Fighting Fraud (Fraud Act 2006 and Digital Fraud Committee Report)
(10 months, 1 week ago)
Lords ChamberRead Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Morgan of Cotes
That this House takes note of the Report from the Fraud Act 2006 and Digital Fraud Committee Fighting Fraud: Breaking the Chain (HL Paper 87).
Baroness Morgan of Cotes (Con)
My Lords, it is a great pleasure to move that this House takes note of the report from the Fraud Act 2006 and Digital Fraud Committee—the committee I had the pleasure of chairing—Fighting Fraud: Breaking the Chain, which we published last November. I declare my interests as a non-executive director of the Financial Services Compensation Scheme, chair of the Association of British Insurers, and a non-executive director of Santander UK. I am very grateful to the Senior Deputy Speaker for ensuring that this and other reports from inquiries of this House are considered by this House before we reach the Summer Recess.
I thank my fellow committee members, many of whom are in the Chamber today. It was a truly collaborative and non-political inquiry. I am especially grateful to my noble friend Lord Young of Cookham and the noble Lord, Lord Vaux—who unfortunately cannot be here today—who suggested the original subject matter for the inquiry. On behalf of committee members I thank our excellent staff, who supported us throughout the process. We thank all those who gave evidence, both written and oral, and especially those who were prepared to tell their stories of being victims of fraud and scams and to be named in the report.
Fraud is not a victimless crime; it involves a severe loss of trust. It can involve life-changing amounts of money being stolen, and it is truly devastating for those who have been victims. When we started our report, we had to consider our approach, what we were going to look at and the scope. As has already been said in the Chamber this week alone, the scale of fraud in the United Kingdom is enormous: 41% of crime in England and Wales in 2022 related to fraud. Those aged 16 or over are more likely to be a victim of fraud than any other crime.
We focused on authorised push payment fraud, where a victim has been socially engineered into transferring funds from their bank account. This fraud alone costs the United Kingdom hundreds of millions of pounds every year. As noble Lords who have looked at the report will see, we also considered the whole of the fraud chain. It is often too easy to pick out certain parts of the fraud chain, particularly the final part—cashing out. This occurs where the money is moved from one bank account to another, often a mule account, and often heads overseas extremely quickly. We wanted to look further up the fraud chain at the inbound route, which involves phishing and smishing, use of SMS messages, fraudulent advertising and the old-fashioned physical approaches where people are defrauded. We of course looked at the interaction, where number spoofing, social engineering and the use of fraudulent websites are prevalent.
Our report came up with 65 overall recommendations. I certainly do not have time to go through them all in the time available, but we identified six key steps to break the fraud chain. Unfortunately, the UK’s advance payments infrastructure is one of the key reasons why the United Kingdom has become a global centre for fraud. We recommended that the speed with which payments can be made must be delayed in certain circumstances, to allow banks more time to review risk signals and contact customers about the proposed payment.
We said that fraud needed to move
“to its rightful place as a top priority for law enforcement”,
and
“should be included within the Strategic Policing Requirement”.
Law enforcement related to fraud is significantly underresourced. Only 1% of law enforcement spend is focused on tackling economic crime; that bears no resemblance to the 41% of crime in England and Wales that I mentioned just a moment ago.
We recommended that, to address
“the mind-boggling variety of acronyms and alphabet soup of departments, taskforces and Ministers with responsibility for fraud, a cabinet sub-committee with a clear mandate to tackle fraud should be established, chaired by and accountable to the Security Minister”.
We said that:
“Several sectors involved in the fraud chain have failed to prevent rampant fraud for too long”,
and we recommended that the Government must
“introduce a new corporate criminal offence of ‘failure to prevent fraud’ across all sectors to address this”.
The Online Safety Bill, which is well known to so many of us,
“contains several important measures to prevent fraudulent content and scam advertising from appearing on online platforms”.
We recommended that tech companies must be held accountable when they fail to prevent their users becoming victims of fraud.
We also said that, to create clear advice for consumers that they could follow to help them prevent fraud and report if they become a victim, the Government
“should oversee the introduction of a single, centrally funded consumer awareness campaign in partnership with industry”.
Overall, we were very critical of what has become too much of a permissive culture around fraud in this country.
Part of the committee’s remit was to look at the efficacy of the Fraud Act 2006. We found that, overall, it is still
“a highly effective piece of legislation that has simplified the fraud landscape and it has the flexibility to adapt to future technological developments”.
So, what happened after the report was published? Too often, one of the dangers of reports is that they end up getting some attention and being welcomed, someone might do something, and then they sit on a shelf for a bit. However, I am pleased to report that, apart from just getting a response from the Government, which I will come on to in a moment, we have seen some significant progress on issues raised in our report. Perhaps our timing was just right. We deliberately wanted to write a truly comprehensive report on this issue to bring it all together in one place. It was quite long; I think my noble friend Lord Young said that it might be a bit too long and he probably had a point.
I thank my noble friend the Minister for the Government’s response. Broadly, five of our six key recommendations have been taken forward in one form or another. In fact, the change so that fraud is reflected in the national strategic policing requirement was made before the Government’s response was even published.
However, the big step forward was the publication of the Government’s Fraud Strategy in early May. The strategy was long overdue, and it would be fair to say that my noble friend the Minister himself was relieved to finally get it over the line so that we could all stop asking him when it would be published and start looking at the details.
I welcome the appointment of Anthony Browne MP as the Government’s anti-fraud champion. It is not quite what we wanted in terms of a Cabinet sub-committee, but having somebody to draw all the strands together and work with government departments and agencies is a significant improvement.
Changes will be made to Action Fraud, which I think we referred to as “Inaction Fraud” in our report. We understand that the Government are working on a broad awareness campaign. The need for a clear, consistent message for the public on how to protect themselves from fraud and scams cannot be overestimated. We understand that the Government will also take forward the ability of banks and payment service providers to slow down payments where they have evidence that the payment is going to a fraudster’s account.
Just this week, the House debated the Economic Crime and Corporate Transparency Bill. I welcome the Government’s introduction of the failure to prevent fraud offence and the reform of corporate criminal liability and the identification doctrine. These are significant steps forward and very welcome reforms. Unsurprisingly, of course, they never go quite far enough for all those who have been campaigning. I think we have further debates on this to come.
What remains outstanding? We still think, and there are still calls by bodies such as Stop Scams UK—I want to recognise its work—that there is a need for a single scams body or authority of some kind. There is an opportunity for a significant increase in international collaboration. Fraud is an international crime. The UK, unfortunately, has a world-leading place in fraud being perpetrated. Therefore, we can share our experience on how to tackle this on the world stage.
The big outstanding issue that I am sure other noble Lord will refer to is that all parts of the fraud chain are not yet being held accountable or incentivised to prevent fraud. In 2023, 78% of authorised push payment fraud cases started online, and 18% started via telecoms companies. Those figures are from UK Finance; Ofcom has found very similar figures. There is no doubt that social media platforms, technology platforms and telecoms companies are the places where customers most often encounter fraud, and they need to be incentivised to prevent that fraud and to protect their customers. I doubt that the voluntary code proposed in the fraud strategy will be sufficient and I am sure we will return to this, not least by pushing for a facilitation offence where those companies and platforms facilitate the offence of fraud.
The Online Safety Bill goes far in cracking down on fraudulent advertisements, which is very welcome, but it does not deal with fraudulent emails or the inaction of the internet service providers and telecoms companies. There is also more to do on data sharing, in terms of both sharing and permission to share data about customers but also data disclosure by the platforms and telecoms companies about the amount of fraud perpetrated via their services. Only by being clear and transparent about that level of fraud will law enforcement and other agencies know exactly where to tackle it.
This is a matter of direct relevance to everyone in this country, both individuals and businesses. As I said at the start, it can be life-changing and devastating. As the Bank of England said to us in evidence, it directly affects consumer confidence. There is a huge opportunity to crack down. The Government have taken some important steps; I like to think that our report played a part in that. We will watch how they proceed. I beg to move.
Lord Browne of Ladyton (Lab)
My Lords, it is an enormous pleasure to follow the noble Baroness, Lady Morgan, who opened this morning’s proceedings with the lucidity that also characterised her inclusive chairmanship of the fraud committee, on which I had the pleasure to serve. The report that we are here to address is a powerful piece of diagnostic work and is testament to her energy and commitment, as well as the hard work of the excellent committee staff.
