National Fraud Strategy

March 19th, 2009 at 07:51 UTC by Ross Anderson

Today the Government “launches” its National Fraud Strategy. I qualify the verb because none of the quality papers seems to be running the story, and the press releases have not yet appeared on the websites of the Attorney General or the Ministry of Justice.

And well might Baroness Scotland be ashamed. The Strategy is a mishmash of things that are being done already with one new initiative – a National Fraud Reporting Centre, to be run by the City of London Police. This is presumably intended to defuse the Lords’ criticisms of the current system whereby fraud must be reported to the banks, not to the police. As our blog has frequently reported, banks dump liability for fraud on customers by making false claims about system security and imposing unreasinable terms and conditions. This is a regulatory failure: the FSA has been just as gullible in accepting the banking industry’s security models as they were about accepting its credit-risk models. (The ombudsman has also been eager to please.)

So what’s wrong with the new arrangements? Quite simply, the National Fraud Reporting Centre will nestle comfortably alongside the City force’s Dedicated Cheque and Plastic Crime Unit, which investigates card fraud but is funded by the banks. Given this disgraceful arrangement, which is more worthy of Uzbekistan than of Britain, you have to ask how eager the City force will be to investigate offences that bankers don’t want investigated, such as the growing number of insider frauds and chip card cloning? And how vigorously will City cops investigate their paymasters for the fraud of claiming that their systems are secure, when they’re not, in order to avoid paying compensation to defrauded accountholders? The purpose of the old system was to keep the fraud figures artificially low while enabling the banks to control such investigations as did take place. And what precisely has changed?

The lessons of the credit crunch just don’t seem to have sunk in yet. The Government just can’t kick the habit of kowtowing to bankers.

Entry filed under: Banking security, Legal issues, News coverage, Politics, Security economics

14 comments Add your own

  • 1. Tom Welsh  |  March 19th, 2009 at 11:24 UTC

    The whole idea of politicians campaigning against fraud sounds deeply satirical. Isn’t fraud, after all, their own daily stock in trade? Making the worse case look the better, and so on?

    Of course, if you really want to cover something up there is nothing quite so effective as launching an official inquiry into it. That forestalls any awkward questions in other quarters, and gives you an opportunity to find the evidence, assess it carefully, and bury it where no one will ever see it again.

  • 2. fatbloke  |  March 19th, 2009 at 12:04 UTC

    The Attorney General’s site is now carrying the press release on this: http://www.attorneygeneral.gov.uk/attachments/090317%20NFS%20news%20release%20FINAL%20electronic.pdf

    Ross – whilst having aspects of this funded by the banking sector is not ideal from an impartiality perspective, surely it is better than nothing being done? Surely getting some criminal toe rags off the streets is better than nothing?

    In your opinion, what specifically needs to be done by the UK (nay, the rest of the world too) to combat banking fraud, identity theft and the like such that a real difference can be made without the impartiality of investigations being called into question?

  • 3. David Evans  |  March 19th, 2009 at 14:28 UTC

    Good post! Sooner or later we’re going to have to get to grips with this – the simple fact is that putting the burden on the customer is a misalignment of capability and responsibility. How can a customer of a bank ensure they are ’safe’? In the long term, either the banks internalise and deal with the risks, or a large and opaque insurance industry will be born. Hmmm…

  • 4. Bell  |  March 19th, 2009 at 14:41 UTC

    fatbloke: The industry is only interested in keeping the toerags off the street if their being on the street costs the industry money. There are two ways to avoid fraud costing the banking industry money:

    - Reduce the risks and support effective prosecution
    - Make it someone else’s problem

    The industry is currently far to focussed on the second option. I have no doubt that attempts to defraud banks while claiming to be a victim do happen. The banks do need to protect themselves against this, but their attempts are getting in the way of useful information and prosecutions when the customers are the victims.

    One of the core ideas that Ross promotes is that the costs should be borne by those who have the power to stop the problem. The banks are in the best position to do something about these problems, but as they don’t have to bear the costs they have no incentive to.

    Their claims that things are currently secure also gets in the way of investigating how to improve security, just to add to the annoyance.

  • 5. Alex Jackson  |  March 19th, 2009 at 20:01 UTC

    Well done Mr Anderson. I work in IT and from personal experience know that the current system is riddled with flaws and the consumer has very little redress when money is fraudulently removed from their accounts due to the bank’s ‘Terms and Conditions’. What no one in either Government or banking seems able to grasp is that if I trust a bank to hold my money, then any refusal by them to honour that responsibility is legalised theft.

