This applies where there is a legal duty to disclose it.
(3)By abuse of position (Section 4): Abuse of position applies where a person occupies a position in which they are expected to safeguard, or not to act against, the financial interests of another person. A person may abuse that position through an act or omission.118
57.The Fraud Act contains further offences relating to the possession, manufacture or supply of articles for use in frauds and obtaining services dishonestly.119
58.The Computer Misuse Act 1990 (see paragraph 440) is the main UK legislation relating to offences using computer systems. Computer misuse covers any unauthorised access to computer material. The Act sets out the following key offences:
(1)Unauthorised access to computer material
(2)Unauthorised access with intent to commit or facilitate commission of further offences
(3)Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer
59.The Proceeds of Crime Act (POCA) 2002 covers the recovery and confiscation of proceeds derived from criminal activities and money laundering, and came into force on the 24 March 2002.121 It provides the legal framework for freezing or seizing criminally obtained assets. The Crown Prosecution Service (CPS) has a specialist unit dedicated to asset recovery, the CPS Proceeds of Crime (CPSPOC) team. This works with law enforcement agencies and multiple cross-government departments to recover assets.122
60.The Data Protection Act 2018 (see paragraph 460) implemented EU General Data Protection Regulations (GDPR) into UK law. The Act controls how personal information is used by organisations, businesses or the government.123
61.The Telecommunications (Security) Act 2021 (see paragraph 483) introduced a general duty for public electronic communications network and service providers to identify and reduce the risk of security compromises and prepare for their occurrence, as well as a duty on them to prevent, remedy or mitigate any adverse effects.124
62.In addition, there are a number of forthcoming Bills that are directly relevant to counter-fraud policy. These include the following:
(a)The Economic Crime and Corporate Transparency Bill aims to tackle economic crime through reforms to empower Companies House, the companies registrar, with greater verification, investigation and enforcement powers (see Box 11). The Bill will also give law enforcement powers to seize and recover suspect cryptoassets and introduce new powers to bolster information sharing and intelligence gathering.125 This Bill is the second of two Acts aiming to strengthen the UK’s approach to economic crime. The Economic Crime (Transparency and Enforcement) Act 2022 came into force in March 2022.126 It sets out measures to mandate the creation of a beneficial ownership register for overseas entities holding UK real estate, to strengthen unexplained wealth orders (UWOs), and to make it easier to prosecute individuals involved in “sanction-busting.”127
(b)The Online Safety Bill (see paragraph 528) will set new rules for firms that host user-generated content and search engines all to improve online safety. The Online Safety Bill includes a legal duty (in clauses 34, 35 and 36) for large online platforms (Category 1) and search engines (Category 2A) to take steps to prevent paid-for fraudulent adverts appearing on their services. It also includes further measures, including the requirement for in scope companies to conduct risk assessments in relation to the likelihood of illegal content appearing on their sites of platforms.128
(c)The Draft Digital Markets, Competition and Consumer Bill (see paragraph 565) intends to tackle fake online reviews, boost competition by limiting the market power of big tech firms, empower the Digital Markets Unit and give greater powers to the CMA including to issue fines for breaches of consumer law.129
(d)The Data Protection and Digital Information Bill (see paragraph 480) plans to reform the UK’s data protection regime. The Bill makes provision for the implementation of agreements on sharing information for law enforcement purposes.130 The Bill is currently on hold, with Culture Secretary Michelle Donelan MP suggesting that the UK will introduce its own replacement for GDPR.131
