Moved by Baroness Morgan of Cotes That this House takes note of the
Report from the Fraud Act 2006 and Digital Fraud Committee Fighting
Fraud: Breaking the Chain (HL Paper 87). Baroness Morgan of Cotes
(Con) My Lords, it is a great pleasure to move that this House
takes note of the report from the Fraud Act 2006 and Digital Fraud
Committee—the committee I had the pleasure of chairing—Fighting
Fraud: Breaking the Chain, which we published last November. I
declare...Request free trial
Moved by
of Cotes
That this House takes note of the Report from the Fraud Act 2006
and Digital Fraud Committee Fighting Fraud: Breaking the Chain
(HL Paper 87).
of Cotes (Con)
My Lords, it is a great pleasure to move that this House takes
note of the report from the Fraud Act 2006 and Digital Fraud
Committee—the committee I had the pleasure of chairing—Fighting
Fraud: Breaking the Chain, which we published last November. I
declare my interests as a non-executive director of the Financial
Services Compensation Scheme, chair of the Association of British
Insurers, and a non-executive director of Santander UK. I am very
grateful to the Senior Deputy Speaker for ensuring that this and
other reports from inquiries of this House are considered by this
House before we reach the Summer Recess.
I thank my fellow committee members, many of whom are in the
Chamber today. It was a truly collaborative and non-political
inquiry. I am especially grateful to my noble friend and the noble Lord,
Lord Vaux—who unfortunately cannot be here today—who suggested
the original subject matter for the inquiry. On behalf of
committee members I thank our excellent staff, who supported us
throughout the process. We thank all those who gave evidence,
both written and oral, and especially those who were prepared to
tell their stories of being victims of fraud and scams and to be
named in the report.
Fraud is not a victimless crime; it involves a severe loss of
trust. It can involve life-changing amounts of money being
stolen, and it is truly devastating for those who have been
victims. When we started our report, we had to consider our
approach, what we were going to look at and the scope. As has
already been said in the Chamber this week alone, the scale of
fraud in the United Kingdom is enormous: 41% of crime in England
and Wales in 2022 related to fraud. Those aged 16 or over are
more likely to be a victim of fraud than any other crime.
We focused on authorised push payment fraud, where a victim has
been socially engineered into transferring funds from their bank
account. This fraud alone costs the United Kingdom hundreds of
millions of pounds every year. As noble Lords who have looked at
the report will see, we also considered the whole of the fraud
chain. It is often too easy to pick out certain parts of the
fraud chain, particularly the final part—cashing out. This occurs
where the money is moved from one bank account to another, often
a mule account, and often heads overseas extremely quickly. We
wanted to look further up the fraud chain at the inbound route,
which involves phishing and smishing, use of SMS messages,
fraudulent advertising and the old-fashioned physical approaches
where people are defrauded. We of course looked at the
interaction, where number spoofing, social engineering and the
use of fraudulent websites are prevalent.
Our report came up with 65 overall recommendations. I certainly
do not have time to go through them all in the time available,
but we identified six key steps to break the fraud chain.
Unfortunately, the UK’s advance payments infrastructure is one of
the key reasons why the United Kingdom has become a global centre
for fraud. We recommended that the speed with which payments can
be made must be delayed in certain circumstances, to allow banks
more time to review risk signals and contact customers about the
proposed payment.
We said that fraud needed to move
“to its rightful place as a top priority for law
enforcement”,
and
“should be included within the Strategic Policing
Requirement”.
Law enforcement related to fraud is significantly underresourced.
Only 1% of law enforcement spend is focused on tackling economic
crime; that bears no resemblance to the 41% of crime in England
and Wales that I mentioned just a moment ago.
We recommended that, to address
“the mind-boggling variety of acronyms and alphabet soup of
departments, taskforces and Ministers with responsibility for
fraud, a cabinet sub-committee with a clear mandate to tackle
fraud should be established, chaired by and accountable to the
Security Minister”.
We said that:
“Several sectors involved in the fraud chain have failed to
prevent rampant fraud for too long”,
and we recommended that the Government must
“introduce a new corporate criminal offence of ‘failure to
prevent fraud’ across all sectors to address this”.
The Online Safety Bill, which is well known to so many of us,
“contains several important measures to prevent fraudulent
content and scam advertising from appearing on online
platforms”.
We recommended that tech companies must be held accountable when
they fail to prevent their users becoming victims of fraud.
We also said that, to create clear advice for consumers that they
could follow to help them prevent fraud and report if they become
a victim, the Government
“should oversee the introduction of a single, centrally funded
consumer awareness campaign in partnership with industry”.
Overall, we were very critical of what has become too much of a
permissive culture around fraud in this country.
Part of the committee’s remit was to look at the efficacy of the
Fraud Act 2006. We found that, overall, it is still
“a highly effective piece of legislation that has simplified the
fraud landscape and it has the flexibility to adapt to future
technological developments”.
So, what happened after the report was published? Too often, one
of the dangers of reports is that they end up getting some
attention and being welcomed, someone might do something, and
then they sit on a shelf for a bit. However, I am pleased to
report that, apart from just getting a response from the
Government, which I will come on to in a moment, we have seen
some significant progress on issues raised in our report. Perhaps
our timing was just right. We deliberately wanted to write a
truly comprehensive report on this issue to bring it all together
in one place. It was quite long; I think my noble friend Lord
Young said that it might be a bit too long and he probably had a
point.
I thank my noble friend the Minister for the Government’s
response. Broadly, five of our six key recommendations have been
taken forward in one form or another. In fact, the change so that
fraud is reflected in the national strategic policing requirement
was made before the Government’s response was even published.
However, the big step forward was the publication of the
Government’s Fraud Strategy in early May. The strategy was long
overdue, and it would be fair to say that my noble friend the
Minister himself was relieved to finally get it over the line so
that we could all stop asking him when it would be published and
start looking at the details.
I welcome the appointment of as the Government’s
anti-fraud champion. It is not quite what we wanted in terms of a
Cabinet sub-committee, but having somebody to draw all the
strands together and work with government departments and
agencies is a significant improvement.
Changes will be made to Action Fraud, which I think we referred
to as “Inaction Fraud” in our report. We understand that the
Government are working on a broad awareness campaign. The need
for a clear, consistent message for the public on how to protect
themselves from fraud and scams cannot be overestimated. We
understand that the Government will also take forward the ability
of banks and payment service providers to slow down payments
where they have evidence that the payment is going to a
fraudster’s account.
Just this week, the House debated the Economic Crime and
Corporate Transparency Bill. I welcome the Government’s
introduction of the failure to prevent fraud offence and the
reform of corporate criminal liability and the identification
doctrine. These are significant steps forward and very welcome
reforms. Unsurprisingly, of course, they never go quite far
enough for all those who have been campaigning. I think we have
further debates on this to come.
What remains outstanding? We still think, and there are still
calls by bodies such as Stop Scams UK—I want to recognise its
work—that there is a need for a single scams body or authority of
some kind. There is an opportunity for a significant increase in
international collaboration. Fraud is an international crime. The
UK, unfortunately, has a world-leading place in fraud being
perpetrated. Therefore, we can share our experience on how to
tackle this on the world stage.
The big outstanding issue that I am sure other noble Lord will
refer to is that all parts of the fraud chain are not yet being
held accountable or incentivised to prevent fraud. In 2023, 78%
of authorised push payment fraud cases started online, and 18%
started via telecoms companies. Those figures are from UK
Finance; Ofcom has found very similar figures. There is no doubt
that social media platforms, technology platforms and telecoms
companies are the places where customers most often encounter
fraud, and they need to be incentivised to prevent that fraud and
to protect their customers. I doubt that the voluntary code
proposed in the fraud strategy will be sufficient and I am sure
we will return to this, not least by pushing for a facilitation
offence where those companies and platforms facilitate the
offence of fraud.
The Online Safety Bill goes far in cracking down on fraudulent
advertisements, which is very welcome, but it does not deal with
fraudulent emails or the inaction of the internet service
providers and telecoms companies. There is also more to do on
data sharing, in terms of both sharing and permission to share
data about customers but also data disclosure by the platforms
and telecoms companies about the amount of fraud perpetrated via
their services. Only by being clear and transparent about that
level of fraud will law enforcement and other agencies know
exactly where to tackle it.
This is a matter of direct relevance to everyone in this country,
both individuals and businesses. As I said at the start, it can
be life-changing and devastating. As the Bank of England said to
us in evidence, it directly affects consumer confidence. There is
a huge opportunity to crack down. The Government have taken some
important steps; I like to think that our report played a part in
that. We will watch how they proceed. I beg to move.
10:16:00
(Lab)
My Lords, it is an enormous pleasure to follow the noble
Baroness, Lady Morgan, who opened this morning’s proceedings with
the lucidity that also characterised her inclusive chairmanship
of the fraud committee, on which I had the pleasure to serve. The
report that we are here to address is a powerful piece of
diagnostic work and is testament to her energy and commitment, as
well as the hard work of the excellent committee staff.
