UK banks give cybercrooks impunity by failing to report fraud - MPs

UK banks give cybercrooks impunity by failing to report fraud - MPs

British banks are letting cyber-crooks carry out crime in a 'black hole' of impunity by failing to report or investigate fraud, says a group of MPs.

The Home Affairs Committee report on e-crime warns that Britain is losing the war against online fraud and calls on government, industry and citizens to do more to tackle it.

The MPs say that there is a 'black hole' where low-level e-crime is committed with impunity because when victims are defrauded of a small amount of money the crimes are often not reported to or investigated by law enforcement and banks simply reimburse customers.

Giving evidence for the report, the Foundation for Internet Policy Research said that a decision by the previous government to have victims report crime to their banks in the first place rather than to the police means that the rate of recorded instances of fraud understates the reality.

Banks must now be required to report all e-crime fraud to law enforcement and log details of where attacks come from, the MPs conclude.

The report also calls for a dedicated espionage response team that companies, media, and institutions can immediately contact to report an attack.

Keith Vaz, committee chair, says: "You can steal more on the Internet than you can by robbing a bank and online criminals in 25 countries have chosen the UK as their number one target. Astonishingly, some are operating from EU countries. If we don't have a 21st century response to this 21st century crime, we will be letting those involved in these gangs off the hook."

Comments: (4)

Pat Carroll
Pat Carroll - ValidSoft - London 30 July, 2013, 12:29Be the first to give this comment the thumbs up 0 likes

This morning, a report from the home affairs select committee has made a call to action to the UK to tackle online fraud. The committee are calling for banks in particular to wake up to the reality of online crime, and are pushing for them to report all instances of e-fraud to the police.

Beyond reporting online crime and uncovering and persecuting the criminals hiding in cyberspace, surely it is now time for financial institutions to step up and utilise effective security systems that can protect against this type of fraud occurring in the first place.

The key to this security lies in real-time detection, prevention and immediate resolution of fraudulent activity. Technology is available today to absolutely achieve this, in real-time, totally privacy sensitive, highly secure and yet intuitive from a customer standpoint. In fact, in many cases the customer is not even aware that security is being applied as many of the techniques used are completely invisible. The answer is robust customer authentication and transaction verification, relative to the bank’s perceived risk of the transaction. It must have speed (real-time), strong security, efficiency, good customer service and ease of use, while shutting down the scope for fraudsters to benefit from their crime.

A Finextra member
A Finextra member 30 July, 2013, 12:40Be the first to give this comment the thumbs up 0 likes

This isnt a surprise is it. We've all known that banks dont report this. The issue though is mainly for the poor old merchant. They are the ones who often dont receive the money (as its a fraudulant transaction) and they've lost the goods they have sold or shipped...

A Finextra member
A Finextra member 30 July, 2013, 13:34Be the first to give this comment the thumbs up 0 likes

If only it were that easy to just add a real time detection fraud system to the banks own systme.  But it really isn't that simple.

A combination: of lack of funds, fraud being at an all time low compared to the past, old systems that are being held together with celotape and hope make things very difficult to "bolt on" new systems.

There are also years of IT project lead in time to get systems built in, by which point the system is out of date and needs up-grading.

Really I do not know what can be done, without a major overhaul of the banks own systems.  Shareholders aren't going to give up their money, customers can't be exsessivly charged anymore and everything will be ring fenced, so where will the money come from?

More also needs to be done to stop customers falling for the "oh hi, I'm your bank please give me all your details" and the "buy this it's 70% cheaper than any other highstreet store".

Personally I would like to see the banks have all new systems, but as I said before where will the money come from?

A Finextra member
A Finextra member 31 July, 2013, 10:36Be the first to give this comment the thumbs up 0 likes

Indeed, things are not so simple as many do hope ...

For example, the previous comment seems to suggest that a major overhaul to replace old systems with new ones would solve the cybercrime problem ...

This is wishful thinking, the reality is that new systems are typically built on standard platforms that are much more vulnerable than the older proprietary gear they replace.

But this is not to say that the deployment of new systems should be avoided. Rather, a very careful look should be taken at those new systems whether they do indeed match the stringent IT security needs of the banking/payments industry.