As we heard, there is an extraordinary disjunction between the seriousness of the offence of fraud and the resources we devote to its prevention and to the pursuit and prosecution of those responsible. Fraud accounts for 41% of all crime against the individual, while only 1% of our law enforcement focuses on economic crime.
I welcome the Government’s pledge, in their recently published Fraud Strategy, to create a new national fraud squad comprising 400 specialist investigators, but I should be grateful if the Minister would share some specifics. The committee’s report shows the extent to which digital fraud has increased, with 80% of fraud now cyber enabled. How will these new officers be equipped to deal with the complexities of online fraud, including fraud which takes place on the dark web or through blockchain? Those tasked with such investigations will need either to be drawn from sectors where these skills already are both essential and scarce or, to put it mildly, to be put through some extensive training.
One of the recurrent themes in the report is an inclination to be tentative about the data on which conclusions are based. That is a function of a wider problem, with the absence of consistent measurement in government statistics. In 2010, the National Fraud Authority, an executive agency of the Home Office, first published its Annual Fraud Indicator. Its authors assessed the UK’s total loss to fraud to be £30 billion per year. In 2011 it was £38 billion, and in 2012 it had risen to £73 billion—a rise of about 150% at a time when reporting of fraud dropped off the crime statistics.
That year, Theresa May, then Home Secretary, transferred responsibility for fraud to the NCA. In 2017, at the request of the NCA, the same academics who informed the national fraud indicator published a national fraud indicator figure of £190 billion per year. A month ago, the same experts published an annual fraud indicator for 2022. The total annual loss now stands at £219 billion, £8.3 billion of which was fraud on individuals. That figure was £3.5 billion in the 2010 indicator.
So, after a further unexplained hiatus in transparency reporting, the situation has again markedly deteriorated. It is little wonder that about six months ago the NAO said about fraud that the Government do not have the data they need and are unable accurately to measure the impact of their policies. This inability persisted up to and including the publication of the fraud strategy. It would be useful to know on what basis we can judge the likely effectiveness of the measures therein in the absence of consistent and reliable data on which to base such judgments. Perhaps that explains why the gleaming promise held out as a measure of success for this strategy is a reduction of fraud by 10% in time for Christmas 2024—it appears conveniently close to the last date on which a general election must be held, one might think. This is hardly a Napoleonic ambition, given that the best data we have now suggests that the Government in one form or another have presided over an increase of more than 550% in total fraud since 2011.
In focusing on the scale of the problem, I emphasise that the victims of fraud range across vulnerable individuals, major corporations and small businesses as well as the public sector, and the Government themselves account for a significant amount of the total. I recall the powerful testimony we heard from the Bank of England, making it clear that fraud directly affects and undermines consumer confidence. Under successive Governments an attitude has prevailed that fraud is an unfortunate by-product of our strengths. Apparently, fraud has become so prevalent in the UK because of the widespread use of the English language, our position as a digitalised global financial hub, our adoption of the faster payments system, and the emergence of crypto assets. These are all said to be pull factors for fraudsters. Every element of this description could be applied to the United States, and yet UK residents are exponentially more likely to be victims of fraud than their US counterparts. This is a British problem, and its scale demands that it be a national priority. The answer is not to dilute those strengths but to ensure that they are hedged about by clear preventive mechanisms and appropriately severe financial penalties for those found to have enabled fraud. I do not wish to move on to the ground more properly covered in the Online Safety Bill or the Economic Crime and Corporate Transparency Bill but merely note that some of these questions are being covered as they journey through your Lordships’ House.
Fraud is not merely a serious offence; it is a direct enabler of far more serious offences. Organised crime, drugs, arms and human traffickers, kleptocrats and fugitives from justice all use money gained by fraud to fund their activities or to escape justice. To some extent, we have the appropriate mechanism for punishment already in place. The committee’s report examined the Fraud Act 2006 and found it to be effective, although greater maximum sentences would be desirable, but our ability to use the provisions in that legislation have been weakened by a significant decrease in the number of prosecutions of fraudsters, outdated disclosure procedures, and court backlogs. Recent data from the Law Society of England suggests that the Government’s promise to reduce the backlog is sitting rather awkwardly alongside figures that show it to be rising, so I suspect we may waiting a little time for that problem to abate.
In coming to the end of my remarks, I am conscious that I have painted a somewhat bleak picture, but none of this is inevitable. I note the Government’s acceptance of five of the committee’s six principal recommendations, in part or in full, and I hope to see the resources made available to ensure that that acceptance is matched by action. Fraud is not a victimless crime. As has already been said, it targets the most vulnerable, reduces the financial resilience of millions of households across the country, diminishes their confidence in the institutions on which they are supposed to rely and can drive them to desperate measures. Earlier this week, Ipsos released data showing that 7% of 18 to 75 year-olds have been driven to such straits that they have used an illegal moneylender in the past three years. We have all heard the rhetoric around predatory capitalism, but the fact that loansharking has become one of this country’s few growth industries renders satire redundant. This report shows a critical need for cultural change, it outlines the necessity for clear lines of accountability and enforcement and, most of all, it testifies to the need for far more effective preventive measures. I look forward to hearing how the Government intend to translate these needs into action.
Viscount Colville of Culross (CB)
My Lords, I was a member of the Fraud Act 2006 and Digital Fraud Committee, and it was a great privilege to serve with the noble Baroness, Lady Morgan, who so ably chaired it.
The committee was driven by the massive increase in fraud. We discovered that scams are being delivered not only online but through text and messaging services, using ever more sophisticated technology. The new threat is coming from deepfake technology. Only a few weeks ago, a video appeared on Facebook that seemed to be a CNN report, with the CNN logo strapped across the base of the screen. Regional executives of a major bank appeared the video promoting what appeared to be one of their big new funds. They were followed by a succession of customers who said that they had made up to £50,000 each by investing in the fund. The user was then urged to click on a link that facilitated investment into the fund but needed the user’s bank details to do so. Once fraudsters have this information, they can impersonate the user to take out a loan, make a purchase or do any number of fraudulent financial transactions.
The deepfake fraud is just the most up-to-date example of ID fraud. This is one of the first scams to use deepfake technology. The bank executives’ images and voices had been captured from their previous appearances on television and in videos and manipulated to make them appear to be pushing the fund. The bank had a terrible time trying to stop the dissemination of this fraudulent content. It had to play a terrible game of whack-a-mole. As soon as was it was taken down from one Facebook group, it appeared on another. It also appeared in other parts of the internet and went viral on platforms and phone services. Deepfakes are just the latest generation of scams. They are so powerful because the visual medium is still seen as more trustworthy than others. The bank is so concerned that any future video appearances by executives will have to be stamped with a watermark on screen as a means of authentication, which it hopes will make future manipulation of their images more difficult.
The Online Safety Bill will put the onus on user-to-user services to prevent fraudulent content appearing on their platforms, but the growing practice of smishing—sending fraudulent messages to collect personal financial information through text and direct messages—is also worrying law enforcement officers. These scams are increasingly disseminated on SMS and MMS platforms, and so are out of scope of the Online Safety Bill. According to CIFAS, 2022 saw the highest-ever volume of identity fraud cases. They were up by nearly one-quarter from the previous year. Nearly all the cases related to mobile phone products.
In the committee hearings we heard evidence of how criminals are frighteningly ingenious at finding ways to capture a user’s ID, both online and on mobile phones. The fraudsters send messages which often seem innocent enough, such as completing a crossword puzzle or taking part in a survey, all of which involve the user giving away their personal financial details. I recently heard about a victim who received an SMS message giving details of an expected delivery from DHL. When they called the number, they were put through to a fraudulent call centre, which asked for money to be paid for customs duty in order to release the package through Customs and Excise. Fraudsters are even using ID impersonation to break the secure customer authentication service which was set up especially by the banks as a secondary source of verification. They do this by diverting the message which is meant to go to a customer’s number and then take control of it.
CIFAS told me that in the past 12 months, there has been a rise in cybercrime service platforms on the dark web. One of these sites is selling up to 30,000 fake profiles, which can be used to push fraud, at a time. The whole fraud ecosystem is incredibly sophisticated. There are specialist roles for each stage of the fraud. First, there is a fraudster specialising in stealing ID, then another who uses the information to open bank accounts and set up customer profiles, and finally there is a specialist who can siphon off the money to the criminal. It seems to me that the major way of dealing with this is to incentivise platforms and telecoms companies, which are the enablers, to crack down on fraudulent activity online. I wholeheartedly support the attempts by the noble Baroness, Morgan, to extend the “failure to prevent” law to cover more enterprises and more harms but, despite wins on Report on the Economic Crime and Corporate Transparency Bill this week, the Government still seem reluctant to adopt the ideas in her amendments.