As we heard, there is an extraordinary disjunction between the
seriousness of the offence of fraud and the resources we devote
to its prevention and to the pursuit and prosecution of those
responsible. Fraud accounts for 41% of all crime against the
individual, while only 1% of our law enforcement focuses on
economic crime.
I welcome the Government’s pledge, in their recently published
Fraud Strategy, to create a new national fraud squad comprising
400 specialist investigators, but I should be grateful if the
Minister would share some specifics. The committee’s report shows
the extent to which digital fraud has increased, with 80% of
fraud now cyber enabled. How will these new officers be equipped
to deal with the complexities of online fraud, including fraud
which takes place on the dark web or through blockchain? Those
tasked with such investigations will need either to be drawn from
sectors where these skills already are both essential and scarce
or, to put it mildly, to be put through some extensive
training.
One of the recurrent themes in the report is an inclination to be
tentative about the data on which conclusions are based. That is
a function of a wider problem, with the absence of consistent
measurement in government statistics. In 2010, the National Fraud
Authority, an executive agency of the Home Office, first
published its Annual Fraud Indicator. Its authors assessed the
UK’s total loss to fraud to be £30 billion per year. In 2011 it
was £38 billion, and in 2012 it had risen to £73 billion—a rise
of about 150% at a time when reporting of fraud dropped off the
crime statistics.
That year, , then Home Secretary,
transferred responsibility for fraud to the NCA. In 2017, at the
request of the NCA, the same academics who informed the national
fraud indicator published a national fraud indicator figure of
£190 billion per year. A month ago, the same experts published an
annual fraud indicator for 2022. The total annual loss now stands
at £219 billion, £8.3 billion of which was fraud on individuals.
That figure was £3.5 billion in the 2010 indicator.
So, after a further unexplained hiatus in transparency reporting,
the situation has again markedly deteriorated. It is little
wonder that about six months ago the NAO said about fraud that
the Government do not have the data they need and are unable
accurately to measure the impact of their policies. This
inability persisted up to and including the publication of the
fraud strategy. It would be useful to know on what basis we can
judge the likely effectiveness of the measures therein in the
absence of consistent and reliable data on which to base such
judgments. Perhaps that explains why the gleaming promise held
out as a measure of success for this strategy is a reduction of
fraud by 10% in time for Christmas 2024—it appears conveniently
close to the last date on which a general election must be held,
one might think. This is hardly a Napoleonic ambition, given that
the best data we have now suggests that the Government in one
form or another have presided over an increase of more than 550%
in total fraud since 2011.
In focusing on the scale of the problem, I emphasise that the
victims of fraud range across vulnerable individuals, major
corporations and small businesses as well as the public sector,
and the Government themselves account for a significant amount of
the total. I recall the powerful testimony we heard from the Bank
of England, making it clear that fraud directly affects and
undermines consumer confidence. Under successive Governments an
attitude has prevailed that fraud is an unfortunate by-product of
our strengths. Apparently, fraud has become so prevalent in the
UK because of the widespread use of the English language,
our position as a digitalised global financial hub, our
adoption of the faster payments system, and the emergence of
crypto assets. These are all said to be pull factors for
fraudsters. Every element of this description could be applied to
the United States, and yet UK residents are exponentially more
likely to be victims of fraud than their US counterparts. This is
a British problem, and its scale demands that it be a national
priority. The answer is not to dilute those strengths but to
ensure that they are hedged about by clear preventive mechanisms
and appropriately severe financial penalties for those found to
have enabled fraud. I do not wish to move on to the ground more
properly covered in the Online Safety Bill or the Economic Crime
and Corporate Transparency Bill but merely note that some of
these questions are being covered as they journey through your
Lordships’ House.
Fraud is not merely a serious offence; it is a direct enabler of
far more serious offences. Organised crime, drugs, arms and human
traffickers, kleptocrats and fugitives from justice all use money
gained by fraud to fund their activities or to escape justice. To
some extent, we have the appropriate mechanism for punishment
already in place. The committee’s report examined the Fraud Act
2006 and found it to be effective, although greater maximum
sentences would be desirable, but our ability to use the
provisions in that legislation have been weakened by a
significant decrease in the number of prosecutions of fraudsters,
outdated disclosure procedures, and court backlogs. Recent data
from the Law Society of England suggests that the Government’s
promise to reduce the backlog is sitting rather awkwardly
alongside figures that show it to be rising, so I suspect we may
waiting a little time for that problem to abate.
In coming to the end of my remarks, I am conscious that I have
painted a somewhat bleak picture, but none of this is inevitable.
I note the Government’s acceptance of five of the committee’s six
principal recommendations, in part or in full, and I hope to see
the resources made available to ensure that that acceptance is
matched by action. Fraud is not a victimless crime. As has
already been said, it targets the most vulnerable, reduces the
financial resilience of millions of households across the
country, diminishes their confidence in the institutions on which
they are supposed to rely and can drive them to desperate
measures. Earlier this week, Ipsos released data showing that 7%
of 18 to 75 year-olds have been driven to such straits that they
have used an illegal moneylender in the past three years. We have
all heard the rhetoric around predatory capitalism, but the fact
that loansharking has become one of this country’s few growth
industries renders satire redundant. This report shows a critical
need for cultural change, it outlines the necessity for clear
lines of accountability and enforcement and, most of all, it
testifies to the need for far more effective preventive measures.
I look forward to hearing how the Government intend to translate
these needs into action.
10:24:00
(CB)
My Lords, I was a member of the Fraud Act 2006 and Digital Fraud
Committee, and it was a great privilege to serve with the noble
Baroness, Lady Morgan, who so ably chaired it.
The committee was driven by the massive increase in fraud. We
discovered that scams are being delivered not only online but
through text and messaging services, using ever more
sophisticated technology. The new threat is coming from deepfake
technology. Only a few weeks ago, a video appeared on Facebook
that seemed to be a CNN report, with the CNN logo strapped across
the base of the screen. Regional executives of a major bank
appeared the video promoting what appeared to be one of their big
new funds. They were followed by a succession of customers who
said that they had made up to £50,000 each by investing in the
fund. The user was then urged to click on a link that facilitated
investment into the fund but needed the user’s bank details to do
so. Once fraudsters have this information, they can impersonate
the user to take out a loan, make a purchase or do any number of
fraudulent financial transactions.
The deepfake fraud is just the most up-to-date example of ID
fraud. This is one of the first scams to use deepfake technology.
The bank executives’ images and voices had been captured from
their previous appearances on television and in videos and
manipulated to make them appear to be pushing the fund. The bank
had a terrible time trying to stop the dissemination of this
fraudulent content. It had to play a terrible game of
whack-a-mole. As soon as was it was taken down from one Facebook
group, it appeared on another. It also appeared in other parts of
the internet and went viral on platforms and phone services.
Deepfakes are just the latest generation of scams. They are so
powerful because the visual medium is still seen as more
trustworthy than others. The bank is so concerned that any future
video appearances by executives will have to be stamped with a
watermark on screen as a means of authentication, which it hopes
will make future manipulation of their images more difficult.
The Online Safety Bill will put the onus on user-to-user services
to prevent fraudulent content appearing on their platforms, but
the growing practice of smishing—sending fraudulent messages to
collect personal financial information through text and direct
messages—is also worrying law enforcement officers. These scams
are increasingly disseminated on SMS and MMS platforms, and so
are out of scope of the Online Safety Bill. According to CIFAS,
2022 saw the highest-ever volume of identity fraud cases. They
were up by nearly one-quarter from the previous year. Nearly all
the cases related to mobile phone products.
In the committee hearings we heard evidence of how criminals are
frighteningly ingenious at finding ways to capture a user’s ID,
both online and on mobile phones. The fraudsters send messages
which often seem innocent enough, such as completing a crossword
puzzle or taking part in a survey, all of which involve the user
giving away their personal financial details. I recently heard
about a victim who received an SMS message giving details of an
expected delivery from DHL. When they called the number, they
were put through to a fraudulent call centre, which asked for
money to be paid for customs duty in order to release the package
through Customs and Excise. Fraudsters are even using ID
impersonation to break the secure customer authentication service
which was set up especially by the banks as a secondary source of
verification. They do this by diverting the message which is
meant to go to a customer’s number and then take control of
it.
