(2 years, 11 months ago)
Grand CommitteeTo ask Her Majesty’s Government what steps they are taking to protect vulnerable people from financial fraud.
My Lords, there do not appear to be any definite figures for the amount and extent of fraud in the UK. There is, however, general agreement that it is very, very large, that it is growing rapidly in volume and sophistication and that it can ruin people’s lives. The CPS reckons that fraud is now the most commonly experienced crime in England and Wales, with 5 million offences in the first half of this year. That is a rise of 32% on the same period last year—and all these figures, alarmingly large as they are, may well understate the case. The National Crime Agency says that fewer than 20% of cases of fraud are reported, with many victims too embarrassed to make a report and perhaps, in the financial sector, too fearful of damaging their reputation.
The question we are dealing with this afternoon asks what the Government are doing to protect vulnerable consumers from financial fraud. The FCA defines “vulnerable” as
“some-one who, due to their personal circumstances is especially susceptible to detriment, particularly when a firm is not acting with appropriate levels of care.”
The FCA also lists some of those circumstances. They include physical and mental health problems, financial problems, life events and the lack of capability and/or confidence when dealing with finances. In truth, the list probably covers most people at some point in their life. But it is clear that the young, the elderly and the digitally innocent will be at significant risk. Not surprisingly, these groups are the frequent targets of fraudsters.
Also not surprisingly, fraud has moved heavily online: some 85% of all fraud in the first half of last year was cyber-enabled and 50% of adults were exposed to fraudulent ads each month. Many of these ads are carried by social media and many promote investment scams. They often operate by mimicking a genuine website such as HMRC’s or a bank’s. They also operate by placing ads on online platforms. Last week the Times reported that TSB data showed that seven in 10 victims of investment scams were targeted through Instagram alone.
Of all the investment scams reported to TSB to the end of August this year, scams based on Instagram accounted for 62%, on Snapchat 11%, on Google 10% and on Facebook 8%. That is a 70% score for Mark Zuckerberg and Meta. Since then, Google has all but eliminated scam adverts on its search engine. It did this simply by introducing rules that required all financial advertisers to prove that they were authorised by the FCA. TSB has had no reports of people falling victim to fraud through Google since the end of August. Instagram and Facebook have not followed suit. Can the Minister say what pressure is being brought to bear on Meta by the Government? Why should Meta be allowed to profit from scam ads and expose its members to a direct risk of fraud?
It is clear that the Government understand the seriousness and scale of the problem of financial fraud, and they have made some very significant interventions. Last month they established the Joint Fraud Taskforce, a private and public sector partnership, to focus on issues considered too difficult for a single organisation to manage alone. It is to be hoped that the new organisation will be able to plot a clear course through the jungle of agencies and regulators with interests and responsibilities in the area. It might even be able to take a leading role, so perhaps the Minister could tell us a little more about the objectives and working methods of the new task force, what targets it has and to whom it is accountable?
The Home Office has also published three new fraud charters, for the retail banking, telecoms and accountancy sectors. The Payment Systems Regulator has published a voluntary code for the reimbursement of victims of authorised push-payment fraud. Not all banks have signed up to the code. As a consequence, the Government now plan to legislate to make reimbursement mandatory. All this is welcome, as is the new inclusion of online fraud measures in the Draft Online Safety Bill.
However, there is still considerable work to be done. One of the reasons for the establishment of the Joint Fraud Taskforce was the existence of many agencies and regulators with at least some responsibility in this area. I counted at least six, and there may be more. That excludes the gatekeeper, Action Fraud, which is a reporting system—the people you contact to report a fraud and who then pass on the report to other agencies so that they may take action.
Action Fraud is critical to the success of the whole system. However, in July 2019, the Times published the findings of its undercover investigation of the unit, which found that the failings of Action Fraud had been well known for years. Right from its hotline going live in 2013, Ministers had to admit that 2,500 online reports were not processed correctly due to a fault in the IT system. In 2015, the firm operating the Action Fraud call centre in Manchester went bust, leaving fraud victims waiting even longer to get through. In 2019, an undercover Times reporter exposed call handlers mocking victims as “morons” and misleading them into thinking their reports were being taken seriously when most were never looked at again.
As a result of the Times investigation, Sir Craig Mackey, a retired police chief, reviewed the organisation. He found that both Action Fraud and the National Fraud Intelligence Bureau were
“significantly hampered by an operating system that is not fully functional and their resourcing levels have not kept pace with increased reporting”.
He also found that Action Fraud failed to answer a third of the calls made to it. A year later, it was announced that steps would be taken to revamp the failed Action Fraud hotline. Police chiefs were looking for a new company to run it. That was a year ago. Can the Minister say why it took so long to take remedial action? Has a new contract been awarded and, if so, to whom?
Action Fraud, or some properly working equivalent, is vital to the fight against fraud, but as recently as this June, Martin Lewis described Action Fraud as “pointless” and said the organisation lacked the necessary funding to tackle criminals. Is Martin Lewis wrong? What reassurance can the Minister give that we now have in place an organisation that is properly run, properly funded and fit for purpose?
Reporting fraud is critical, but so is prevention. In this area, much needs to be done to rein in the social media platforms. As Martin Lewis said recently in evidence to the Joint Committee on the Draft Online Safety Bill:
“Don’t let them off the hook. We need to make big tech responsible”.
We could make a start by making Meta follow Google. We should make it ban ads for financial services by advertisers that cannot prove that they are authorised by the FCA.
(4 years, 7 months ago)
Lords ChamberI thank the noble Baroness for that question. She is right to raise this. Local government is at the heart of some of that local awareness-raising and enforcement action. We have given a grant of £500,000 and an additional £600,000 for National Trading Standards scams teams to provide call-blocking technology to vulnerable people.
My Lords, yesterday the Times reported the cybersecurity company Avast as saying that scammers have been targeting healthcare providers worldwide since the pandemic struck. Its CEO said:
“We’ve seen an increased number of attacks against hospitals and the NHS is one of the top targets right now.”
These attacks use ransomware and shut down NHS systems unless a ransom is paid. The last large ransomware attack on the NHS was in 2016 and led to disruption in at least a third of trusts. In 2018, the NHS published a lessons-learned report that made 22 recommendations to protect against future attacks. How many of those recommendations have been implemented, and how safe from ransomware attacks is the NHS at the moment?
I hope the noble Lord will forgive me when I say that I do not have specific information to hand on the NHS. It is pretty disgusting how this exploitation takes place very quickly on the back of a vulnerable event. Counterfraud guidance is being circulated alongside further advice and guidance from cybercrime technical work, which consists of more than 100 police officers across the country with a focus on helping businesses and individuals to protect themselves from these sorts of crimes. The public sector is a huge part of national business as we know it. I have certainly had a lot of information on Covid-19 exploitation, such as selling people protective equipment that is absolutely fraudulent and tests that are absolutely fake. It is an appalling practice, but it is happening and we are working across agencies to try to combat it.