(e)The Financial Services and Markets Bill was introduced to Parliament on 20 July 2022.132 The Bill clarifies regulatory provisions that enable the PSR to use its powers to require mandatory reimbursement by payment services providers (PSPs) in cases of APP fraud. It will also bring some types of cryptoassets within the UK regulatory perimeter. The Bill also makes changes to the authorisation of financial promotions.133
17 CPS, ‘Fraud and economic crime’: https://www.cps.gov.uk/crime-info/fraud-and-economic-crime [accessed 1 November 2022]
19 HM Treasury and Home Office, ‘Economic Crime Plan, 2019 to 2022, accessible version’ (4 May 2021), para 1.11: https://www.gov.uk/government/publications/economic-crime-plan-2019-to-2022/economic-crime-plan-2019-to-2022-accessible-version [accessed 1 November 2022]
20 Commbank, ‘Digital Fraud’: https://www.commbank.com.au/support/security/digital-fraud.html [accessed 1 November 2022]
21 ONS, ‘Crime in England and Wales: Appendix tables’ (27 October 2022), Table 1: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/datasets/crimeinenglandandwalesappendixtables [accessed 1 November 2022]
22 Citizen’s Advice, ‘Over 40 million targeted by scammers as the cost-of-living crisis bites’ (12 June2022): https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/over-40-million-targeted-by-scammers-as-the-cost-of-living-crisis-bites/ [accessed 1 November 2022]; UK Finance, 2022 half year fraud update (13 October 2022): https://www.ukfinance.org.uk/system/files/2022–10/Half%20year%20fraud%20update%202022.pdf [accessed 1 November 2022]
23 UK Finance, 2022 half year fraud update (13 October 2022): https://www.ukfinance.org.uk/system/files/2022–10/Half year fraud update 2022.pdf [accessed 1 November 2022] and UK Finance, ‘UK Finance calls for urgent action from all sectors as fraud continues to threaten the UK’ (13 October 2022): https://www.ukfinance.org.uk/news-and-insight/press-release/uk-finance-calls-urgent-action-all-sectors-fraud-continues-threaten [accessed 1 November 2022]
24 UK Finance, Annual fraud report (July 2022), p 47: https://www.ukfinance.org.uk/system/files/2022–06/Annual%20Fraud%20Report%202022_FINAL_.pdf [accessed 1 November 2022]
28 Q 32 (Lord Agnew of Oulton); see also ‘UK taxpayer on hook for billions lost on Covid business loans’, Financial Times (5 September 2022): https://www.ft.com/content/a8addc5d-0e20-4e5b-aa71-c145e22ec5e0 [accessed 1 November 2022]. While his comments referred to the issue of COVID-19 relief loans, we understood Lord Agnew’s comments to reflect a wider culture.
29 HL Deb, 19 January 2022, cols 1167–1168
30 HL Deb, 12 May 2022, cols 109–111
31 City of London Police, ‘NFIB Fraud and Cyber Crime Dashboard: 13 months of data’: https://colp.maps.arcgis.com/apps/dashboards/0334150e430449cf8ac917e347897d46 [accessed 1 November 2022]
34 UK Finance, Annual fraud report (July 2022), p 47: https://www.ukfinance.org.uk/system/files/2022–06/Annual%20Fraud%20Report%202022_FINAL_.pdf [accessed 1 November 2022] and UK Finance, Fraud: the facts 2021 (June 2021): https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202021-%20FINAL.pdf [accessed 1 November 2022]
35 ONS, ‘Crime in England and Wales: year ending March 2022’ (21 July 2022): https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingmarch2022 [accessed 1 November 2022]
36 Ibid.
37 ONS, ‘Crime in England and Wales: year ending June 2022 (27 October 2022): https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingjune2022#fraud [accessed 1 November 2022]
38 ONS, ‘Nature of fraud and computer misuse in England and Wales: year ending March 2022’ (26 September 2022): https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2022 [accessed 1 November 2022]
39 Public Bill Committee on the Economic Crime and Corporate Transparency Bill, (Second sitting), 25 October 2022, col 54
41 Office for National Statistics, ‘Crime in England and Wales: year ending March 2022’ (21 July 2022): https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingmarch2022#fraud [accessed 1 November 2022]. The CSEW became the telephone-operated TCSEW during the pandemic.