CIFAS told me that in the past 12 months, there has been a rise
in cybercrime service platforms on the dark web. One of these
sites is selling up to 30,000 fake profiles, which can be used to
push fraud, at a time. The whole fraud ecosystem is incredibly
sophisticated. There are specialist roles for each stage of the
fraud. First, there is a fraudster specialising in stealing ID,
then another who uses the information to open bank accounts and
set up customer profiles, and finally there is a specialist who
can siphon off the money to the criminal. It seems to me that the
major way of dealing with this is to incentivise platforms and
telecoms companies, which are the enablers, to crack down on
fraudulent activity online. I wholeheartedly support the attempts
by the noble Baroness, Morgan, to extend the “failure to prevent”
law to cover more enterprises and more harms but, despite wins on
Report on the Economic Crime and Corporate Transparency Bill this
week, the Government still seem reluctant to adopt the ideas in
her amendments.
I have already mentioned the Online Safety Bill, which leaves so
many of the systems which deliver fraud out of scope. Like the
noble Baroness, Lady Morgan, I would like to see telecoms
companies being held to account. They have already taken some
steps to reduce fraud. The committee heard evidence about BT’s
spam shield, which is blocking spam messages to users. SIM farms,
where a mass of phone numbers can be bought to be used to send
fraudulent text messages to tens of thousands of customers, are
now being clamped down on but, as the committee’s report states,
these current approaches by the telecoms sector are uneven, with
counterfraud policies being introduced inconsistently across the
sector.
It seems to me that the enabler of the fraud ought to be held
responsible, at least in part. The banks are paving the way. The
Payment Systems Regulator is already changing the liability for
banks whose customers have been involved in fraud. It has set out
a path for introducing a 50:50 split between the issuing banks
and the bank that accepts the funds on behalf of the fraudster.
In July it will consult on the draft legal instruments to put
reimbursement requirements in place. The following month, it will
consult on the maximum level of reimbursement and guidance on
customer gross negligence. By October it hopes to get the final
legal instruments to Pay.UK. Early next year, these measures will
come into force. The regulator will also demand transparency, the
publication of data on how well banks are protecting customers
from fraud and the promotion of intelligence sharing.
The telecom companies are also enablers. Either they can take
part in a compensation scheme along the lines of the banks or
they can, as paragraph 522 of this report suggests, be part of
a
“regulatory strategy equivalent to the Online Safety Bill that is
directly applicable to telecoms platforms and services”.
In their response to the report, the Government said that,
despite progress being made by the industry, more could be done
to protect the customers. Instead of supporting a duty to prevent
fraud, they suggest that the operators join the voluntary
telecoms fraud sector charter. The Government have spent much
time ensuring that online platforms are mandated to protect users
against fraud. In a world in which fraud is now being delivered
increasingly through direct messaging and SMS, why is one sector
being mandated to take action while another is allowed to take
part in counterfraud action voluntarily?
10:31:00
(Con)
My Lords, the committee, of which I was a member and which was so
excellently chaired by my noble friend Lady Morgan of Cotes,
reported last November. We heard from 56 witnesses. They covered
a range of experience: academics, Ministers, the police, the
Crown Prosecution Service, prosecutors in the courts, the Home
Office, financial services, regulators and a range of internet
platforms and service providers, as well as telecoms companies.
Above all, we heard from the victims.
The picture was absolutely clear. We face in this country a
really serious problem with fraud. Too many of our institutions
have failed to take it seriously enough or to address it
effectively. We have to act, and now. Our report identified the
issues. It provided in one easily readable, if quite long,
document a route map for police, government, regulators and major
commercial players. There is no excuse to say that they do not
know what to do, or to deny that there is a problem.
I will remind the House briefly of some core findings. Fraud is
the most commonly experienced crime in England and Wales, yet is
excluded from the crime figures. It accounts for approximately
41% of all crimes against individuals. Losses total at least £4
billion a year. The Bank of England has admitted that it directly
affects consumer confidence. Most fraud happens online; 80% of
reported frauds are cyber-enabled. The exponential growth in
fraud and scams, we found, has been invisible. Fraudsters face
little risk of being caught. Victims are embarrassed to report
it. Law enforcement is underresourced.
We found that this underprioritisation has created a permissive
culture across the Government and law enforcement agencies. This
then permeates through to affect the attitudes of the private
sector players in the fraud chain—internet service providers,
telecoms companies and the like. They have not stepped in to do
what they can to prevent customers being scammed. Indeed, I
received an email to the effect that they feel they have not had
a fair hearing from our committee; I do not know whether others
did.
Organised criminals around the world turn to the UK as a
lucrative market to commit fraud. As we have heard, their
proceeds are used to fund human trafficking and the drugs trade.
The telecoms sector has to date had no real incentive to prevent
fraud and has allowed blame to be placed elsewhere for too long.
There have been no sticks, and certainly no carrots. It must do
more to tackle phishing emails, smishing texts and fraudsters
making spoof phone calls, as well as those emails that infiltrate
our machines.
Until all fraud-enabling industries fear significant financial,
legal and reputational risk for their failure to prevent fraud,
they will not act. We were clear that the Government must act to
introduce a new corporate offence of failure to prevent fraud
across all sectors to address this, and we did not limit that to
so-called large companies.
I welcome the important measures in the Online Safety Bill to
prevent fraudulent content and scam advertising on online
platforms and to hold tech companies accountable when they fail,
but these will bite only on fraudulent advertisements. They are
an important plank but they are only one plank—you cannot build a
house from them. The telecoms industry, financial services, the
insurers, indeed all our great service industries in this
country, must face the same requirements and get their act
together.
The Government published their Fraud Strategy in May and
appointed as anti-fraud champion.
That is a good start but it is not enough. Let me explain: I
applaud the proposals to ban cold calls on all financial
products, to ban SIM farms, to make it harder for fraudsters to
spoof UK numbers making it look like they are calling from a
legitimate UK business, and to stop people hiding behind fake
companies, and I applaud the plans to create new powers to take
down fraudulent websites—but we need a facilitation offence.
Telecoms companies must be put under duties to do more. Plans to
improve the law enforcement response and trade and charters
addressing areas of business activity are welcome, but they are
not enough to ensure the changed culture needed to drive down
fraud in this country.
Surprisingly, to date the Government have been reluctant to
introduce what we regarded as adequate provisions to push
business to take steps to prevent fraud. Regulation has to be
proportionate, of course, but reasonable steps to prevent fraud
taken by all businesses will reduce the opportunities for these
scammers. They will help our economy grow; everyone will be more
prosperous as a result. Thankfully, on Tuesday this week, this
House expanded the scope of the duty to prevent fraud imposed by
the economic crimes Bill. I just hope that it will not be taken
out in the other place, because it would likely bounce back again
here.
Only if all businesses are driven to take proportionate steps to
stop fraud will things change. Economic benefits for all will
flow. The costs to business and the consumer will be off-set by a
clean, fraud-minimised environment. We will all win. People have
to look at the big picture, beyond the ends of their noses. If
the Government are serious about their promise to make sure that
every part of the system is incentivised to take fraud seriously,
they must not only introduce new charters for business but ensure
that the different sectors, whether banking, finance, tech,
insurance or telecoms, are all driven to make life much more
difficult for the fraudster. That requires a duty to prevent
fraud applied across the board.
Enforceable obligations must apply not just to large businesses.
The six key steps we identified in the report are critical.
Ministers must act now, and they must act decisively.
10:39:00
(Lab)
My Lords, I was not a member of the committee but I very much
welcome this report and the introduction to it from the noble
Baroness, Lady Morgan. I came to the report afresh and of course
the figures are shocking. It is astounding that people are placed
under this sort of pressure. I could go through and repeat the
figures that have already been given, but the central thing is
that this is 41% of crime and is given 1% of the anti-crime
budget. That is clearly wrong, particularly when the 41% is
probably massively underreported. While this is a cyber problem,
the report makes reference to analogue fraud, which clearly
causes a lot of pain, suffering and financial loss. However, the
massive growth is taking place in cybercrime: why would you go
and knock on someone’s door when you can send them an email?
I have three substantive points to make. First, it would be
interesting to know the extent to which the committee considered
this: it seems to me that we need a specialist agency to tackle
this epidemic. Reading the report, the general line seems to be
that it should still be part of the mainstream police system, yet
the task is so specialist and immediate, requiring massive
action, that we need a specialist task force to undertake it, at
least initially. I understand the objections to setting up yet
another body, when we already have bodies that have a
responsibility to sort this out, but the scale of it requires—at
least for a period of time—a specialist action force of some
form. That of course will need funding, and that clearly should
come from the links in the fraud chain. The providers are
providing the tools with which the fraud is undertaken, and it is
reasonable to expect them to meet more of the cost of tackling
it.
Secondly, I emphasise yet again the relationship between fraud
and poor mental health. The report includes some interesting work
on vulnerability to fraud, but that relationship has a special
place. It is a relationship where there is a cause: many people
suffer poor mental health because they have been victims of
fraud. At the same time, people who already suffer from poor
mental health are clearly more vulnerable. The figures in the
report show how fraud is distributed but do not give the
respective sizes of those populations within the population as a
whole—so they do not tell the full story and it would be
interesting to get some more figures on that. I emphasise that
any action needs to take into account the specific position of
people who have, or are at risk of, poor mental health. I hope
that the Minister can at least make some sort of reference to the
importance of tackling that.