I have already mentioned the Online Safety Bill, which leaves so many of the systems which deliver fraud out of scope. Like the noble Baroness, Lady Morgan, I would like to see telecoms companies being held to account. They have already taken some steps to reduce fraud. The committee heard evidence about BT’s spam shield, which is blocking spam messages to users. SIM farms, where a mass of phone numbers can be bought to be used to send fraudulent text messages to tens of thousands of customers, are now being clamped down on but, as the committee’s report states, these current approaches by the telecoms sector are uneven, with counterfraud policies being introduced inconsistently across the sector.
It seems to me that the enabler of the fraud ought to be held responsible, at least in part. The banks are paving the way. The Payment Systems Regulator is already changing the liability for banks whose customers have been involved in fraud. It has set out a path for introducing a 50:50 split between the issuing banks and the bank that accepts the funds on behalf of the fraudster. In July it will consult on the draft legal instruments to put reimbursement requirements in place. The following month, it will consult on the maximum level of reimbursement and guidance on customer gross negligence. By October it hopes to get the final legal instruments to Pay.UK. Early next year, these measures will come into force. The regulator will also demand transparency, the publication of data on how well banks are protecting customers from fraud and the promotion of intelligence sharing.
The telecom companies are also enablers. Either they can take part in a compensation scheme along the lines of the banks or they can, as paragraph 522 of this report suggests, be part of a
“regulatory strategy equivalent to the Online Safety Bill that is directly applicable to telecoms platforms and services”.
In their response to the report, the Government said that, despite progress being made by the industry, more could be done to protect the customers. Instead of supporting a duty to prevent fraud, they suggest that the operators join the voluntary telecoms fraud sector charter. The Government have spent much time ensuring that online platforms are mandated to protect users against fraud. In a world in which fraud is now being delivered increasingly through direct messaging and SMS, why is one sector being mandated to take action while another is allowed to take part in counterfraud action voluntarily?
Lord Sandhurst (Con)
My Lords, the committee, of which I was a member and which was so excellently chaired by my noble friend Lady Morgan of Cotes, reported last November. We heard from 56 witnesses. They covered a range of experience: academics, Ministers, the police, the Crown Prosecution Service, prosecutors in the courts, the Home Office, financial services, regulators and a range of internet platforms and service providers, as well as telecoms companies. Above all, we heard from the victims.
The picture was absolutely clear. We face in this country a really serious problem with fraud. Too many of our institutions have failed to take it seriously enough or to address it effectively. We have to act, and now. Our report identified the issues. It provided in one easily readable, if quite long, document a route map for police, government, regulators and major commercial players. There is no excuse to say that they do not know what to do, or to deny that there is a problem.
I will remind the House briefly of some core findings. Fraud is the most commonly experienced crime in England and Wales, yet is excluded from the crime figures. It accounts for approximately 41% of all crimes against individuals. Losses total at least £4 billion a year. The Bank of England has admitted that it directly affects consumer confidence. Most fraud happens online; 80% of reported frauds are cyber-enabled. The exponential growth in fraud and scams, we found, has been invisible. Fraudsters face little risk of being caught. Victims are embarrassed to report it. Law enforcement is underresourced.
We found that this underprioritisation has created a permissive culture across the Government and law enforcement agencies. This then permeates through to affect the attitudes of the private sector players in the fraud chain—internet service providers, telecoms companies and the like. They have not stepped in to do what they can to prevent customers being scammed. Indeed, I received an email to the effect that they feel they have not had a fair hearing from our committee; I do not know whether others did.
Organised criminals around the world turn to the UK as a lucrative market to commit fraud. As we have heard, their proceeds are used to fund human trafficking and the drugs trade. The telecoms sector has to date had no real incentive to prevent fraud and has allowed blame to be placed elsewhere for too long. There have been no sticks, and certainly no carrots. It must do more to tackle phishing emails, smishing texts and fraudsters making spoof phone calls, as well as those emails that infiltrate our machines.
Until all fraud-enabling industries fear significant financial, legal and reputational risk for their failure to prevent fraud, they will not act. We were clear that the Government must act to introduce a new corporate offence of failure to prevent fraud across all sectors to address this, and we did not limit that to so-called large companies.
I welcome the important measures in the Online Safety Bill to prevent fraudulent content and scam advertising on online platforms and to hold tech companies accountable when they fail, but these will bite only on fraudulent advertisements. They are an important plank but they are only one plank—you cannot build a house from them. The telecoms industry, financial services, the insurers, indeed all our great service industries in this country, must face the same requirements and get their act together.
The Government published their Fraud Strategy in May and appointed Anthony Browne MP as anti-fraud champion. That is a good start but it is not enough. Let me explain: I applaud the proposals to ban cold calls on all financial products, to ban SIM farms, to make it harder for fraudsters to spoof UK numbers making it look like they are calling from a legitimate UK business, and to stop people hiding behind fake companies, and I applaud the plans to create new powers to take down fraudulent websites—but we need a facilitation offence. Telecoms companies must be put under duties to do more. Plans to improve the law enforcement response and trade and charters addressing areas of business activity are welcome, but they are not enough to ensure the changed culture needed to drive down fraud in this country.
Surprisingly, to date the Government have been reluctant to introduce what we regarded as adequate provisions to push business to take steps to prevent fraud. Regulation has to be proportionate, of course, but reasonable steps to prevent fraud taken by all businesses will reduce the opportunities for these scammers. They will help our economy grow; everyone will be more prosperous as a result. Thankfully, on Tuesday this week, this House expanded the scope of the duty to prevent fraud imposed by the economic crimes Bill. I just hope that it will not be taken out in the other place, because it would likely bounce back again here.
Only if all businesses are driven to take proportionate steps to stop fraud will things change. Economic benefits for all will flow. The costs to business and the consumer will be off-set by a clean, fraud-minimised environment. We will all win. People have to look at the big picture, beyond the ends of their noses. If the Government are serious about their promise to make sure that every part of the system is incentivised to take fraud seriously, they must not only introduce new charters for business but ensure that the different sectors, whether banking, finance, tech, insurance or telecoms, are all driven to make life much more difficult for the fraudster. That requires a duty to prevent fraud applied across the board.
Enforceable obligations must apply not just to large businesses. The six key steps we identified in the report are critical. Ministers must act now, and they must act decisively.
Lord Davies of Brixton (Lab)
My Lords, I was not a member of the committee but I very much welcome this report and the introduction to it from the noble Baroness, Lady Morgan. I came to the report afresh and of course the figures are shocking. It is astounding that people are placed under this sort of pressure. I could go through and repeat the figures that have already been given, but the central thing is that this is 41% of crime and is given 1% of the anti-crime budget. That is clearly wrong, particularly when the 41% is probably massively underreported. While this is a cyber problem, the report makes reference to analogue fraud, which clearly causes a lot of pain, suffering and financial loss. However, the massive growth is taking place in cybercrime: why would you go and knock on someone’s door when you can send them an email?
I have three substantive points to make. First, it would be interesting to know the extent to which the committee considered this: it seems to me that we need a specialist agency to tackle this epidemic. Reading the report, the general line seems to be that it should still be part of the mainstream police system, yet the task is so specialist and immediate, requiring massive action, that we need a specialist task force to undertake it, at least initially. I understand the objections to setting up yet another body, when we already have bodies that have a responsibility to sort this out, but the scale of it requires—at least for a period of time—a specialist action force of some form. That of course will need funding, and that clearly should come from the links in the fraud chain. The providers are providing the tools with which the fraud is undertaken, and it is reasonable to expect them to meet more of the cost of tackling it.
Secondly, I emphasise yet again the relationship between fraud and poor mental health. The report includes some interesting work on vulnerability to fraud, but that relationship has a special place. It is a relationship where there is a cause: many people suffer poor mental health because they have been victims of fraud. At the same time, people who already suffer from poor mental health are clearly more vulnerable. The figures in the report show how fraud is distributed but do not give the respective sizes of those populations within the population as a whole—so they do not tell the full story and it would be interesting to get some more figures on that. I emphasise that any action needs to take into account the specific position of people who have, or are at risk of, poor mental health. I hope that the Minister can at least make some sort of reference to the importance of tackling that.