42 ONS, ‘Crime in England and Wales: year ending June 2022’ (27 October 2022): https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingjune2022#fraud [accessed 1 November 2022]
44 City of London Police, ‘NFIB fraud and cybercrime dashboard: 13 months of data’: https://colp.maps.arcgis.com/apps/dashboards/0334150e430449cf8ac917e347897d46 [accessed 1 November 2022]
45 Victim’s Commissioner, ‘Bold and ambitious action on fraud will help victims’(13 October 2021): https://victimscommissioner.org.uk/news/blog-who-suffers-fraud/ [accessed 1 November 2022] and Q 199 (Karl Laird)
46 City of London Police, ‘NFIB fraud and cybercrime dashboard: 13 months of data’: https://colpolice.maps.arcgis.com/apps/opsdashboard/index.html#/60499304565045b0bce05d2ca7e1e56c [accessed 1 November 2022]
47 ONS, ‘Nature of fraud and computer misuse in England and Wales: year ending March 2019’: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2019#fraud-characteristics-of-victims [accessed 1 November 2022]
49 House of Lords Library, ‘Financial fraud and vulnerable people’ (29 November 2021): https://lordslibrary.parliament.uk/financial-fraud-and-vulnerable-people/ [accessed 1 November 2022]; See also House of Commons Library, Consumer protection: online scams, Briefing Paper CBP9214, 20 May 2021.
50 ONS, ‘Nature of fraud and computer misuse in England and Wales: year ending March 2019’: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2019#defining-fraud-and-computer-misuse [accessed 1 November 2022]
51 Parliamentary Office of Science and Technology, ‘COVID-19 and the digital divide’ (17 December 2020): https://post.parliament.uk/covid-19-and-the-digital-divide/ [accessed 1 November 2022]
52 Lloyds Bank, UK Consumer Digital Index 2020 (2020), Appendix 44: https://www.lloydsbank.com/assets/media/pdfs/banking_with_us/whats-happening/211109-lloyds-consumer-digital-index-2020-eds.pdf [accessed 1 November 2022]
53 Money and Mental Health Policy Institute, Caught in the web: online scams and mental health (December 2020): https://www.moneyandmentalhealth.org/wp-content/uploads/2020/12/Caught-in-the-web-full-report.pdf [accessed 1 November 2022]
54 ONS ‘Nature of fraud and computer misuse in England and Wales: year ending March 2022’ (26 September 2022): https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2022 [accessed 1 November 2022]
59 Action Fraud, Fraud Crime Trends 2020–21: https://data.actionfraud.police.uk/cms/wp-content/uploads/2021/07/2020–21-Annual-Assessment-Fraud-Crime-Trends.pdf [accessed 1 November 2022]
61 ONS ‘Nature of fraud and computer misuse in England and Wales: year ending March 2022’ (26 September 2022): https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2022 [accessed 1 November 2022]
62 City AM, ‘UK loses £2.5bn in fraud and cyber-crime cases during 2021’ (20 January 2022): https://www.cityam.com/uk-loses-2-5bn-in-fraud-and-cyber-crime-cases-during-2021/ [accessed 1 November 2022]
64 Cabinet Office, ‘National Cyber Strategy 2022’ (7 February 2022): https://www.gov.uk/government/publications/national-cyber-strategy-2022/national-cyber-security-strategy-2022 [accessed 1 November 2022]
65 ThreatMark, ‘FluBot Malware’ (20 May 2021): https://www.threatmark.com/flubot-banking-malware/ [accessed 1 November 2022]
66 Cabinet Office, ‘National Cyber Strategy 2022’ (7 February 2022): https://www.gov.uk/government/publications/national-cyber-strategy-2022/national-cyber-security-strategy-2022 [accessed 1 November 2022]
67 Action Fraud, Fraud Crime Trends 2020–21: https://data.actionfraud.police.uk/cms/wp-content/uploads/2021/07/2020–21-Annual-Assessment-Fraud-Crime-Trends.pdf [accessed 1 November 2022]
72 Europol, Internet Organised Crime Threat Assessment 2020 (2020): https://www.europol.europa.eu/cms/sites/default/files/documents/internet_organised_crime_threat_assessment_iocta_2020.pdf [accessed 1 November 2022]