My third point is about the alphabet soup of bodies that are
rightly set out in an appendix. Unfortunately, one was missed: I
can add to the list the Fraud Compensation Fund. It sounds pretty
general but it does not compensate all fraud; it compensates a
very narrow and specific form of fraud in relation to pension
schemes. If a pension scheme loses assets through fraud and the
employer is insolvent, the Fraud Compensation Fund, which is an
offshoot of the Pension Protection Fund—the financing is
different—has to provide the compensation. I highlight that point
because, self-evidently, it is little known and there are still
important questions that need to be pursued about people’s
entitlement under that scheme and its funding. I raise that just
to give it a bit more visibility, but it is clearly part of the
fraud landscape and will need to be included in any further list
of the alphabet soup.
10:44:00
of Soho (CB)
My Lords, I too was not of a member of the committee chaired by
the noble Baroness, Lady Morgan, but was compelled to come today.
I hope your Lordships will forgive me a short personal detour
about why I was particularly keen to come and speak this morning.
I have been absent from the House for many months, partly because
of severe hospitalisation. I will not bore Members with physical
details but I am lucky to have a leg and a life right now, so I
feel as if I am winning in being able to stand up here and talk
about this subject. I particularly wanted to come this morning
because of two personal reflections from that time.
First, as Members are fully aware and as has just been mentioned
from across the Chamber, this issue affects people at their most
vulnerable. When you are at death’s door, you are at your most
vulnerable, and in hospital I met several people who related to
me, in waiting rooms or while I was lying on tables in various
places waiting for doctors and nurses, how anxious they were
about what was happening in the online world, particularly while
they were in hospital and unable to cope with the volume of
things being sent to their devices. It really struck me how I
normally manage this in my daily life, being a relatively
competent technology person—so that was the first point.
Secondly, coming back into the working world after a long
absence, the volume of text messages and emails—not to my
parliamentary account but my personal email, which is in my own
name, so I guess it is relatively easy for scammers to come
to—was absolutely appalling. I was taken quite by surprise and
felt somewhat that the scales had been lifted from my eyes. So
forgive the personal detour, but that is why I am so pleased to
be able to speak this morning and to make three short points in
my contribution.
My noble friend has already
mentioned the first of them, which is that the biggest and most
dramatic shift in technology that has occurred not just while I
have been slightly absent from the House but over the last few
months is that of generative AI and the platform shift happening
there. Everyone is reading the headlines and I am not going to
repeat what I am sure has been much debated here in the Chamber.
But it is striking to me that this report was published last
November and I think the committee would probably have put many
different points about the use of AI just in the short period of
time since. I cannot come up with a solution, but it is important
to recognise how fast technology is changing and how innately
complicated it is to keep up with the massive developments in how
platforms are being used and individuals are able to create and
generate content.
My noble friend Lord Colville mentioned the appearance of
deepfakes, but this has been amplified exponentially with these
new technologies. It is not only the volume and scale but the
sophistication: synthetic people can now be created. I was
reflecting that my voice is probably the last one a scammer would
choose to use, thank goodness—I do not think anyone would fall
for an outward call from a “Baroness Lane-Fox of Soho” suggesting
an entrepreneurial opportunity. Looking at my own entrepreneurial
adventures, they would probably put the phone down
immediately.
In all seriousness, as the bank example already given has shown,
this is a very complex issue. While I recognise that the report
suggests that AI should be used to look at sets of data, and I
agree with that recommendation, we also need to proceed with
caution and think carefully about the boundaries and guardrails
around how the latest wave of technology is used. This is an
extremely urgent matter, in my opinion.
My second point is that, as the new president of the British
Chambers of Commerce, I think it essential, as the report
suggests, that we link up with business. I would like to make a
case again for small businesses to have special treatment. It is
very hard right now to run a small business: you face cash flow
pressures, increasing energy costs, wage inflation and all the
other things that I know are debated frequently in this Chamber.
In addition, I have noted from multiple conversations with our
members their profound anxiety about how the names of their own
organisations are being used by others—let alone the things for
which they have their own responsibility. While I recognise that
corporations need to take responsibility, and I certainly believe
that technology and telecoms companies should be doing more, I
think there is still work to be done to educate small businesses
to build the cyberdefences they need.
I was talking to a small insurance company in Doncaster which had
faced a horrible issue where somebody else was using its name for
outbound calling. It was not something the company had the
capacity to look after and worry about and it did not get help
from any of the law enforcement agencies locally. It was
providing the already stressed entrepreneur with another point of
stress in these economically difficult times.
So, generative AI and small businesses are mentioned; the final
thing mentioned frequently through the report is the skills we
need to address this challenge being so profoundly lacking across
all sectors. I have thought about this deeply over the last
decade. We are still in a very profound skills crisis in this
country. Just yesterday, the Open University, of which I am
chancellor, released a report examining the extremely deep level
of skills we need across multiple sectors, including
cybersecurity. This is true across many businesses, both in the
public and private sectors. We need to make this an urgent part
of the agenda. I do not believe we will be able to be as
resilient as we should be unless we have a deeper skills
strategy. We have local skills investment partnerships, which I
understand are working well. We should be using them more and
thinking sectorally about how we can make sure that we have the
skills we need. Those are the things that struck me from reading
the report. I am delighted to be able to share my thoughts again
in the Chamber and thank the noble Baroness, Lady Morgan.
To close, I was reflecting on being at lastminute.com back in
1999. I clearly remember a moment when I found a fax on our fax
machine—despite the appearance of incredible technology, we were
using fax behind the website—that had a customer’s credit card
details on it. I was about to fax it to the supplier to get the
booking confirmed. I remember thinking “Maybe this is not such a
good idea”. Fast-forward to now: we never imagined that this is
where the technology would have led us—to the incredible speed,
pace and ability to create this fraud at scale. It is depressing.
It is not what I think the technology landscape should have
tilted towards, but we are where we are. The massive shift in
generative AI recently, as I have said, combined with the
economic climate we face, makes these recommendations vital. I
hope we can go further and faster than the report suggests.
10:51:00
(Con)
My Lords, it is a real pleasure to follow the noble Baroness. We
are all absolutely delighted that she has made a recovery from
her recent hospitalisation and is once again able to take part in
our proceedings. The points she made about AI and the skills
shortage are well taken. I look forward every weekend to reading
her column in the Sunday Times. It is also a pleasure to be
reunited with the fraud squad who took part in the committee and
to endorse what others have said about the qualities of our
chairman and support staff.
The theme running through our inquiry and this debate is the
mismatch between, on the one hand, the incidence of fraud and the
damage it causes and, on the other, the resources devoted to it.
This was well summed up by the Chief Inspector of Constabulary,
Andy Cooke, an impressive witness. He said that:
“You could probably times the £80 million by five and you would
start to make a small dent in relation to the scale of the
problem”.
His comments were reinforced by what Mark Fenhalls, chair of the
Bar Council, told us:
“The state has retreated from the investigation and prosecution
of fraud over the last 15 years”.
Prosecutions went down from 20,000 a year in 2010 to about 5,000
a few years ago. The government response to our report, while
welcome, was drafted by one of our more cautious civil
servants:
“We recognise that there needs to be improvements in the response
to fraud, from the reporting process through to
investigations”.
But, in fairness to the Government, the Minister took a more robust approach when he gave
evidence.
Before I sat on this committee, I was doubtful about the success
of police and crime commissioners. However, I was impressed by
the performance of , the Avon and Somerset
police and crime commissioner, and his approach to fraud. I was
delighted to read in his report:
“I personally have taken on the national lead role for economic
and cybercrime on behalf of the Association of Police and Crime
Commissioners”.
We need more like him.
I will focus my remarks on authorised push payment fraud and
compensation. The Payment Systems Regulator, the PSR, reported
that there are more incidents of APP fraud than any other type of
fraud in the UK, with 95,000 incidences in the first half of last
year and gross losses of £250 million. I wholeheartedly agree
with one part of our recommendation in the report, which has been
adopted: that the recipient bank should be in the frame as well
as the paying bank. The paying bank is acting on the instructions
of a legitimate customer. The recipient bank has allowed a
fraudster to open an account, almost certainly with false
details, or is operating an account on behalf of a money mule,
aiding and abetting a crime. If banks devoted the energy with
which they pursue noble Lords, who are politically exposed
persons, to explain how we got every penny we own to checking up
on the authenticity of the new accounts operated by fraudsters,
there would be a lot less crime.