  • 6. Gissaname  |  March 20th, 2009 at 12:35 UTC

    Cloning CHIP cards is hard work fraud and only works in limited situations and where the transaction is not authorised online. I do wish you guys would be factual and not going for the sensational all the time.

    More fraud is committed by 1st parties than 3rd Party actions such as theft and cloning. So this area needs tackling too.

    If you want to attack anyone attack the government and the police who would never assist the banks in the past with fraud, as they saw it as a victimless crime. The banks, however, have always insisted this is not the case and spend vast sums to try and prevent it.

    If you want to determine the causes of fraud just look to the thousands of useless items of legislation this government has put through in the past 12 years instead of enforcing the legislation that was already in place.

    Most police authorities had done away with cheque fraud teams and fraud investigation over the last 20 years.

    I guess the Government probably thought they could introduce a tax on fraud to add to the coffers they have wasted already but realised that it was probably not feasible, so instead we will recreate wheels and have lots of quangos looking at the problem with no one taking overall responsibility in the government or the police.

    If it isn’t car crime, speeding, or a way of generating revenue then there is no way that this government will do anything about fraud – except perhaps to see if they can legitimately conduct it to raise revenue.

    As for the FSA – this has been another quango wholey reactive in its actions with no concept of the real world and how to Oversea best practice and regulation in the finance industry.

    Hey ho – nothing changes – but don’t blame the banks.

  • 7. brian  |  March 20th, 2009 at 17:09 UTC

    I work in a fast declining business of cheques and I have for over 40 years. I work both in the UK and overseas.So I have a different angle on this rather than on the IT aspect. Historically Banks hadnt a clue about cheques and how to stop fraud ect. In fact banks in Africa have a far greater knowledge and better standards than we do in the UK. Cheques could be more secure but it would cost money. Banks have never wanted to spend cash on better cheques. Our cheques supplied by a bank are still pathetic. On top of that banks do not educate the clients in how to prevent fraud. If they did they would be culpable if a fraud took place so they say nothing. I do not see that improving in the future on the more technical payment systems and the current trend demonstrates that.

  • 8. Clive Robinson  |  March 20th, 2009 at 19:35 UTC

    Ross,

    I’m wondering if the recent “harassmant” case British Gas lost is going to wake the banks up.

    On thing the Judge decided was that “blaiming the computer” was not a liability get out as the computer is programed by humans.

    He had some other choice statments to make that appear to relate aplicably to the banks especially (ie not being able to identify a controling mind does not mean that it is not still harassment…).

    It might just unravel a few cosy little cartells based around revolving door employment between Governement Depts and the Banks and other financial businesses.

  • 9. Ross Anderson  |  March 20th, 2009 at 21:11 UTC

    We’ve a paper appearing soon in the Journal of Economic Perspectives in which we analyse what tasks in the fight against fraud should be undertaken by whom – the customers, the banks, the bankers’ trade associations, and the police. It’s just common sense, really – getting the incentives as well aligned as possible

  • 10. Peter  |  March 22nd, 2009 at 18:09 UTC

    That may be insulting Uzbekistan ;-)

    On a more serious note, I would class a “National Fraud Reporting Centre” as yet another detriment to our privacy and civil liberties. There is no requirement to setup centralised policing for this issue, and I seriously doubt it would ever be effective.

    What needs to be done is for the government to enact clear and unequivocal legislation to say that unless there is proof that a customer has defrauded the bank (which I image would be a fairly rare occurance), then the liability lies firmly with the bank. It shouldn’t be the situation that the customer has to prove there hasn’t been fraud which is contrary to our basic principles of law (since fraud is a crime).

    It is then in the bank’s interests to improve its security and put itself in a real position to be able to prove who authenticated a particular transaction.

    Having a national reporting centre just encourages the state to collect more data on us, and makes yet another of the bank’s expenses the tax payer’s expense.

  • 11. Keith Tayler  |  March 22nd, 2009 at 22:39 UTC

    We should perhaps recall the advice of Adam Smith when regulating the banks and indeed the whole financial services industry. When discussing in the Wealth of Nations the problem of regulating markets and the activities of “dealers” he wrote, “The proposal of any new law or regulation of commerce which comes from this order [dealers], ought always to be listened to with great precaution, and ought never to be adopted till after having been long and carefully examined, not only with the most scrupulous, but with the most suspicious attention. It comes from an order of men, whose interest is never exactly the same with that of the public, who have generally an interest to deceive and even to oppress the public, and who accordingly have, upon many occasions, both deceived and oppressed it.”