My third point is about the alphabet soup of bodies that are rightly set out in an appendix. Unfortunately, one was missed: I can add to the list the Fraud Compensation Fund. It sounds pretty general but it does not compensate all fraud; it compensates a very narrow and specific form of fraud in relation to pension schemes. If a pension scheme loses assets through fraud and the employer is insolvent, the Fraud Compensation Fund, which is an offshoot of the Pension Protection Fund—the financing is different—has to provide the compensation. I highlight that point because, self-evidently, it is little known and there are still important questions that need to be pursued about people’s entitlement under that scheme and its funding. I raise that just to give it a bit more visibility, but it is clearly part of the fraud landscape and will need to be included in any further list of the alphabet soup.
Baroness Lane-Fox of Soho (CB)
My Lords, I too was not of a member of the committee chaired by the noble Baroness, Lady Morgan, but was compelled to come today. I hope your Lordships will forgive me a short personal detour about why I was particularly keen to come and speak this morning. I have been absent from the House for many months, partly because of severe hospitalisation. I will not bore Members with physical details but I am lucky to have a leg and a life right now, so I feel as if I am winning in being able to stand up here and talk about this subject. I particularly wanted to come this morning because of two personal reflections from that time.
First, as Members are fully aware and as has just been mentioned from across the Chamber, this issue affects people at their most vulnerable. When you are at death’s door, you are at your most vulnerable, and in hospital I met several people who related to me, in waiting rooms or while I was lying on tables in various places waiting for doctors and nurses, how anxious they were about what was happening in the online world, particularly while they were in hospital and unable to cope with the volume of things being sent to their devices. It really struck me how I normally manage this in my daily life, being a relatively competent technology person—so that was the first point.
Secondly, coming back into the working world after a long absence, the volume of text messages and emails—not to my parliamentary account but my personal email, which is in my own name, so I guess it is relatively easy for scammers to come to—was absolutely appalling. I was taken quite by surprise and felt somewhat that the scales had been lifted from my eyes. So forgive the personal detour, but that is why I am so pleased to be able to speak this morning and to make three short points in my contribution.
My noble friend Lord Colville of Culross has already mentioned the first of them, which is that the biggest and most dramatic shift in technology that has occurred not just while I have been slightly absent from the House but over the last few months is that of generative AI and the platform shift happening there. Everyone is reading the headlines and I am not going to repeat what I am sure has been much debated here in the Chamber. But it is striking to me that this report was published last November and I think the committee would probably have put many different points about the use of AI just in the short period of time since. I cannot come up with a solution, but it is important to recognise how fast technology is changing and how innately complicated it is to keep up with the massive developments in how platforms are being used and individuals are able to create and generate content.
My noble friend Lord Colville mentioned the appearance of deepfakes, but this has been amplified exponentially with these new technologies. It is not only the volume and scale but the sophistication: synthetic people can now be created. I was reflecting that my voice is probably the last one a scammer would choose to use, thank goodness—I do not think anyone would fall for an outward call from a “Baroness Lane-Fox of Soho” suggesting an entrepreneurial opportunity. Looking at my own entrepreneurial adventures, they would probably put the phone down immediately.
In all seriousness, as the bank example already given has shown, this is a very complex issue. While I recognise that the report suggests that AI should be used to look at sets of data, and I agree with that recommendation, we also need to proceed with caution and think carefully about the boundaries and guardrails around how the latest wave of technology is used. This is an extremely urgent matter, in my opinion.
My second point is that, as the new president of the British Chambers of Commerce, I think it essential, as the report suggests, that we link up with business. I would like to make a case again for small businesses to have special treatment. It is very hard right now to run a small business: you face cash flow pressures, increasing energy costs, wage inflation and all the other things that I know are debated frequently in this Chamber. In addition, I have noted from multiple conversations with our members their profound anxiety about how the names of their own organisations are being used by others—let alone the things for which they have their own responsibility. While I recognise that corporations need to take responsibility, and I certainly believe that technology and telecoms companies should be doing more, I think there is still work to be done to educate small businesses to build the cyberdefences they need.
I was talking to a small insurance company in Doncaster which had faced a horrible issue where somebody else was using its name for outbound calling. It was not something the company had the capacity to look after and worry about and it did not get help from any of the law enforcement agencies locally. It was providing the already stressed entrepreneur with another point of stress in these economically difficult times.
So, generative AI and small businesses are mentioned; the final thing mentioned frequently through the report is the skills we need to address this challenge being so profoundly lacking across all sectors. I have thought about this deeply over the last decade. We are still in a very profound skills crisis in this country. Just yesterday, the Open University, of which I am chancellor, released a report examining the extremely deep level of skills we need across multiple sectors, including cybersecurity. This is true across many businesses, both in the public and private sectors. We need to make this an urgent part of the agenda. I do not believe we will be able to be as resilient as we should be unless we have a deeper skills strategy. We have local skills investment partnerships, which I understand are working well. We should be using them more and thinking sectorally about how we can make sure that we have the skills we need. Those are the things that struck me from reading the report. I am delighted to be able to share my thoughts again in the Chamber and thank the noble Baroness, Lady Morgan.
To close, I was reflecting on being at lastminute.com back in 1999. I clearly remember a moment when I found a fax on our fax machine—despite the appearance of incredible technology, we were using fax behind the website—that had a customer’s credit card details on it. I was about to fax it to the supplier to get the booking confirmed. I remember thinking “Maybe this is not such a good idea”. Fast-forward to now: we never imagined that this is where the technology would have led us—to the incredible speed, pace and ability to create this fraud at scale. It is depressing. It is not what I think the technology landscape should have tilted towards, but we are where we are. The massive shift in generative AI recently, as I have said, combined with the economic climate we face, makes these recommendations vital. I hope we can go further and faster than the report suggests.
Lord Young of Cookham (Con)
My Lords, it is a real pleasure to follow the noble Baroness. We are all absolutely delighted that she has made a recovery from her recent hospitalisation and is once again able to take part in our proceedings. The points she made about AI and the skills shortage are well taken. I look forward every weekend to reading her column in the Sunday Times. It is also a pleasure to be reunited with the fraud squad who took part in the committee and to endorse what others have said about the qualities of our chairman and support staff.
The theme running through our inquiry and this debate is the mismatch between, on the one hand, the incidence of fraud and the damage it causes and, on the other, the resources devoted to it. This was well summed up by the Chief Inspector of Constabulary, Andy Cooke, an impressive witness. He said that:
“You could probably times the £80 million by five and you would start to make a small dent in relation to the scale of the problem”.
His comments were reinforced by what Mark Fenhalls, chair of the Bar Council, told us:
“The state has retreated from the investigation and prosecution of fraud over the last 15 years”.
Prosecutions went down from 20,000 a year in 2010 to about 5,000 a few years ago. The government response to our report, while welcome, was drafted by one of our more cautious civil servants:
“We recognise that there needs to be improvements in the response to fraud, from the reporting process through to investigations”.
But, in fairness to the Government, the Minister Tom Tugendhat took a more robust approach when he gave evidence.
Before I sat on this committee, I was doubtful about the success of police and crime commissioners. However, I was impressed by the performance of Mark Shelford, the Avon and Somerset police and crime commissioner, and his approach to fraud. I was delighted to read in his report:
“I personally have taken on the national lead role for economic and cybercrime on behalf of the Association of Police and Crime Commissioners”.
We need more like him.
I will focus my remarks on authorised push payment fraud and compensation. The Payment Systems Regulator, the PSR, reported that there are more incidents of APP fraud than any other type of fraud in the UK, with 95,000 incidences in the first half of last year and gross losses of £250 million. I wholeheartedly agree with one part of our recommendation in the report, which has been adopted: that the recipient bank should be in the frame as well as the paying bank. The paying bank is acting on the instructions of a legitimate customer. The recipient bank has allowed a fraudster to open an account, almost certainly with false details, or is operating an account on behalf of a money mule, aiding and abetting a crime. If banks devoted the energy with which they pursue noble Lords, who are politically exposed persons, to explain how we got every penny we own to checking up on the authenticity of the new accounts operated by fraudsters, there would be a lot less crime.
I want to refer to an exchange which did not feature in our report. It took place on 10 March last year, when one of our witnesses was Revolut, which is basically in the money transfer business. I asked a question about suspicious authorised push payments:
“What percentage of customers do you convince that it is a fraud and that the payments should stop? To what extent does the customer just go on?”