I want to refer to an exchange which did not feature in our
report. It took place on 10 March last year, when one of our
witnesses was Revolut, which is basically in the money transfer
business. I asked a question about suspicious authorised push
payments:
“What percentage of customers do you convince that it is a fraud
and that the payments should stop? To what extent does the
customer just go on?”
This was the answer from Nicholas Taylor:
“Our machine learning models correctly identify over 90% of
attempted APP fraud … It is incredibly difficult to break the
spell. We have all the normal warnings before you make a
transfer, but our models detect and block a payment post fact,
where we think it is a fraud, and then we make the customer talk
to one of our agents. Even after we have directly intervened, 80%
of them still go on to make the payment”.
We heard at an IPT breakfast seminar last July that the larger
banks have even more sophisticated systems, using behavioural
biometrics, data analysis and other technologies to detect
fraudulent payments, and their experience is the same. Sadly, as
we heard from one of the brave victims who gave evidence to us in
Birmingham, at least one victim went ahead despite repeated
warnings from her bank. I think that exchange influenced our
response to the issue of reimbursement. We said:
“While we recognise the case for mandatory reimbursement of
victims of APP fraud, we are concerned that a blanket
reimbursement policy may lead to increased levels of moral hazard
and fraud, and the perception that it is a ‘victimless crime’. In
some cases, it may even lead directly to new avenues for
APP-reimbursement frauds”.
We asked the Government to revise their proposals to legislate to
allow the PSR to mandate blanket reimbursement of APP fraud
conducted via faster payments. The government response did not
take on board the risks of an overgenerous compensation scheme,
it just recognised the urgency to protect consumers and said that
they have given powers to the PSR to direct banks to reimburse
victims of APP fraud.
The PSR then issued a comprehensive consultation document on
proposals for reimbursement and responded earlier this month on 7
June. This was one comment on its proposals:
“Under the new legislation, 100% of consumers’ APP fraud losses
will have to be reimbursed by PSPs, except in extreme cases of
negligence on the part of the customer, which will—by all
indications—be extremely rare”.
I am all in favour of improving the current position, in which
only 46% of fraud is reimbursed. We need minimum standards and a
common approach, but the proposals will apply to all cases,
except where the customer has acted fraudulently or with gross
negligence.
My concern is that, with consumers protected in this way, some
customers may be willing to make more risky payments without
properly considering the consequences, whereas we should be
considering exactly the opposite. The proposal means that people
who are careless will be fully compensated. I think this is
overgenerous. If you are careless with your wallet, your
insurance company certainly will not compensate you. If you are
careless and damage your car, you will not be compensated.
Obliging the banks to compensate you unless you have been grossly
negligent is overgenerous, weakens the message that people should
be careful and, far from deterring fraudsters, will encourage
them. It is also inconsistent with the paragraph I quoted from
our report. There is time to put this right, as the PSR is still
consulting, before finally agreeing the regime. I will not be
popular for saying this, but I urge them to think again.
10:59:00
(CB)
My Lords, this has been a most productive debate on an issue I
fear might only get worse, unless it is robustly addressed. As
always with the challenge of putting forward original
contributions while being tail-end Charlie, I will focus on some
key takeaways. Having reflected on some of the extensive points
that stood out from the committee’s report and the Government’s
response, I have little doubt that a number of challenges should
be urgently addressed, including the fact that law enforcement
and government lack efficient co-ordination and operational
capability. That is just the beginning, to illustrate the scale
of the problem.
Due to the level and sophistication of fraud, companies must
adopt a culture of suspicious inquiry. To protect and support
their sales efforts, companies need free access to case studies,
and FAQs and proactive alerts would be of interest. Merely
reporting to Action Fraud, while formalising and gathering the
data, in no way ensures that wider sharing of data and,
ultimately, regulatory and criminal action and remedies are
enforced. Anti-fraud measures such as Action Fraud have been
ineffective when compared to what could be achieved if they were
exploited properly. More focus should be on action and,
importantly, on ensuring the knowledge and experience to act
quickly.
The all-important technology used by criminals is better
anonymised, making effective follow-up difficult. Law enforcement
and government lack the necessary latest digital technologies to
counter the threats, including securing the wrong technology for
the job, which could take years to unpick.
Insufficient accountability for delivery exists, and it is too
easy to hide non-delivery. Current legislation overcomplicates
and hinders the process of evidence collection and quick action,
with insufficient consideration given to the private sector to
assist law enforcement agencies and government. This contrasts
with the military model, which actively seeks help.
I will venture a number of pointers for consideration. Enabling
better use of the private sector and factoring in the experience
of qualified investigation companies, with the added benefit of
leveraging operational capability, is as relevant to the fraud
environment as it is in many instances where government could
usefully adopt a differing mindset. I also suggest enabling
access to the latest anti-fraud technology held by private
companies, through government frameworks such as ACE and tracer,
developing the co-ordinated and technology-sound effort that is
urgently required to counter fraud threats.
Advances in technology make the task more challenging, with
sophisticated frauds often launched from outside the UK, making
detection and response difficult. Those who perpetrate modern
frauds are technology-savvy, sophisticated criminals who
meticulously plan their activities to protect and preserve
revenue streams.
Given the level of criminality, an anti-fraud tsar should be
given oversight to ensure accountability. Often, the problem with
digital fraud is that the legislation and, therefore, the ability
to respond is simply not there. The creation of a working group
under parliamentary supervision, or a central figure such as a
tsar or anti-fraud commissioner to implement quick-fix measures,
would produce dividends. An operational fraud centre that not
only analyses but co-ordinates, such as an effective Action Fraud
and the NECC—with clear operational power and capability—would,
additionally, greatly assist, as would providing a due diligence
and educational hotline for the public to report suspect
activity, alongside a central social media monitoring tool to
alert people to fraud attempts.
I suggest encouraging companies to incorporate anti-fraud
measures, as is the case with modern slavery and anti-bribery,
and an expert asset recovery unit to recover assets in civil
fraud cases, along with enabling private funds to help sponsor
anti-fraud activity. Two examples of developing a robust, unified
and co-ordinated response from government, law enforcement and
the private sector are: urgently developing a working group to
conduct a thorough review of what hinders—and, conversely, what
helps—fraud investigations; and reviewing the unintended
consequences of data laws that restrict fraud investigation,
alongside a lighter-touch GDPR and the reinstating of the
successful multiagency asset confiscation unit within the
Ministry of Justice. This has been spoken about for years, with
various initiatives launched, such as Action Fraud, but they have
failed to have the intended impact.
I suggest deepening co-operation with banks—while recognising
their advances on the algorithm sets to watch for incoming
fraudulent transactions and spotting and responding to fraud—and
devising a deeper co-operation model between banks, tech
companies and the legal, accountancy and investigation companies
which often encompass former law enforcement officers. This is a
quick fix, and existing models of interbank co-operation could be
adopted. There is frustration at the lack of action in this
regard.
The FCA is a pivotal organisation, and the combined endeavours
with the director of the NECC, her successor and the NCA
intelligence director—all of whom left the NCA to take up senior
roles in the FCA—should be taken full advantage of to include
strengthening tactical issues to lead to better strategic
oversight and direction from the FCA. Government should urgently
bring forward measures to enable the FCA to regulate crypto
assets and enlarge current rules, relaying the results of
examination of blockchain, under regulation, to private
companies, which have fewer priorities and extensive
resources.
An urgent review that uses experienced investigators and advanced
investigation tooling, including AI, to assess where assets could
be recovered would be useful. I did not think of it this morning,
but I wish I had asked ChatGPT what comments it would make on
anti-fraud measures that might assist this debate; I will do so
this afternoon.
We should ensure that Companies House becomes a more active,
transparent gatekeeper and is provided with appropriate
resources, aided by developing a dedicated whistleblowers’
anti-fraud hotline, combined with the appropriate legal
protection for whistleblowers, similar to Crimestoppers, with
reward incentives as a viable way to combat fraud. The noble
Baroness, Lady Morgan, spoke of the need to incentivise the whole
anti-fraud environment, and she is absolutely right. The list
goes on, but implementing operational response by adopting the
counterterrorism “four Ps” mantra of pursue, protect, prevent and
prepare should be fully applied to identify and frustrate
fraud.
I acknowledge conferring with Harod Associates to confirm some
salient points of detail. The question of how private
investigation companies could be more usefully utilised and added
to the toolkit should be examined. Often equipped with more
powerful investigation tools, and with many fraud investigators
under the command of former law enforcement seniors, they could
provide a significant resource to assist. Set fees for many of
these companies could be set at government rates and recovered as
costs.
Many existing recommendations are felt to be hard to achieve, or
advance with glacial speed. The more involved I become in an
unrelated national review, the more I find that government
working in silos instead of in partnership is a national trait; a
sea-change in government’s mindset is required. I noted
references to the international space and fully intend to include
fraud in my ESG programme. I encourage government to do
likewise.