75 ‘Nordic countries dominate European online banking take up’, Computer Weekly (2 February 2021): https://www.computerweekly.com/news/252495736/Nordic-countries-dominate-European-online-banking-take-up [accessed 1 November 2022]
76 ‘City exclusive: Brits leave Europeans trailing in digital banking as UK soaks up fintech inflows’, City AM (12 September 2022): https://www.cityam.com/city-exclusive-brits-leave-europeans-trailing-in-digital-banking-as-uk-soaks-up-fintech-inflows/ [accessed 1 November 2022]
77 UK Finance, UK Payment Markets Summary 2022 (August 2022): https://www.ukfinance.org.uk/system/files/2022–08/UKF%20Payment%20Markets%20Summary%202022.pdf [accessed 1 November 2022]
79 ONS, ‘Crime in England and Wales: year ending September 2021’: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingseptember2021#fraud [accessed 1 November 2022]
80 UK Finance, Fraud: the facts 2021 (June 2021): https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202021-%20FINAL.pdf [accessed 1 November 2022]
82 UK Finance, Fraud: the facts 2021 (June 2021): https://www.ukfinance.org.uk/system/files/Fraud%20The%20Facts%202021-%20FINAL.pdf [accessed 1 November 2022]
83 BBC, ‘Google blocking 18m coronavirus scam emails every day’ (17 April 2020): https://www.bbc.co.uk/news/technology-52319093 [accessed 1 November 2022]
85 FCA, ‘‘Sharing my screen cost me £48,000’: half of investors would miss signs of screen sharing scam as FCA warns of 86% increase’ (5 May 2022): https://www.fca.org.uk/news/press-releases/investors-miss-screen-sharing-scam-signs [accessed 1 November 2022]
90 Action Fraud, ‘Romance fraud’: https://www.actionfraud.police.uk/a-z-of-fraud/dating-fraud [accessed 1 November 2022]
91 UK Finance, ‘Romance Fraud: a human issue’: https://www.ukfinance.org.uk/news-and-insight/blogs/romance-fraud-human-issue [accessed 1 November 2022]
93 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (SI 2017/692)
94 Bank of England, ‘What are cryptoassets?’ (19 May 2020): https://www.bankofengland.co.uk/KnowledgeBank/what-are-cryptocurrencies [accessed 1 November 2022]
95 Europol, Cryptocurrencies: tracing the evolution of criminal finances (December 2021): https://www.europol.europa.eu/cms/sites/default/files/documents/Europol%20Spotlight%20-%20Cryptocurrencies%20-%20Tracing%20the%20evolution%20of%20criminal%20finances.pdf [accessed 1 November 2022]
96 Ibid.
97 ‘Record $14bn flowed into crime-linked crypto wallets in 2021’, Financial Times (6 January 2022): https://www.ft.com/content/3c171512-7c58-4dc9-950f-28e2f75b03d9 [accessed 1 November 2022]
98 For an example see BBC News, ‘Harry and Meghan misused in fake investment endorsement’ (20 January 2022): https://www.bbc.co.uk/news/uk-60040937 [accessed 1 November 2022]
100 Action Fraud, ‘Boiler room fraud’: https://www.actionfraud.police.uk/a-z-of-fraud/boiler-room-fraud [accessed 1 November 2022]
102 Q 71 (Katie Martin) and ‘NCA calls for regulation of crypto mixers used in ‘churning criminal cash’’, Financial Times (15 March 2022): https://www.ft.com/content/c6df2b68-a244-4560–9911–88cc1fa61576 [accessed 1 November 2022]
104 HM Treasury and Home Office, ‘Economic Crime Plan, 2019 to 2022’ (updated 4 May 2021): https://www.gov.uk/government/publications/economic-crime-plan-2019-to-2022/economic-crime-plan-2019-to-2022-accessible-version [accessed 1 November 2022]
105 HM Government, UK Finance, Economic Crime Plan: Statement of Progress: July 2019–February 2021 (April 2021): https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/983251/Economic_Crime_Plan_Statement_of_Progress_May_2021.pdf [accessed 1 November 2022]
106 Treasury Committee, Economic Crime (Eleventh Report, Session 2021–22, HC 145)
107 Home Office, ‘Joint Fraud Taskforce’ (updated 10 May 2022): https://www.gov.uk/government/collections/joint-fraud-taskforce [accessed 1 November 2022]
108 Available at gov.uk, ‘Economic crime’ (updated 21 September 2021): https://www.gov.uk/government/collections/economic-crime#economic-crime-strategic-board-minutes- [accessed 1 November 2022].