This was the answer from Nicholas Taylor:
“Our machine learning models correctly identify over 90% of attempted APP fraud … It is incredibly difficult to break the spell. We have all the normal warnings before you make a transfer, but our models detect and block a payment post fact, where we think it is a fraud, and then we make the customer talk to one of our agents. Even after we have directly intervened, 80% of them still go on to make the payment”.
We heard at an IPT breakfast seminar last July that the larger banks have even more sophisticated systems, using behavioural biometrics, data analysis and other technologies to detect fraudulent payments, and their experience is the same. Sadly, as we heard from one of the brave victims who gave evidence to us in Birmingham, at least one victim went ahead despite repeated warnings from her bank. I think that exchange influenced our response to the issue of reimbursement. We said:
“While we recognise the case for mandatory reimbursement of victims of APP fraud, we are concerned that a blanket reimbursement policy may lead to increased levels of moral hazard and fraud, and the perception that it is a ‘victimless crime’. In some cases, it may even lead directly to new avenues for APP-reimbursement frauds”.
We asked the Government to revise their proposals to legislate to allow the PSR to mandate blanket reimbursement of APP fraud conducted via faster payments. The government response did not take on board the risks of an overgenerous compensation scheme, it just recognised the urgency to protect consumers and said that they have given powers to the PSR to direct banks to reimburse victims of APP fraud.
The PSR then issued a comprehensive consultation document on proposals for reimbursement and responded earlier this month on 7 June. This was one comment on its proposals:
“Under the new legislation, 100% of consumers’ APP fraud losses will have to be reimbursed by PSPs, except in extreme cases of negligence on the part of the customer, which will—by all indications—be extremely rare”.
I am all in favour of improving the current position, in which only 46% of fraud is reimbursed. We need minimum standards and a common approach, but the proposals will apply to all cases, except where the customer has acted fraudulently or with gross negligence.
My concern is that, with consumers protected in this way, some customers may be willing to make more risky payments without properly considering the consequences, whereas we should be considering exactly the opposite. The proposal means that people who are careless will be fully compensated. I think this is overgenerous. If you are careless with your wallet, your insurance company certainly will not compensate you. If you are careless and damage your car, you will not be compensated. Obliging the banks to compensate you unless you have been grossly negligent is overgenerous, weakens the message that people should be careful and, far from deterring fraudsters, will encourage them. It is also inconsistent with the paragraph I quoted from our report. There is time to put this right, as the PSR is still consulting, before finally agreeing the regime. I will not be popular for saying this, but I urge them to think again.
Viscount Waverley (CB)
My Lords, this has been a most productive debate on an issue I fear might only get worse, unless it is robustly addressed. As always with the challenge of putting forward original contributions while being tail-end Charlie, I will focus on some key takeaways. Having reflected on some of the extensive points that stood out from the committee’s report and the Government’s response, I have little doubt that a number of challenges should be urgently addressed, including the fact that law enforcement and government lack efficient co-ordination and operational capability. That is just the beginning, to illustrate the scale of the problem.
Due to the level and sophistication of fraud, companies must adopt a culture of suspicious inquiry. To protect and support their sales efforts, companies need free access to case studies, and FAQs and proactive alerts would be of interest. Merely reporting to Action Fraud, while formalising and gathering the data, in no way ensures that wider sharing of data and, ultimately, regulatory and criminal action and remedies are enforced. Anti-fraud measures such as Action Fraud have been ineffective when compared to what could be achieved if they were exploited properly. More focus should be on action and, importantly, on ensuring the knowledge and experience to act quickly.
The all-important technology used by criminals is better anonymised, making effective follow-up difficult. Law enforcement and government lack the necessary latest digital technologies to counter the threats, including securing the wrong technology for the job, which could take years to unpick.
Insufficient accountability for delivery exists, and it is too easy to hide non-delivery. Current legislation overcomplicates and hinders the process of evidence collection and quick action, with insufficient consideration given to the private sector to assist law enforcement agencies and government. This contrasts with the military model, which actively seeks help.
I will venture a number of pointers for consideration. Enabling better use of the private sector and factoring in the experience of qualified investigation companies, with the added benefit of leveraging operational capability, is as relevant to the fraud environment as it is in many instances where government could usefully adopt a differing mindset. I also suggest enabling access to the latest anti-fraud technology held by private companies, through government frameworks such as ACE and tracer, developing the co-ordinated and technology-sound effort that is urgently required to counter fraud threats.
Advances in technology make the task more challenging, with sophisticated frauds often launched from outside the UK, making detection and response difficult. Those who perpetrate modern frauds are technology-savvy, sophisticated criminals who meticulously plan their activities to protect and preserve revenue streams.
Given the level of criminality, an anti-fraud tsar should be given oversight to ensure accountability. Often, the problem with digital fraud is that the legislation and, therefore, the ability to respond is simply not there. The creation of a working group under parliamentary supervision, or a central figure such as a tsar or anti-fraud commissioner to implement quick-fix measures, would produce dividends. An operational fraud centre that not only analyses but co-ordinates, such as an effective Action Fraud and the NECC—with clear operational power and capability—would, additionally, greatly assist, as would providing a due diligence and educational hotline for the public to report suspect activity, alongside a central social media monitoring tool to alert people to fraud attempts.
I suggest encouraging companies to incorporate anti-fraud measures, as is the case with modern slavery and anti-bribery, and an expert asset recovery unit to recover assets in civil fraud cases, along with enabling private funds to help sponsor anti-fraud activity. Two examples of developing a robust, unified and co-ordinated response from government, law enforcement and the private sector are: urgently developing a working group to conduct a thorough review of what hinders—and, conversely, what helps—fraud investigations; and reviewing the unintended consequences of data laws that restrict fraud investigation, alongside a lighter-touch GDPR and the reinstating of the successful multiagency asset confiscation unit within the Ministry of Justice. This has been spoken about for years, with various initiatives launched, such as Action Fraud, but they have failed to have the intended impact.
I suggest deepening co-operation with banks—while recognising their advances on the algorithm sets to watch for incoming fraudulent transactions and spotting and responding to fraud—and devising a deeper co-operation model between banks, tech companies and the legal, accountancy and investigation companies which often encompass former law enforcement officers. This is a quick fix, and existing models of interbank co-operation could be adopted. There is frustration at the lack of action in this regard.
The FCA is a pivotal organisation, and the combined endeavours with the director of the NECC, her successor and the NCA intelligence director—all of whom left the NCA to take up senior roles in the FCA—should be taken full advantage of to include strengthening tactical issues to lead to better strategic oversight and direction from the FCA. Government should urgently bring forward measures to enable the FCA to regulate crypto assets and enlarge current rules, relaying the results of examination of blockchain, under regulation, to private companies, which have fewer priorities and extensive resources.
An urgent review that uses experienced investigators and advanced investigation tooling, including AI, to assess where assets could be recovered would be useful. I did not think of it this morning, but I wish I had asked ChatGPT what comments it would make on anti-fraud measures that might assist this debate; I will do so this afternoon.
We should ensure that Companies House becomes a more active, transparent gatekeeper and is provided with appropriate resources, aided by developing a dedicated whistleblowers’ anti-fraud hotline, combined with the appropriate legal protection for whistleblowers, similar to Crimestoppers, with reward incentives as a viable way to combat fraud. The noble Baroness, Lady Morgan, spoke of the need to incentivise the whole anti-fraud environment, and she is absolutely right. The list goes on, but implementing operational response by adopting the counterterrorism “four Ps” mantra of pursue, protect, prevent and prepare should be fully applied to identify and frustrate fraud.
I acknowledge conferring with Harod Associates to confirm some salient points of detail. The question of how private investigation companies could be more usefully utilised and added to the toolkit should be examined. Often equipped with more powerful investigation tools, and with many fraud investigators under the command of former law enforcement seniors, they could provide a significant resource to assist. Set fees for many of these companies could be set at government rates and recovered as costs.
Many existing recommendations are felt to be hard to achieve, or advance with glacial speed. The more involved I become in an unrelated national review, the more I find that government working in silos instead of in partnership is a national trait; a sea-change in government’s mindset is required. I noted references to the international space and fully intend to include fraud in my ESG programme. I encourage government to do likewise.