11:08:00
(Con)
My Lords, I shall speak in the gap. I was not a member of the
committee, and I will be brief in dealing with one point in
particular. This is an important report that is extremely
thorough in dealing with the alarming rise in the level of fraud
in this country. It is no exaggeration to say that hundreds of
millions of pounds is involved, both in the economy and in
individual financial situations, and misery is caused to those
who become victims of it. It is good to hear that the Security
Minister is taking the report’s proposals seriously.
The point I want to focus on, which features in the report, is
the need to reform the Computer Misuse Act. If it were reformed,
that would add effectively to the armoury of measures that we
need to deal with the growth in fraud. The Act was an early piece
of legislation in the field of cybersecurity—I would say it was
one of the foundational pieces—and, not surprisingly, in some
respects it is out of date. The report says, in terms, that its
review “cannot be delayed further”. It was about a year ago, if
not rather longer, that my noble friend, the then Minister of
State in the Home Office, indicated to me in response to a
question that our hopes that there could be action perhaps would
be realised. I have to say that it still has not happened; it
certainly has not resulted in any draft legislation.
One may ask why it matters. There are a number of reasons, but
the one that is relevant to this report is that we need a
statutory defence in this country to protect cybersecurity
researchers from prosecution. Those researchers are potentially
part of the mechanism that could track criminals down, but our
law is unclear on the legality of their being able to do this and
engage in the kind of ethical hacking that they would need to in
order to get at the roots of the criminal activity. Such hacking
is not happening on anything like the scale that could be
helpful, and is possible, if the necessary legal cover were
given.
The Government said in their response to the report:
“The government is consulting on a number of new powers for law
enforcement agencies to enhance their ability to investigate and
prevent cybercrime. In addition, further work is needed on the
issue of defences, which will be taken forward through engagement
with stakeholders”.
That is correct, but this is the situation that prevailed when I
last raised the issue, which was, as I said, at least a year ago.
The pace of consultation seems to be excessively leisurely. I
plead with the Government to get on with modernising that useful
but outdated Act. Compared with the scope and complexity of some
recent legislation, it is a comparatively simple task—perhaps
that is why it is taking a back seat. If the Act were modernised,
it really would be capable of making a useful contribution to the
reduction of fraud in the UK, which I think this House agrees is
an important task which we should be getting on with.
11:12:00
(Lab)
My Lords, I express my sincere thanks to the noble Baroness, Lady
Morgan, and all her committee—who will from now on be known as
the fraud squad. It is evident from my engagement with the
committee that its members formed a very strong bond, and a very
collaborative report is the result. I commend them for that. I
also thank all the organisations and individuals who have sent us
briefings to assist our debate.
I welcome the opportunity to be involved in discussing this
report, particularly after spending with many other noble Lords
in this Chamber many hours and days debating and voting on the
Economic Crime and Corporate Transparency Bill, which in large
part deals with fraud as the most common type of crime—not only
of economic crime but of any crime.
Fraud has become utterly prolific in this country, and I am
afraid that the Government simply have not kept pace. Regularly
editing it out when presenting crime statistics does not change
this fact, and it certainly does not change the experience of
Britons who, according to UK Finance, experienced 3 million cases
of crime, to the tune of £1.2 billion, just last year. Despite
this, as we have heard, only 1% of our police resources are
focused on economic crime and only 0.01% of cases are brought to
court. Only three convictions for serious fraud were secured last
year—a reduction of seven since 2015. The committee makes it
clear that our public sector and criminal justice systems are
failing to keep pace with fraudsters, and its recommendations
make it clear that this must be a priority to reverse the trend,
recognising the increasing complexity that we are working
with.
I want to stress the emotional impact on the British public as a
major consequence of fraud. As the report explains well, fraud
involves manipulation and deception. Victims are often blamed for
crimes committed against them and feel shame for having fallen
for the crime, despite being a clear victim of a criminal act.
The often devastating impact can be emotional trauma and
psychological harm, also affecting physical health. The noble
Baroness, Lady Lane-Fox, gave a very powerful description of the
impact.
We have heard today of the sheer breadth and audacity of fraud
crimes, playing on the vulnerable. There has been an increase
related to the increased use of digital applications since
Covid—banking apps are only one aspect of this. There is
advertising on our phones, scamming of debit cards at
hole-in-the-wall facilities as well as a range of economic crimes
so well documented in the report. Reform is vital to ensuring
that we protect individuals and businesses across the country,
but the enormous scale of fraud in this country, the links
between economic crime and violent crime, war, corruption and
human trafficking, and exposure to money laundering also threaten
the strength of our economy, the stability of our world and the
UK’s international reputation.
I am pleased to be able to speak on this report at a time when
Members of this House have worked together to send to the Commons
six excellent amendments to the Economic Crime and Corporate
Transparency Bill, with many more changes made after working
productively with Ministers—for example, to strengthen the role
of Companies House and the overseas register, to create a new
offence of failing to prevent fraud, to stop those who wish to
silence journalists and others exposing large-scale economic
crime, and extending the cost cap for civil recovery cases. I
applaud the Government for the changes that they have made during
the passage of the Bill. However, we know that there is a lot
more to do. I hope that the Minister will convey the strength of
feeling when the debate goes back to the Commons and that our
amendments will be protected.
We have to recognise that we live in a different world since the
Fraud Act 2006 was passed. It was introduced in the same year as
Facebook became open to the general public, having started as a
social media platform just for Harvard students. The ability for
fraudsters to use technology, the internet and our
telecommunications system has driven a huge increase in fraud.
According to UK Finance, telecommunications account for 18% of
fraud but 44% of the monetary value of losses. Falling for text
fraud is as easy as opening a message that tells you that your
parcel is due for delivery.
Tackling fraud means tackling online fraud and telecommunications
fraud. I welcome the measures in the Online Safety Bill that seek
to prevent online fraudulent advertising in that specific
context, but wider internet fraud must also be tackled. Telecoms
fraud, for which the committee said that the sector had
“allowed blame to be placed elsewhere”,
also needs to be dealt with. The noble Lord, , gave a very clear
exposition of that.
The Government’s response makes it clear that they recognise the
significant threat that fraud poses to the UK. Given that, why
does their strategy aim only to reduce fraud by 10% on 2019
levels by the end of this Parliament? Can the Minister tell me
how close we are to that 10% now, and what measurable progress
can we expect over the next few months? Looking further into the
future, what reduction does he want by 2030 or 2040? Taking fraud
seriously as a crime to me means being significantly more
ambitious.
There have been some very serious questions for the Minister, but
can I add another by asking what progress has been made on
replacing Action Fraud? If only 1% of police resources are
dedicated to fighting economic crime—and we all agree that that
is ridiculously low, given that fraud is the most common
crime—does the Minister think that the law enforcement response
that he has outlined will be sufficient? As my noble friend Lord
Browne has said, the issue of resources will be absolutely
critical. As my noble friend Lord Davies said, do we actually
need a specialist agency in this space? Do we really believe that
the companies are being incentivised to prevent fraud? What other
measures does the Minister have to bring into place?
The UK has now achieved a disastrous reputation as a lucrative
market to commit fraud. We have heard about the appalling impact
on victims My hope is that the Government’s further responses
will lead to urgent action and a determination to raise awareness
of the extent and impact of fraud on our citizens and our economy
that is bringing misery to so many.
11:21:00
The Parliamentary Under-Secretary of State, Home Office () (Con)
My Lords, I congratulate my noble friend Lady Morgan of Cotes on
securing this debate. I am grateful to her and to all noble Lords
who have participated and have made some very good and thoughtful
points. I also express my thanks to my noble friend and all
members of the Fraud Act 2006 and Digital Fraud Committee—the
noble Baroness, Lady Blake, has stolen the joke that I was going
to make about the fraud squad—for its comprehensive report,
Fighting Fraud: Breaking the Chain. I also thank noble Lords also
for their acknowledgement of the progress that the Government
have made. The report’s insightful analysis and
constructive recommendations helped to shape the Government’s
Fraud Strategy, which was published in May.
I have been asked a number of questions and will endeavour to
cover them in the time available and, obviously, I commit to
writing if I do not. This is a complex subject, so I shall do my
best to be brief. I start by emphasising that the Government take
the issue of fraud very seriously indeed and are dedicated to
protecting the public from this devastating crime type. I have
already had meetings with , the anti-fraud
champion, and I know that he is working very hard on his
brief—and also, incidentally, has a very strong background in
this area from his work with the British Bankers’ Association
back in the day.
As most noble Lords have noted, fraud is the most frequently
committed crime in the UK. Every year, billions of pounds are
lost to fraudsters, including the savings of hard-working people
up and down the country. As my noble friend Lady Morgan and
others have noted, it is not a victimless crime. Given the scale
of the challenge, tackling fraud requires a unified and
co-ordinated response from government, law enforcement and the
private sector. I thought that the noble Viscount, Lord Waverley,
was entirely right on that. It stands to reason that a
collaborative effort will allow us to protect the public and
businesses better.
