The UK government launched a three-pronged strategy for combating and eliminating financial scams in the UK in May 2023, under the direction of UK Home Secretary. There are three pillars: 1. Pursue fraudsters, 2. Block fraud, 3. Empower people.
66-page report outlines the ambitions and goals of the new fraud strategy, broadening the scope of who should contribute. It specifically targets social media corporations, mobile network carriers, major internet players, and, of course, financial institutions.
The new strategy also requests involvement from the UK Intelligence Community to help identify and arrest fraudsters, many of whom reside outside the UK. The UK government has appointed
Anthony Brown as the Prime Minister’s Anti-Fraud Champion.
Magnitude of the Scam Epidemic
Let's first evaluate the issue before we discuss the fraud approach in more detail. Because permitted fraud losses now outweigh unauthorised fraud losses (54%-46% in 2022) the extent of the scam problem has attracted significant attention. According to the
fraud strategy document:
- Over 40% of all (criminal) offences in England and Wales involves online fraud and scams
- Victims reported losing £2.35 billion in 2021.
- For authorized frauds (where victim unwittingly executes the transactions), the average loss was £3,000, although some victims have lost hundreds of thousands of pounds.
- Losses above £10,000 make up 0.5% of the loss incidents, but 29% of the financial losses.
70% of the fraud either originates abroad or has an international element.
Then there is the human side of fraud – the psychological toll that scams take on actual victims. The document noted at least three-quarters of the victims also suffer emotional hardship because of these losses.
There is also a concern that
generative AI will allow fraudsters to more effectively craft the ‘attack’ message (phishing, smishing, or vishing). Separately, in a
recent Frank-On-Fraud article, TSB Bank said, “Meta is responsible for (the initiation) for most of the fraud and scams perpetrated against their customers.” Meta owns Facebook, Instagram and WhatsApp.
Examining the UK Fraud Strategy's Foundations
After assessing the problem at hand, let's evaluate each component of the fraud strategy.
Pillar 1: Pursue Fraudsters
The strategy document's primary objective is to pursue criminals. Few defendants are ever brought before a court these days for financial fraud and scams. According to estimates, there is only one successful prosecution for every 1,000 scams.
Given that a majority of fraud attacks are initiated abroad, the government wants to bring in the UK Intelligence Community and add over 400 new investigators in a new National Fraud Squad to start to aggressively identify and arrest fraudsters. They had
a recent success in November 2022, working with the US and the Ukraine, to
bring down the iSpoof website (used to spoof banks on phone calls to customers). Nearly 200,000 UK victims were impacted, losing £43 million. The takedown operation led to the arrest of more than 100 people.
The UK government wants to drive global action on fraud by making it an internationally focused priority. The UK government will also add police presence in key countries to help disrupt fraudsters.
The government will address legal challenges to information sharing to help mitigate fraud/scams. The new Economic Crime and Corporate Transparency (ECCT) Bill will “introduce provisions to disapply civil liability for AML regulated firms who share customer
data with each other for the purposes of preventing, detecting and investigating economic crimes.”
The government will also publish a new cross-sector money mule action plan to freeze funds and disrupt mule recruiters and mule controllers.
This pillar also will replace Action Fraud to make it easier for victims to report losses.
Pillar 2: Block Fraud
The strategy document's second objective, which focuses on preventing fraud, acknowledges that many scams start through text messages, phone calls, emails, social media, search engines, and fraudulent advertising.
Therefore, technology and telecommunications businesses must be involved in developing strategies to stop scams. But first, the Payment Systems Regulator (PSR) will mandate banks to submit reporting on authorised payment fraud rates, and there will be more
tracking and reporting on fraud tendencies.
Next, the “Anti-Fraud Champion will work with industry, including social media and telecommunications firms, to ensure companies are properly incentivized to combat fraud and explore all avenues to do so.” This is a new approach, and it will be interesting
to see how these companies respond. Recently, the telcos have added firewalls to help reduce the number of spam messages which have been attributed to stopping 600 million scam text messages since January 2022.
The Office of Communications (OfCom) will be responsible for implementing the regulations associated with the proposed Online Safety Bill (imposes duties of care on providers of online user-to-user services and search services and requires Ofcom to issue codes
of practice about those duties). Failure to comply with the Online Safety Bill will result in significant fines.
The government is already working with tech companies on a new Online Fraud Charter (to be delivered in summer 2023) that will improve data sharing between the government and the private sector, ensure that all advertisers of online financial promotions are
registered with the Financial Conduct Authority (FCA), and put in place systems to prevent fraudulent content from appearing on platforms. There is also a telecommunications charter that sets out how to prevent telecommunications-enabled fraud, including
blocking scam texts. There will be a ban on financial cold calls, stopping spoofed calls, the banning of SIM Farms, and a review of mass text aggregators that could require registration.
For financial firms, the strategy will allow for faster payments, based on a risk-based approach, to be held/slowed down to allow for proper investigation of suspicious transactions. This risk-based approach should be extended to involve both inbound and outbound
transactions. The FCA will also assess financial firms’ fraud systems and controls. The PSR is also calling for data sharing standards, for compatibility of data, to help flag risky transactions. This data sharing should be done in real-time to prevent
fraudulent transactions from executing.
Stronger customer authentication has already been implemented by banks as part of PSD2, along with Confirmation of Payee and The Banking Protocol (which may include the police physically visiting a branch in the event of a suspicious or fraudulent cash withdrawal
to persuade the customer not to withdraw the money).
The National Cyber Security Centre (NCSC), in collaboration with IT firms and financial institutions, will be tasked with searching the Internet for nefarious or fraudulent websites and removing or blocking public access to them. This is another new control.
Pillar 3: Empower People
By enhancing anti-fraud communication and ensuring that young people have essential anti-fraud and cyber security skills, the ultimate objective will address strategies to empower individuals.
The UK government also wants to make it easier for scam victims to report them and to get the support they need. Sadly, 35% of fraud victims today—or 18% of victims overall—are repeat offenders. The strategy plans to establish a trusted and secure digital
identity market in the UK and restrict creating and selling identities.
The most important point of this goal is to “make sure more victims of authorized fraud get their money back by legislating to enable the PSR to require reimbursement by all PSR regulated payment service providers.” The focus for authorized payment reimbursement
will be on transactions in the UK’s Faster Payment System, where it is noted that 97% of authorized push payment (APP) fraud currently occurs.
The delivery of this strategy is phased over three years. The first goal is to cut fraud by 10% from 2019 levels by the end of the current Parliament.
Empowering Change: Driving Solutions to Counter the Scam Menace
This method is implemented in stages over a three-year period. By the end of the current Parliament, the primary objective is to reduce fraud by 10% from 2019 levels.
This strategy is ambitious, as it should be. It must be evaluated and monitored by all nations. There is debate whether it includes a suitably aggressive refund element for authorised payment fraud. However, each of the three pillars' other components
stands strong on its own. Executing this policy will need a lot of work from the government, telecommunications, the internet sector, and financial services, but it is essential to stop consumers from losing billions of pounds annually.