UK judges to get online fraud sentencing guidance

The UK's judges should be given a thorough grounding on the computer techniques used to steal bank account and card details, according to new recommendations from the Sentencing Guidelines Council (SGC).

In a draft guideline sent to Justice Secretary Jack Straw and the Justice Select Committee, the SGC says techniques such as phishing, vishing, pharming and the use of trojans should be treated as making articles for use in fraud.

This would mean sentencing should range between two and seven years for an "extensive and skilfully planned" fraud. For lesser cases the council recommends sentencing ranging from a community order to two years in custody.

Christopher Pitchford, council member, says: "Offenders are using ever more sophisticated ways to commit fraud and this guideline offers advice to sentencers on the use of computers and technology to create and disseminate articles for use in fraud."

"Fraud is not a victimless crime. Economic crime, including the bills for detection and prosecution is a huge burden on the economy," adds Pitchford.

Fraud in the UK jumped nearly 16% in 2008, with 214,342 cases identified throughout the year as recession-hit Brits turned to crime "to make ends meet", according to Cifas.

The fraud prevention service says the rise is partly attributable to a massive 207% jump in facility takeover fraud - where a third party accesses an account, usually through phishing, telephone scams or the interception of cards and statements. The number of accounts taken over rose from 6272 in 2007 to 19,275 last year.

Jack Straw himself fell victim to cybercriminals last week. His e-mail account was hacked by scammers who sent messages to hundreds of contacts asking for money.

Channels

Retail banking Security Payments

Keywords

Cards Legal

Comments: (1)

A Finextra member 02 March, 2009, 14:03

Be the first to give this comment the thumbs up

0 likes

It is great to see the government addressing the issue of online fraud. The explosion of online banking and payments in recent years has been accompanied by a significant increase in the volume of fraudulent activity and the methods used to perpetrate this type of crime. Figures from the UK Payments Association, APACS, state that Internet and telephone transactions totalled £290.5 million losses in 2007 alone.

By identifying the types of online fraud and the penalties associated with each, the judicial system can begin to appropriately address this escalating and highly damaging crime. However, sentencing deterrents alone are not enough and financial institutions themselves need to be implementing measures to tackle online fraud. Banks are increasingly prioritising e-commerce security, however strategy to date has primarily focused on isolated uses of the Internet rather than encompassing the entire online environment. For example, the introduction of card readers for two-factor authentication for online banking has been a significant and successful step in the right direction.

As this article highlights, banking is only a small element of the wider financial activity which takes place online. Building on the success of two-factor authentication for online banking, security advisors in financial institutions are in a strong position to advocate the business benefits of extending two-factor authentication for the entire online payments space. While a comprehensive and uniform penalty system is crucial in the fight against online fraud, equally important is a continued push within the banking community to protect all forms of financial transactions online in order to stamp out the opportunity for fraud in the first place.