Baroness Neville-Jones (Con)
My Lords, I shall speak in the gap. I was not a member of the committee, and I will be brief in dealing with one point in particular. This is an important report that is extremely thorough in dealing with the alarming rise in the level of fraud in this country. It is no exaggeration to say that hundreds of millions of pounds is involved, both in the economy and in individual financial situations, and misery is caused to those who become victims of it. It is good to hear that the Security Minister is taking the report’s proposals seriously.
The point I want to focus on, which features in the report, is the need to reform the Computer Misuse Act. If it were reformed, that would add effectively to the armoury of measures that we need to deal with the growth in fraud. The Act was an early piece of legislation in the field of cybersecurity—I would say it was one of the foundational pieces—and, not surprisingly, in some respects it is out of date. The report says, in terms, that its review “cannot be delayed further”. It was about a year ago, if not rather longer, that my noble friend, the then Minister of State in the Home Office, indicated to me in response to a question that our hopes that there could be action perhaps would be realised. I have to say that it still has not happened; it certainly has not resulted in any draft legislation.
One may ask why it matters. There are a number of reasons, but the one that is relevant to this report is that we need a statutory defence in this country to protect cybersecurity researchers from prosecution. Those researchers are potentially part of the mechanism that could track criminals down, but our law is unclear on the legality of their being able to do this and engage in the kind of ethical hacking that they would need to in order to get at the roots of the criminal activity. Such hacking is not happening on anything like the scale that could be helpful, and is possible, if the necessary legal cover were given.
The Government said in their response to the report:
“The government is consulting on a number of new powers for law enforcement agencies to enhance their ability to investigate and prevent cybercrime. In addition, further work is needed on the issue of defences, which will be taken forward through engagement with stakeholders”.
That is correct, but this is the situation that prevailed when I last raised the issue, which was, as I said, at least a year ago. The pace of consultation seems to be excessively leisurely. I plead with the Government to get on with modernising that useful but outdated Act. Compared with the scope and complexity of some recent legislation, it is a comparatively simple task—perhaps that is why it is taking a back seat. If the Act were modernised, it really would be capable of making a useful contribution to the reduction of fraud in the UK, which I think this House agrees is an important task which we should be getting on with.
Baroness Blake of Leeds (Lab)
My Lords, I express my sincere thanks to the noble Baroness, Lady Morgan, and all her committee—who will from now on be known as the fraud squad. It is evident from my engagement with the committee that its members formed a very strong bond, and a very collaborative report is the result. I commend them for that. I also thank all the organisations and individuals who have sent us briefings to assist our debate.
I welcome the opportunity to be involved in discussing this report, particularly after spending with many other noble Lords in this Chamber many hours and days debating and voting on the Economic Crime and Corporate Transparency Bill, which in large part deals with fraud as the most common type of crime—not only of economic crime but of any crime.
Fraud has become utterly prolific in this country, and I am afraid that the Government simply have not kept pace. Regularly editing it out when presenting crime statistics does not change this fact, and it certainly does not change the experience of Britons who, according to UK Finance, experienced 3 million cases of crime, to the tune of £1.2 billion, just last year. Despite this, as we have heard, only 1% of our police resources are focused on economic crime and only 0.01% of cases are brought to court. Only three convictions for serious fraud were secured last year—a reduction of seven since 2015. The committee makes it clear that our public sector and criminal justice systems are failing to keep pace with fraudsters, and its recommendations make it clear that this must be a priority to reverse the trend, recognising the increasing complexity that we are working with.
I want to stress the emotional impact on the British public as a major consequence of fraud. As the report explains well, fraud involves manipulation and deception. Victims are often blamed for crimes committed against them and feel shame for having fallen for the crime, despite being a clear victim of a criminal act. The often devastating impact can be emotional trauma and psychological harm, also affecting physical health. The noble Baroness, Lady Lane-Fox, gave a very powerful description of the impact.
We have heard today of the sheer breadth and audacity of fraud crimes, playing on the vulnerable. There has been an increase related to the increased use of digital applications since Covid—banking apps are only one aspect of this. There is advertising on our phones, scamming of debit cards at hole-in-the-wall facilities as well as a range of economic crimes so well documented in the report. Reform is vital to ensuring that we protect individuals and businesses across the country, but the enormous scale of fraud in this country, the links between economic crime and violent crime, war, corruption and human trafficking, and exposure to money laundering also threaten the strength of our economy, the stability of our world and the UK’s international reputation.
I am pleased to be able to speak on this report at a time when Members of this House have worked together to send to the Commons six excellent amendments to the Economic Crime and Corporate Transparency Bill, with many more changes made after working productively with Ministers—for example, to strengthen the role of Companies House and the overseas register, to create a new offence of failing to prevent fraud, to stop those who wish to silence journalists and others exposing large-scale economic crime, and extending the cost cap for civil recovery cases. I applaud the Government for the changes that they have made during the passage of the Bill. However, we know that there is a lot more to do. I hope that the Minister will convey the strength of feeling when the debate goes back to the Commons and that our amendments will be protected.
We have to recognise that we live in a different world since the Fraud Act 2006 was passed. It was introduced in the same year as Facebook became open to the general public, having started as a social media platform just for Harvard students. The ability for fraudsters to use technology, the internet and our telecommunications system has driven a huge increase in fraud. According to UK Finance, telecommunications account for 18% of fraud but 44% of the monetary value of losses. Falling for text fraud is as easy as opening a message that tells you that your parcel is due for delivery.
Tackling fraud means tackling online fraud and telecommunications fraud. I welcome the measures in the Online Safety Bill that seek to prevent online fraudulent advertising in that specific context, but wider internet fraud must also be tackled. Telecoms fraud, for which the committee said that the sector had
“allowed blame to be placed elsewhere”,
also needs to be dealt with. The noble Lord, Lord Sandhurst, gave a very clear exposition of that.
The Government’s response makes it clear that they recognise the significant threat that fraud poses to the UK. Given that, why does their strategy aim only to reduce fraud by 10% on 2019 levels by the end of this Parliament? Can the Minister tell me how close we are to that 10% now, and what measurable progress can we expect over the next few months? Looking further into the future, what reduction does he want by 2030 or 2040? Taking fraud seriously as a crime to me means being significantly more ambitious.
There have been some very serious questions for the Minister, but can I add another by asking what progress has been made on replacing Action Fraud? If only 1% of police resources are dedicated to fighting economic crime—and we all agree that that is ridiculously low, given that fraud is the most common crime—does the Minister think that the law enforcement response that he has outlined will be sufficient? As my noble friend Lord Browne has said, the issue of resources will be absolutely critical. As my noble friend Lord Davies said, do we actually need a specialist agency in this space? Do we really believe that the companies are being incentivised to prevent fraud? What other measures does the Minister have to bring into place?
The UK has now achieved a disastrous reputation as a lucrative market to commit fraud. We have heard about the appalling impact on victims My hope is that the Government’s further responses will lead to urgent action and a determination to raise awareness of the extent and impact of fraud on our citizens and our economy that is bringing misery to so many.
The Parliamentary Under-Secretary of State, Home Office (Lord Sharpe of Epsom) (Con)
My Lords, I congratulate my noble friend Lady Morgan of Cotes on securing this debate. I am grateful to her and to all noble Lords who have participated and have made some very good and thoughtful points. I also express my thanks to my noble friend and all members of the Fraud Act 2006 and Digital Fraud Committee—the noble Baroness, Lady Blake, has stolen the joke that I was going to make about the fraud squad—for its comprehensive report, Fighting Fraud: Breaking the Chain. I also thank noble Lords also for their acknowledgement of the progress that the Government have made. The report’s insightful analysis and constructive recommendations helped to shape the Government’s Fraud Strategy, which was published in May.
I have been asked a number of questions and will endeavour to cover them in the time available and, obviously, I commit to writing if I do not. This is a complex subject, so I shall do my best to be brief. I start by emphasising that the Government take the issue of fraud very seriously indeed and are dedicated to protecting the public from this devastating crime type. I have already had meetings with Anthony Browne MP, the anti-fraud champion, and I know that he is working very hard on his brief—and also, incidentally, has a very strong background in this area from his work with the British Bankers’ Association back in the day.
As most noble Lords have noted, fraud is the most frequently committed crime in the UK. Every year, billions of pounds are lost to fraudsters, including the savings of hard-working people up and down the country. As my noble friend Lady Morgan and others have noted, it is not a victimless crime. Given the scale of the challenge, tackling fraud requires a unified and co-ordinated response from government, law enforcement and the private sector. I thought that the noble Viscount, Lord Waverley, was entirely right on that. It stands to reason that a collaborative effort will allow us to protect the public and businesses better.