I would say to my noble friend that we are acting now. The
Government’s approach is split across three pillars: first, we
are pursuing fraudsters and ensuring more criminals are behind
bars; secondly, we are blocking fraud at source and strengthening
efforts to frustrate fraudsters as they target potential victims;
and, thirdly, we are empowering people so they are more likely to
avoid fraud and the harm that comes with it.
Within the fraud strategy, the Government have committed to a
programme of ambitious action. To start with law enforcement, we
are beefing up the law enforcement response to fraud by launching
a new national fraud squad with 400 new officers, deploying the
UK intelligence community, UKIC, to relentlessly pursue criminals
wherever they are in the world and putting more fraudsters behind
bars through better investigation and prosecution processes.
If I may, I shall go into a little more detail about the national
fraud squad, as the noble Lord, Lord Davies, asked me about it.
This is a specialist engagement, and the noble Lord, Lord Browne,
the noble Baroness, Lady Blake, the noble Viscount, Lord
Waverley, and the noble Baroness, Lady Lane-Fox, also asked about
it. The national fraud squad will draw together existing
capabilities for fraud across national and regional policing and
the NCA. It will cover proactive, intelligence-led and reactive
investigations. Investment into the national fraud squad has, and
will continue to, enhance these capabilities and increase
resources to better tackle fraudsters targeting the UK public and
private businesses. The national fraud squad will consist of
investigation and intelligence teams from within the NCA, the
City of London Police and regional organised crime units across
England and Wales. It is being bolstered by 400-plus new
officers, as I have said, and that will be by 2025; they will
investigate and disrupt more fraudsters through strategic
co-ordination at local, regional and national level.
The NFS will be jointly led by the City of London Police, as the
national police lead, and the NCA as the operational lead for
fraud. Teams in the City of London Police and the NCA will work
together with UKIC to share intelligence in real time to
understand the threat and take proactive enforcement action
across government and the private sector against the most harmful
fraudsters targeting the UK public.
The noble Baroness, Lady Lane-Fox, made some very strong points
about skills. Police and investigators need to have the
appropriate digital skills and capabilities, as criminals get
better at exploiting them and the technology evolves—a point that
was very well made. We are working with the College of Policing
to review the fundamental training provided to all police
officers and investigators, and the City of London Police and
National Economic Crime Centre are also developing a people
strategy to address recruitment and retention challenges. At this
point, I should just mention the City of London Police
commissioner, Angela McLaren, who was appointed in January 2022.
She was previously the assistant commissioner there for fraud and
cybercrime, so she is an expert and will obviously have a fairly
major part to play in this work.
We will stop fraudsters from trying to make victims of us all, by
banning cold calls on financial products and banning criminal
access to SIM farms. The consultation on that ended only last
week or the week before. Fraudsters use those to send mass
messages, and we need to take down fraudulent websites more
quickly. We will make sure that every part of the system is
incentivised to take fraud seriously by working with the tech
sector to put in place extra fraud protections, shining a light
on which platforms are the safest. The Government will make it
much easier to report scams by replacing Action Fraud with a
state-of-the-art system, making sure that intelligence is shared
quickly and that action is taken early to stop frauds. I shall
come back to Action Fraud in a bit more detail in a second.
We will ensure that victims of fraud are reimbursed and supported
by changing the law so that more get their money back. We will
improve communications so that people know how to protect
themselves from fraud and how to report it. My noble friend
made some very
powerful points about the evidence given by Revolut, and I shall
come back to that as well shortly. Put simply, the strategy marks
a step change in our approach to rooting out fraudsters and
protecting the public from these pernicious and devastating
crimes.
I shall now deal with the more specific points. First, on the
subject of telecommunications, criminals abuse telecommunications
networks to target people and con them out of their hard-earned
money, including through scam texts and calls. We are committed
to doing everything that we can to tackle this awful crime and
bring the despicable criminals responsible to justice. In 2021,
the Government and industry signed a telecommunications fraud
charter, which is a voluntary code of action against
telecommunications fraud. As a result of the charter, over 600
million scam texts have been blocked from reaching potential
victims.
However, as my noble friend Lady Morgan, the noble Viscount, Lord
Colville, and others noted, we recognise that there is more to
do, and we will continue to work closely with industry, the
regulators and consumer groups to bring in the further measures
set out in the fraud strategy to close the vulnerabilities that
criminals exploit. This needs to be a joint effort across
sectors, as the answer to solving fraud does not lie solely with
the telecoms sector. As announced in the fraud strategy, the SIM
farm consultation has just closed and we will come back with more
on that in due course.
Online fraud is a significant part of the problem, obviously. The
scale of online fraud is alarming. As my noble friend noted, nearly 80% of all
acts of fraud have some sort of online element. We are deeply
concerned by the devastating impact it can have on victims—a
point very powerfully made by the noble Baroness, Lady Lane-Fox,
who also highlighted the rapidly evolving nature of the
technology. As noble Lords will be aware, the Online Safety Bill
is designed to provide some future-proofing, but we will all need
to be aware of and alive to the nature of evolving
technology.
In the last year, Lloyds, Santander and TSB have published data
regarding the origin of frauds that have impacted their
customers. Their research suggests that approximately two-thirds
of all online shopping scams now start on two Meta-owned
platforms: Facebook and Instagram. The noble Viscount, Lord
Colville, made some powerful points about the various types of
online scams and how convincing they look. I was going through
some examples of those with the Anti-Fraud Champion, Anthony
Browne, the other day, and the noble Viscount is absolutely right
that they are incredibly realistic. Clearly Meta needs to do a
good deal more about these.
Of course, I stress that not all companies facilitate or allow
for this type of thing and some are very rigorous with their
protocols, but there is clearly very much more still to be done
by some companies, and the Online Safety Bill will target them.
As noble Lords know, the Bill has completed Committee stage in
this House and the Government are committed to passing it before
the end of the parliamentary term. The Bill will designate fraud
as a priority offence, as others have noted, and will require
in-scope companies, including social media providers, to tackle
fraud on their online platforms. The Government have listened to
victims’ testimonies, as well as evidence from trusted
stakeholders and noble Lords, including in Committee. This
informed our decision to bring fraudulent advertising into the
scope of the Online Safety Bill. This means that the largest
social media and search companies will need to take action to
prevent fraudulent advertisements on their services.
Combined, these duties will mean that in-scope services will have
to crack down on criminals abusing their platforms to defraud
innocent members of the public. The Bill will be enforced by the
regulator Ofcom, which, as noble Lords know, will have the power
to issue very significant fines to companies that fail to tackle
fraud—we are talking about fines that could equate to significant
percentages of turnover, which I am quite sure will focus
minds.
The Government are also bringing forward the online advertising
programme to consider how advertising regulation should be
modernised for the digital age. It will build on the fraudulent
advertising duty in the Online Safety Bill and will look at the
role of the entire advertising supply chain. We will be
publishing a response to our consultation on that in due
course.
Further, building on the success of a series of voluntary
charters agreed with the retail banking, telecoms and accountancy
sectors, we have initiated work on an online fraud charter with
the tech sector. This agreement between the industry and
government will deliver a number of further commitments to help
raise the standards of best practice and intensify tech firms’
work to reduce fraud on their platforms. As part of the online
fraud charter, we have asked firms to: introduce stringent
verification checks on financial advertisers, including
cross-referencing with the FCA checklist before allowing
financial adverts on platforms; adopt a simple, seamless and
consistent fraud reporting mechanism for users, with better
follow-up action and advice provided; improve data sharing with
government and other private sector partners to identify and
block more frauds; and promote counterfraud education to the
public to help them spot and avoid frauds, and signpost support
when needed.
The Government recognise that authorised push payment fraud,
where people are manipulated into making a bank transfer to a
fraudster, is a growing problem; this was referred to by my noble
friends Lady Morgan, Lord Young and . We welcome the actions of
the financial services industry to help prevent it. The banking
industry has shown industry leadership in committing to a fraud
sector charter with the Government that has delivered ambitious
and innovative actions to prevent authorised fraud and protect
customers. We welcome these initiatives, but more still needs to
be done both to prevent fraud and to ensure that victims are not
left paying for fraud through no fault of their own.
The Payment Systems Regulator is working with the payments sector
on a range of measures to combat authorised push payment fraud.
This includes requiring the 14 largest payment providers to
publish APP fraud rates, improving data sharing and mandating
reimbursement of APP scam victims by banks and other payment
service providers. To the point made by my noble friend Lord
Young, payment service providers are consulting on the definition
of “gross negligence”, which will include a threshold and limit
on claims. The providers must do more to prevent APP fraud; they
are in a unique position to be able to prevent it, and the work
is ongoing. This is in addition to existing initiatives such as
confirmation of payee, strong customer authentication, and the
industry-led banking protocol.
