Why we need to re-think online defences to combat fraud

In collaboration with organisations across the fraud prevention landscape, Cifas has pledged its support to a joint statement on preventing fraud online. In this open statement, drafted by the Fraud Advisory Panel, we collectively call for a complete re-think of our online defences.

Fraud in the UK has reached epidemic levels - over recent years we’ve seen record levels of fraudulent conduct recorded to the Cifas National Fraud Database. In 2020, members of the Cifas community recorded an instance of identity fraud perpetrated through online channels almost every three minutes. It’s clear the online space is a vulnerability that fraudsters can and do target heavily.

The personal data required to perpetrate identify fraud is harvested from social media profiles, through data breaches, and convincing looking phishing emails, websites, and fake adverts. However, there is currently not enough responsibility placed upon online platforms, such as search engines and social media companies, to stem this tide. We know they’re aware of these risks and have the tools to act, but we haven’t seen them take sufficient steps to curb this threat, and they face no legal or regulatory action for failing to do so.

To exacerbate this problem, the policing of online fraud is a “Cinderella service” and cybercrime remains under-prioritised and underfunded, despite it being the type of crime the public are most likely to fall victim to. RUSI’s report, commissioned by Cifas, set out the need for increased police prioritisation of fraud to effectively tackle the issue. The report highlights the link between fraud and other high harm crimes such as people and drug trafficking, and terrorism - making effective action on fraud, and its increased facilitation through online channels, imperative.

In response to this serious and growing threat, the joint statement calls for five actions from the UK government to better protect the public from fraud enabled through online channels:

• 1. Include fraud and cybercrime in the forthcoming Online Safety Bill – this would make platforms responsible for identifying and removing harmful content linked to fraud and cybercrime and face penalties if they do not.
• 2. Create a voluntary fraud charter for social media platforms – using the UK banking industry’s Contingent Reimbursement Model as a blueprint, this would set out the duty of care to users and set out standards for all platforms to follow.
• 3. Encourage the voluntary adoption of verified IDs – in order to allow the public to trust accounts they are interacting with are genuine, accounts should be able to prove they have undergone enhanced due diligence checks and can be trusted as genuine.
• 4. Review the domestic legal framework – the current Computer Misuse Act 1990 is out of date and doesn’t reflect the risks posed by cybercrime today. In fact, the act has only received one set of amendments to it since Facebook launched the ‘Like’ button in 2009 and Instagram reached one million users in 2010 - there are now over one billion users. A new legal framework is urgently required.
• 5. Launch a public awareness campaign – we’ve seen social media sites battle misinformation regarding the Covid-19 vaccine and the Government awareness campaigns to counter this misinformation. We would like to see this replicated for other forms of online abuse and deception through a Government led public awareness campaign.

Cifas and our partners issuing this statement are willing and able to work with the government and online platforms to help battle this threat together.

You can read the joint statement here.