110 Confirmed in a private email dated 25 October 2022.
111 Competition and Markets Authority, ‘Digital Markets Unit’ (updated 20 July 2021): https://www.gov.uk/government/collections/digital-markets-unit [accessed 1 November 2022]
112 See regulator websites for more information.
113 Competition and Markets Authority, Information Commissioner’s Office, Ofcom, and Financial Conduct Authority, ‘The Digital Regulation Cooperation Forum’ (10 March 2021): https://www.gov.uk/government/collections/the-digital-regulation-cooperation-forum [accessed 1 November 2022]
114 Competition and Markets Authority, ‘Digital Regulation Cooperation Forum: Plan of work for 2021 to 2022’ (10 March 2021): https://www.gov.uk/government/publications/digital-regulation-cooperation-forum-workplan-202122/digital-regulation-cooperation-forum-plan-of-work-for-2021-to-2022 [accessed 1 November 2022]
116 Ministry of Justice, Post-Legislative Assessment of the Fraud Act 2006, CP 680 (June 2022): https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1081360/fraud-memo-2022.pdf [accessed 1 November 2022]
117 ONS, ‘Nature of fraud and computer misuse in England and Wales: year ending March 2019’: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2019#defining-fraud-and-computer-misuse [accessed 1 November 2022]
118 Thompson Reuters Practical Law, ‘Financial crime in the UK (England and Wales) overview’ (1 March 2020): https://uk.practicallaw.thomsonreuters.com/8-520-4390 [accessed 1 November 2022]
119 Fraud Act 2006, sections 2–4
120 CPS, ‘Computer Misuse Act’: https://www.cps.gov.uk/legal-guidance/computer-misuse-act [accessed 1 November 2022]
121 St Pauls Chambers, ‘The Proceeds of Crime Act Explained’, (2 November 2020]: https://www.stpaulschambers.com/the-proceeds-of-crime-act-explained/ [accessed 1 November 2022]
122 CPS, ‘Proceeds of Crime’: https://www.cps.gov.uk/crime-info/proceeds-crime [accessed 1 November 2022]
123 HM Government, ‘Data protection’: https://www.gov.uk/data-protection [accessed 1 November 2022]
124 Telecommunications (Security) Act 2021, Chapter 31
125 Economic Crime and Corporate Transparency Bill, Parts 1–6 [Bill 154 (2022–23)]
127 The Law Society, ‘Economic Crime Act: what does it mean for law firms?’ (5 August 2022): https://www.lawsociety.org.uk/topics/anti-money-laundering/economic-crime-act [accessed 1 November 2022]
128 House of Commons Library, Analysis of the Online Safety Bill, Research Briefing CBP9506, April 2022
129 HM Government, The Queen’s Speech 2022 (10 May 2022): https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1074113/Lobby_Pack_10_May_2022.pdf [accessed 1 November 2022]
130 Data Protection and Digital Information Bill, [Bill 143 (2022–23)]
131 ‘Britain to replace GDPR data privacy regime with own system’, Reuters (3 October 2022): https://www.reuters.com/legal/litigation/britain-replace-gdpr-data-privacy-regime-with-own-system-2022–10-03/ [accessed 1 November 2022]
132 HM Treasury, ‘Financial Service and Markets Bill’: https://www.gov.uk/government/collections/financial-services-and-markets-bill [accessed 1 November 2022]
133 Ibid., and explanatory notes to the Financial Services and Markets Bill [Bill 146 (2022-3)-EN]