The Government are also investigating the possibility of
legislating to enable further delays to payments in high-risk
fraud scenarios, as mentioned by others. We have also committed,
through the fraud strategy, to making it easier for banks
to repatriate money to victims. This means returning victims’
money where possible, rather than reimbursing.
My noble friends and Lady Morgan and the
noble Baroness, Lady Blake, have recognised that the current law
on corporate criminal liability does not hold organisations and
their senior persons adequately to account. That is why,
following the Law Commission options paper on corporate criminal
liability, the Government tabled an amendment to the Economic
Crime and Corporate Transparency Bill to introduce a new failure
to prevent fraud offence, and I am grateful to the House for
approving that. The reforms will help to protect victims and cut
crime by driving a culture change towards improved fraud
prevention procedures in organisations. It will also mean that
organisations will be held to account if they profit from the
fraudulent actions of their employees.
We debated on Tuesday the wish of some noble Lords to change the
threshold for this offence. I will not go over all the arguments
again, but the offence proposed by the Government has been
designed to balance the fraud prevention benefits with minimising
burdens on small business. I thank the noble Baroness, Lady
Lane-Fox, for her interesting personal reflections on how hard
the business environment currently is for small and medium-sized
enterprises. A strong UK economy must be an environment that
supports people to open and grow businesses. There are existing
powers to prosecute small organisations and their employees if
they commit fraud, and these powers are further improved by the
introduction of the identification doctrine reforms. We need to
keep the burdens in check, but I am sure that we will revisit
these arguments soon.
On the subject of the courts, the judicial process and criminal
justice system, to which the noble Baroness, Lady Blake,
referred, we realise that fraud cases, and the often large
volumes of complex digital material that they generate, require a
significant amount of time and resource to undertake a thorough
investigation and bring a prosecution to court. To ensure that
prosecutors have the right tools to take on fraudsters, we will
conduct a new, independent review into the challenges of
investigating and prosecuting fraud. The review will consider:
modernising the disclosure regime for cases with large volumes of
digital material; whether fraud offences and the Fraud Act 2006
meet the challenges of modern fraud, including whether penalties
still fit the crime; looking at civil orders and penalties to
prevent fraudsters reoffending; and making it easier for
individuals to inform on associates in criminal fraud
networks.
We also recognise the impact that delays can have on victims,
witnesses and defendants, and we are taking steps to reduce the
overall Crown Court backlog. As well as removing limits on the
total number of sitting days in the Crown Court for a second year
in a row, we are recruiting around 1,000 judges to increase
judicial capacity in the criminal courts with the largest
caseloads. We will also recruit around 2,000 new magistrates by
2025. We are continuing with the planned construction of the City
of London law courts, which are scheduled to open in 2026 and
will facilitate the hearing of more economic crime cases.
I committed to come back to Action Fraud, because it is vital
that victims of fraud have the confidence and trust to come
forward to report instances of fraud and know that their case
will be dealt with properly. Action Fraud is a key part of this.
We are working alongside the City of London Police to refresh and
upgrade the current Action Fraud service. We will be providing
over £30 million to the City of London Police to replace Action
Fraud with a more efficient new system that will provide better
support services and reporting tools for victims and better
intelligence to law enforcement so that it can investigate and
disrupt more fraudsters. I am pleased to share that improvements
are already being rolled out and more are coming, with the new
service expected to be fully operational by 2024. This will
further improve the support services and reporting tools for
victims, provide greater intelligence, as I have said, and allow
for greater prevention and disruption.
I have not really talked about victims yet, which is remiss of
me. As the noble Lord, Lord Davies, pointed out, the impact on
victims can be very significant indeed. It can have a devastating
impact on mental health, and particularly on the elderly and most
vulnerable people in our society—and that is not to forget the
serious financial, as well as emotional, harm that can be caused.
That is why we have taken various steps, as detailed in the fraud
strategy, to improve the support that victims receive. The Action
Fraud National Economic Crime Victim Care Unit provides support
for victims of fraud and cybercrime whose cases are not
investigated by local police. The Home Office is working with the
City of London Police to deliver a nationwide rollout of these
units from 2023.
We are also supporting National Trading Standards’ Scams Team in
the rollout of a multi-agency approach to fraud hubs across
England and Wales. These hubs aim to bring together different
local agencies to enable fast information sharing to identify the
needs of a vulnerable person. It is important that victims of
fraud receive the support they are entitled to. We are working to
improve the victim support system to ensure that everyone
receives the support they need to feel safe again.
The noble Lord, Lord Davies, raised the subject of data sharing.
As outlined in the Economic Crime Plan 2, published earlier this
year, sharing data is a key route for the public and private
sectors to identify and block frauds and economic crime. Large
amounts of financial data flow through the UK every hour. The
overwhelming majority of this data relates to legitimate
activity, but a small proportion involves criminal activity.
Currently, too much of this data sits siloed in different
organisations, in different formats with unclear legal and
technological gateways for sharing it. The Economic Crime and
Corporate Transparency Bill and the reforms to the general data
protection regulation will remove the legislative barriers to
economic crime data sharing. Now is the time to capitalise on
those opportunities.
Under a public/private economic crime data strategy, we will
produce and implement a strategy that enhances the exploitation
of available data across the ecosystem to better prevent, detect
and pursue economic crime. In addition, we will work across
public, private and international boundaries and improve the flow
of information between regulated sector entities; improve the
flows of information and intelligence between public and private
organisations, including supervisors; improve the flows of
information and intelligence between public organisations; and
identify and address obstacles to international information
sharing.
My noble friend , the noble Viscount, Lord
Waverley, and the noble Baroness, Lady Blake, talked about the
international dimension to this. Of course, the fraud threat to
the UK is varied, but more than a third has an international
element. As part of the strategy, we aim to become the global
leader in tackling fraud. We will develop stronger partnerships
with international fraud threats, share best practice and advance
the UK’s aim to lead a multilateral response. This engagement
will culminate in the UK Government-chaired global fraud summit
in 2024, at which we will look to agree an international
co-ordinated action plan to dismantle fraud networks.
I am afraid I am unable to comment further at this point on the
comments by the noble Baroness, Lady Neville-Jones, about the
Computer Misuse Act. I heard what she said and I will of course
take that back to the department and report.
In closing I again thank my noble friend Lady Morgan of Cotes for
securing this debate and all those who have spoken. It seems to
me that there is a broad consensus about the vital importance of
this issue. Fraud is affecting far too many people and ruining
far too many lives. As I have made clear, the Government are
committed to stopping fraud at source and pursuing those
responsible wherever they are in the world. I am afraid I cannot
update the noble Baroness, Lady Blake, on her 10% comments, but I
commit that my personal target is to reduce fraud to zero. I
accept that that is highly unlikely, but there is no harm in
aiming high.
The recently published Fraud Strategy represents a step change in
our response, and I assure noble Lords that we will be assiduous
in implementing its commitments as we take the fight to
fraudsters, because ultimately this is about protecting the
public. We must and we will do everything in our power to
prevail. I hope I have answered noble Lords’ questions.
11:42:00
of Cotes (Con)
My Lords, I rise very briefly at the end of what has been a
fantastic debate to thank all noble Lords who have taken part.
The breadth of this debate has captured the significant spread of
issues in our report and more broadly, and has demonstrated why
we were right to look at the whole of the fraud chain and why we
will not get on top of this problem unless we tackle all elements
of that chain. The noble Lord, Lord Browne, rightly threw down
the challenge of whether the 10% reduction is significant enough,
and he has just heard from my noble friend the Minister that we
would all like to go a lot further and faster. He was also right
to highlight the lack of overall data in relation to fraud that
we found as a committee. There is an opportunity there for any
researchers listening to do a lot more in this space for the next
inquiry that comes along.
It is a great pleasure to welcome the noble Baroness, Lady
Lane-Fox, back to her place, and I look forward to her future
contributions in debate. I cannot do justice to all the issues
raised, but my noble friend the Minister captured many of them.
My noble friend Lord Young used the phrase “breaking the spell”,
and there is no doubt that victims, particularly victims of APP
frauds, are under a spell and are being socially engineered. As
the noble Baroness, Lady Blake, said, often they are blamed for
having fallen under that spell through no fault of their own,
because there was not sufficient preventive action to stop those
fraudulent messages and attempts reaching them in the first
place.
My noble friend said that too many
institutions have failed to tackle this issue or take it
seriously for too long. I think that this report, the
Government’s action and the changes made to legislation, both
here and in the House of Commons, show that this is changing.
Noble Lords have heard from the passion in this debate that
committee members, hereafter to be known as the fraud squad, have
taken these issues very seriously and will not let them rest. I
thank all noble Lords for an excellent debate.
Motion agreed.
|