I would say to my noble friend Lord Sandhurst that we are acting now. The Government’s approach is split across three pillars: first, we are pursuing fraudsters and ensuring more criminals are behind bars; secondly, we are blocking fraud at source and strengthening efforts to frustrate fraudsters as they target potential victims; and, thirdly, we are empowering people so they are more likely to avoid fraud and the harm that comes with it.
Within the fraud strategy, the Government have committed to a programme of ambitious action. To start with law enforcement, we are beefing up the law enforcement response to fraud by launching a new national fraud squad with 400 new officers, deploying the UK intelligence community, UKIC, to relentlessly pursue criminals wherever they are in the world and putting more fraudsters behind bars through better investigation and prosecution processes.
If I may, I shall go into a little more detail about the national fraud squad, as the noble Lord, Lord Davies, asked me about it. This is a specialist engagement, and the noble Lord, Lord Browne, the noble Baroness, Lady Blake, the noble Viscount, Lord Waverley, and the noble Baroness, Lady Lane-Fox, also asked about it. The national fraud squad will draw together existing capabilities for fraud across national and regional policing and the NCA. It will cover proactive, intelligence-led and reactive investigations. Investment into the national fraud squad has, and will continue to, enhance these capabilities and increase resources to better tackle fraudsters targeting the UK public and private businesses. The national fraud squad will consist of investigation and intelligence teams from within the NCA, the City of London Police and regional organised crime units across England and Wales. It is being bolstered by 400-plus new officers, as I have said, and that will be by 2025; they will investigate and disrupt more fraudsters through strategic co-ordination at local, regional and national level.
The NFS will be jointly led by the City of London Police, as the national police lead, and the NCA as the operational lead for fraud. Teams in the City of London Police and the NCA will work together with UKIC to share intelligence in real time to understand the threat and take proactive enforcement action across government and the private sector against the most harmful fraudsters targeting the UK public.
The noble Baroness, Lady Lane-Fox, made some very strong points about skills. Police and investigators need to have the appropriate digital skills and capabilities, as criminals get better at exploiting them and the technology evolves—a point that was very well made. We are working with the College of Policing to review the fundamental training provided to all police officers and investigators, and the City of London Police and National Economic Crime Centre are also developing a people strategy to address recruitment and retention challenges. At this point, I should just mention the City of London Police commissioner, Angela McLaren, who was appointed in January 2022. She was previously the assistant commissioner there for fraud and cybercrime, so she is an expert and will obviously have a fairly major part to play in this work.
We will stop fraudsters from trying to make victims of us all, by banning cold calls on financial products and banning criminal access to SIM farms. The consultation on that ended only last week or the week before. Fraudsters use those to send mass messages, and we need to take down fraudulent websites more quickly. We will make sure that every part of the system is incentivised to take fraud seriously by working with the tech sector to put in place extra fraud protections, shining a light on which platforms are the safest. The Government will make it much easier to report scams by replacing Action Fraud with a state-of-the-art system, making sure that intelligence is shared quickly and that action is taken early to stop frauds. I shall come back to Action Fraud in a bit more detail in a second.
We will ensure that victims of fraud are reimbursed and supported by changing the law so that more get their money back. We will improve communications so that people know how to protect themselves from fraud and how to report it. My noble friend Lord Young of Cookham made some very powerful points about the evidence given by Revolut, and I shall come back to that as well shortly. Put simply, the strategy marks a step change in our approach to rooting out fraudsters and protecting the public from these pernicious and devastating crimes.
I shall now deal with the more specific points. First, on the subject of telecommunications, criminals abuse telecommunications networks to target people and con them out of their hard-earned money, including through scam texts and calls. We are committed to doing everything that we can to tackle this awful crime and bring the despicable criminals responsible to justice. In 2021, the Government and industry signed a telecommunications fraud charter, which is a voluntary code of action against telecommunications fraud. As a result of the charter, over 600 million scam texts have been blocked from reaching potential victims.
However, as my noble friend Lady Morgan, the noble Viscount, Lord Colville, and others noted, we recognise that there is more to do, and we will continue to work closely with industry, the regulators and consumer groups to bring in the further measures set out in the fraud strategy to close the vulnerabilities that criminals exploit. This needs to be a joint effort across sectors, as the answer to solving fraud does not lie solely with the telecoms sector. As announced in the fraud strategy, the SIM farm consultation has just closed and we will come back with more on that in due course.
Online fraud is a significant part of the problem, obviously. The scale of online fraud is alarming. As my noble friend Lord Sandhurst noted, nearly 80% of all acts of fraud have some sort of online element. We are deeply concerned by the devastating impact it can have on victims—a point very powerfully made by the noble Baroness, Lady Lane-Fox, who also highlighted the rapidly evolving nature of the technology. As noble Lords will be aware, the Online Safety Bill is designed to provide some future-proofing, but we will all need to be aware of and alive to the nature of evolving technology.
In the last year, Lloyds, Santander and TSB have published data regarding the origin of frauds that have impacted their customers. Their research suggests that approximately two-thirds of all online shopping scams now start on two Meta-owned platforms: Facebook and Instagram. The noble Viscount, Lord Colville, made some powerful points about the various types of online scams and how convincing they look. I was going through some examples of those with the Anti-Fraud Champion, Anthony Browne, the other day, and the noble Viscount is absolutely right that they are incredibly realistic. Clearly Meta needs to do a good deal more about these.
Of course, I stress that not all companies facilitate or allow for this type of thing and some are very rigorous with their protocols, but there is clearly very much more still to be done by some companies, and the Online Safety Bill will target them. As noble Lords know, the Bill has completed Committee stage in this House and the Government are committed to passing it before the end of the parliamentary term. The Bill will designate fraud as a priority offence, as others have noted, and will require in-scope companies, including social media providers, to tackle fraud on their online platforms. The Government have listened to victims’ testimonies, as well as evidence from trusted stakeholders and noble Lords, including in Committee. This informed our decision to bring fraudulent advertising into the scope of the Online Safety Bill. This means that the largest social media and search companies will need to take action to prevent fraudulent advertisements on their services.
Combined, these duties will mean that in-scope services will have to crack down on criminals abusing their platforms to defraud innocent members of the public. The Bill will be enforced by the regulator Ofcom, which, as noble Lords know, will have the power to issue very significant fines to companies that fail to tackle fraud—we are talking about fines that could equate to significant percentages of turnover, which I am quite sure will focus minds.
The Government are also bringing forward the online advertising programme to consider how advertising regulation should be modernised for the digital age. It will build on the fraudulent advertising duty in the Online Safety Bill and will look at the role of the entire advertising supply chain. We will be publishing a response to our consultation on that in due course.
Further, building on the success of a series of voluntary charters agreed with the retail banking, telecoms and accountancy sectors, we have initiated work on an online fraud charter with the tech sector. This agreement between the industry and government will deliver a number of further commitments to help raise the standards of best practice and intensify tech firms’ work to reduce fraud on their platforms. As part of the online fraud charter, we have asked firms to: introduce stringent verification checks on financial advertisers, including cross-referencing with the FCA checklist before allowing financial adverts on platforms; adopt a simple, seamless and consistent fraud reporting mechanism for users, with better follow-up action and advice provided; improve data sharing with government and other private sector partners to identify and block more frauds; and promote counterfraud education to the public to help them spot and avoid frauds, and signpost support when needed.
The Government recognise that authorised push payment fraud, where people are manipulated into making a bank transfer to a fraudster, is a growing problem; this was referred to by my noble friends Lady Morgan, Lord Young and Lord Sandhurst. We welcome the actions of the financial services industry to help prevent it. The banking industry has shown industry leadership in committing to a fraud sector charter with the Government that has delivered ambitious and innovative actions to prevent authorised fraud and protect customers. We welcome these initiatives, but more still needs to be done both to prevent fraud and to ensure that victims are not left paying for fraud through no fault of their own.
The Payment Systems Regulator is working with the payments sector on a range of measures to combat authorised push payment fraud. This includes requiring the 14 largest payment providers to publish APP fraud rates, improving data sharing and mandating reimbursement of APP scam victims by banks and other payment service providers. To the point made by my noble friend Lord Young, payment service providers are consulting on the definition of “gross negligence”, which will include a threshold and limit on claims. The providers must do more to prevent APP fraud; they are in a unique position to be able to prevent it, and the work is ongoing. This is in addition to existing initiatives such as confirmation of payee, strong customer authentication, and the industry-led banking protocol.