    Of course Smith heaped even more scorn upon the legislators, believing they would always be in league with the dealers and masters of industry to oppress the public. Looks like he got it right.

  • 12. Clive Robinson  |  March 25th, 2009 at 09:08 UTC

    @ Keith Tayler,

    Ah Adam Smith, the real economic poster child of that little town in The Kingdom of Fife.

    Unfortunatly one Gordon Brown of the same town wishes to assume the mantel whilst directly contradicting the advice…

    When I heard GB admit he had not seen the effects of the housing bubble etc comming my mouth dropped. Not because it was not obvious he and others had been “fiddling whilst…”. But because he thought he could get away with a “hey guys I’m human too” ruse to cover up his compleatly inadiquate level of competance.

    Having worked for a couple of companies in the Far East in the 1990’s, I was aware first hand of what a property bubble / spiral could do to a nations economy and those dependent on it’s well being.

    In 98 I decided that the UK had got to the point it’s property market could not be sustained any longer and nor could the attendent rising personal debt from easy credit.

    Having put “my own house in order” I am more than a little upset at having to pay for the price of GB’s clique of “influencial industry advisors”, as I suspect are many readers of this site.

    However I’m not sure that regulation is the answer. In the US in response to the likes of Enron, their legislature gave a blank sheet to the auditing industry and said tell us what to do.. The Sarbanes-Oxley Act was the result. And as we now know it was compleatly inefective. Even where Congress had dictated that there should be an independent audit body of the two largest motgage issuers in the US (FM&FM) over 100 government employed auditors compleatly failed to raise any warning flags.

    I suspect that as Ross and others think the only real way to prevent this sort of thing re-occuring (in another way) is to stop industries forcefully externalising risk onto others and for greater transparency in action and accountability.

    However are we as a society ready or willing to pay the inevitable consiquences of this?

  • 13. Keith Tayler  |  March 25th, 2009 at 11:36 UTC

    @Clive Roberson

    I agree and of course so would the Great Adam Smith. He warned us in some detail about “externalising risk onto others”. The level of risk determines the profit, but profits must always be kept to a minimum and wages at a maximum. There should be little financial rewards for those that place the money of others at risk (i.e. the odious “dealers” that were the ruin of many a nation), rewards come when you place your own money at risk.
    As for the “systems” that Ross discusses: Smith wanted markets in areas where there was transparency and good information (you can get a Noble Prize for that type of thinking these days), but where it was not possible to determine the quality of goods and services because they were, so to speak, opaque, he called for external quality controls. The assaying of gold and silver by the Guilds was his example (although again the Guilds needed reforming).
    Smith’s answer to your final question is that we should give a resounding “yes”. But of course governments will continue to kowtow to bankers and the masters of industry – vanity and the lust for power still holds sway.

  • 14. Peter  |  March 28th, 2009 at 22:24 UTC

    For years I submitted 419 (Nigerian Scam) reports to the Commercial Fraud desk of a UK city police force. By chance, I spoke with a police officer from the unit. He advised me that the Home Office had closed the national unit set up to deal with 419 fraud reports. This new initiative will, in my view, go the same way. Why? I believe it is because UK police forces are independent, governed by Chief Constables and committees who may have used a typewriter but are unlikely to have used a Personal Computer (that’s what secretaries and personal assistants are for !). They don’t care about Internet based crime. It’s not on the Home Ofice statistics, it’s invisible, no one is physically hurt, the Banks’ repay what is stolen, so there’s no problem. This “head in the sand” approach allows criminals to defraud UK citizens and businesses. Crooks know that the UK is soft on Internet (and other) crime. The Government and the Home Office need to define and implement an Internet based security strategy that provides local reporting and trained, initial investigation, linked to central reporting and specialist investigation resources. The strategy has to link up to and work with other country’s Internet Crime Investigation centres to implement a global strategy (as per the Prime Minister’s apporach to combating the current financial issues). Anything else is just a sop.

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


Calendar

March 2009
M T W T F S S
« Feb   Apr »
 1
2345678
9101112131415
16171819202122
23242526272829
3031