The Government are also investigating the possibility of legislating to enable further delays to payments in high-risk fraud scenarios, as mentioned by others. We have also committed, through the fraud strategy, to making it easier for banks to repatriate money to victims. This means returning victims’ money where possible, rather than reimbursing.
My noble friends Lord Sandhurst and Lady Morgan and the noble Baroness, Lady Blake, have recognised that the current law on corporate criminal liability does not hold organisations and their senior persons adequately to account. That is why, following the Law Commission options paper on corporate criminal liability, the Government tabled an amendment to the Economic Crime and Corporate Transparency Bill to introduce a new failure to prevent fraud offence, and I am grateful to the House for approving that. The reforms will help to protect victims and cut crime by driving a culture change towards improved fraud prevention procedures in organisations. It will also mean that organisations will be held to account if they profit from the fraudulent actions of their employees.
We debated on Tuesday the wish of some noble Lords to change the threshold for this offence. I will not go over all the arguments again, but the offence proposed by the Government has been designed to balance the fraud prevention benefits with minimising burdens on small business. I thank the noble Baroness, Lady Lane-Fox, for her interesting personal reflections on how hard the business environment currently is for small and medium-sized enterprises. A strong UK economy must be an environment that supports people to open and grow businesses. There are existing powers to prosecute small organisations and their employees if they commit fraud, and these powers are further improved by the introduction of the identification doctrine reforms. We need to keep the burdens in check, but I am sure that we will revisit these arguments soon.
On the subject of the courts, the judicial process and criminal justice system, to which the noble Baroness, Lady Blake, referred, we realise that fraud cases, and the often large volumes of complex digital material that they generate, require a significant amount of time and resource to undertake a thorough investigation and bring a prosecution to court. To ensure that prosecutors have the right tools to take on fraudsters, we will conduct a new, independent review into the challenges of investigating and prosecuting fraud. The review will consider: modernising the disclosure regime for cases with large volumes of digital material; whether fraud offences and the Fraud Act 2006 meet the challenges of modern fraud, including whether penalties still fit the crime; looking at civil orders and penalties to prevent fraudsters reoffending; and making it easier for individuals to inform on associates in criminal fraud networks.
We also recognise the impact that delays can have on victims, witnesses and defendants, and we are taking steps to reduce the overall Crown Court backlog. As well as removing limits on the total number of sitting days in the Crown Court for a second year in a row, we are recruiting around 1,000 judges to increase judicial capacity in the criminal courts with the largest caseloads. We will also recruit around 2,000 new magistrates by 2025. We are continuing with the planned construction of the City of London law courts, which are scheduled to open in 2026 and will facilitate the hearing of more economic crime cases.
I committed to come back to Action Fraud, because it is vital that victims of fraud have the confidence and trust to come forward to report instances of fraud and know that their case will be dealt with properly. Action Fraud is a key part of this. We are working alongside the City of London Police to refresh and upgrade the current Action Fraud service. We will be providing over £30 million to the City of London Police to replace Action Fraud with a more efficient new system that will provide better support services and reporting tools for victims and better intelligence to law enforcement so that it can investigate and disrupt more fraudsters. I am pleased to share that improvements are already being rolled out and more are coming, with the new service expected to be fully operational by 2024. This will further improve the support services and reporting tools for victims, provide greater intelligence, as I have said, and allow for greater prevention and disruption.
I have not really talked about victims yet, which is remiss of me. As the noble Lord, Lord Davies, pointed out, the impact on victims can be very significant indeed. It can have a devastating impact on mental health, and particularly on the elderly and most vulnerable people in our society—and that is not to forget the serious financial, as well as emotional, harm that can be caused. That is why we have taken various steps, as detailed in the fraud strategy, to improve the support that victims receive. The Action Fraud National Economic Crime Victim Care Unit provides support for victims of fraud and cybercrime whose cases are not investigated by local police. The Home Office is working with the City of London Police to deliver a nationwide rollout of these units from 2023.
We are also supporting National Trading Standards’ Scams Team in the rollout of a multi-agency approach to fraud hubs across England and Wales. These hubs aim to bring together different local agencies to enable fast information sharing to identify the needs of a vulnerable person. It is important that victims of fraud receive the support they are entitled to. We are working to improve the victim support system to ensure that everyone receives the support they need to feel safe again.
The noble Lord, Lord Davies, raised the subject of data sharing. As outlined in the Economic Crime Plan 2, published earlier this year, sharing data is a key route for the public and private sectors to identify and block frauds and economic crime. Large amounts of financial data flow through the UK every hour. The overwhelming majority of this data relates to legitimate activity, but a small proportion involves criminal activity. Currently, too much of this data sits siloed in different organisations, in different formats with unclear legal and technological gateways for sharing it. The Economic Crime and Corporate Transparency Bill and the reforms to the general data protection regulation will remove the legislative barriers to economic crime data sharing. Now is the time to capitalise on those opportunities.
Under a public/private economic crime data strategy, we will produce and implement a strategy that enhances the exploitation of available data across the ecosystem to better prevent, detect and pursue economic crime. In addition, we will work across public, private and international boundaries and improve the flow of information between regulated sector entities; improve the flows of information and intelligence between public and private organisations, including supervisors; improve the flows of information and intelligence between public organisations; and identify and address obstacles to international information sharing.
My noble friend Lord Sandhurst, the noble Viscount, Lord Waverley, and the noble Baroness, Lady Blake, talked about the international dimension to this. Of course, the fraud threat to the UK is varied, but more than a third has an international element. As part of the strategy, we aim to become the global leader in tackling fraud. We will develop stronger partnerships with international fraud threats, share best practice and advance the UK’s aim to lead a multilateral response. This engagement will culminate in the UK Government-chaired global fraud summit in 2024, at which we will look to agree an international co-ordinated action plan to dismantle fraud networks.
I am afraid I am unable to comment further at this point on the comments by the noble Baroness, Lady Neville-Jones, about the Computer Misuse Act. I heard what she said and I will of course take that back to the department and report.
In closing I again thank my noble friend Lady Morgan of Cotes for securing this debate and all those who have spoken. It seems to me that there is a broad consensus about the vital importance of this issue. Fraud is affecting far too many people and ruining far too many lives. As I have made clear, the Government are committed to stopping fraud at source and pursuing those responsible wherever they are in the world. I am afraid I cannot update the noble Baroness, Lady Blake, on her 10% comments, but I commit that my personal target is to reduce fraud to zero. I accept that that is highly unlikely, but there is no harm in aiming high.
The recently published Fraud Strategy represents a step change in our response, and I assure noble Lords that we will be assiduous in implementing its commitments as we take the fight to fraudsters, because ultimately this is about protecting the public. We must and we will do everything in our power to prevail. I hope I have answered noble Lords’ questions.
Baroness Morgan of Cotes (Con)
My Lords, I rise very briefly at the end of what has been a fantastic debate to thank all noble Lords who have taken part. The breadth of this debate has captured the significant spread of issues in our report and more broadly, and has demonstrated why we were right to look at the whole of the fraud chain and why we will not get on top of this problem unless we tackle all elements of that chain. The noble Lord, Lord Browne, rightly threw down the challenge of whether the 10% reduction is significant enough, and he has just heard from my noble friend the Minister that we would all like to go a lot further and faster. He was also right to highlight the lack of overall data in relation to fraud that we found as a committee. There is an opportunity there for any researchers listening to do a lot more in this space for the next inquiry that comes along.
It is a great pleasure to welcome the noble Baroness, Lady Lane-Fox, back to her place, and I look forward to her future contributions in debate. I cannot do justice to all the issues raised, but my noble friend the Minister captured many of them. My noble friend Lord Young used the phrase “breaking the spell”, and there is no doubt that victims, particularly victims of APP frauds, are under a spell and are being socially engineered. As the noble Baroness, Lady Blake, said, often they are blamed for having fallen under that spell through no fault of their own, because there was not sufficient preventive action to stop those fraudulent messages and attempts reaching them in the first place.
My noble friend Lord Sandhurst said that too many institutions have failed to tackle this issue or take it seriously for too long. I think that this report, the Government’s action and the changes made to legislation, both here and in the House of Commons, show that this is changing. Noble Lords have heard from the passion in this debate that committee members, hereafter to be known as the fraud squad, have taken these issues very seriously and will not let them rest. I thank all noble Lords for an excellent debate.