For our very first Fraud Academy podcast episode, CMO Gerry Carr sits down with John Flately, Head of Crime Statistics and Analysis at the Office for National Statistics (ONS) to chat through the recent report released by John and the ONS about fraud in the UK. You can listen to the episode either on our Soundcloud page or just click below.
Gerry: Welcome to the first Ravelin podcast where we look at issues around topic of fraud. Across this podcast series, we are going to be talking to a variety of experts coming at the topic from a variety of angles and I’m delighted in this first episode that we talk to John Flatley. John, I’ll let you introduce yourself.
John: Hello, I’m John Flatley, I’m the Head of Crime Statistics and Analysis at the Office for National Statistics.
Gerry: Okay, brilliant. And very recently, I should say that’s in the UK, you guys brought out a report looking at the size of the fraud problem across the UK. And it was extremely revealing in lots of ways. I think it’s the first time we’ve really seen a proper light shone on the actual scale of the problem here. I’m wondering if you could just give us some sort of top level highlights from the report. Not sure, highlights is the right word but you know, the standout statistics that you guys saw?
John: We’ve relied largely on figures that have been reported to the Police through the National Fraud Reporting Centre on Action Fraud and that we’ve always known has only given us part of the picture because very few frauds actually get reported to the police. So what we did here is we surveyed a sample of the general population, quite a large survey asking people in their own homes about their experiences of being a victim of fraud and what was quite revealing about this was the scale of fraud was massive. Compared with our traditional crimes, you are something like 20 times more likely to be a victim of fraud than robbery.
John: And it’s roughly one in ten of the population that have experienced a fraud or a computer misuse offence in the previous 12 months.
Gerry: Yeah, it’s pretty good analysing a little bit about the types of fraud that you guys were looking at. From our perspective obviously, what we see most is the card fraud. I was just wondering if you could break down the sort of types of fraud there are and sort of a little bit of colour around what’s happening in each case.
John: What we did find was that banking and credit account fraud was – this is by far away the dominant volume. It made up something like two-thirds of the total fraud that people have experienced and this was typically things like their cards being cloned or their card details being hacked, and used fraudulently.
John: And this was by far away the biggest problem but there were other types of fraud as well, experiences such as investment frauds.
Gerry: What is investment fraud? I did read [the report] but I’m not sure I understand it.
John: These are those things where you’re contacted either by telephone, or possibly by email offering you fantastic returns on an investment which is really too good to be true that unfortunately people then send some money…
Gerry: Is this like a Nigerian scam email, that sort of thing?
John: Yeah, that sort of thing is quite common. And then we have things like romance frauds where people developed a relationship with someone online who they think is a genuine partner in the offering and then after some time of grooming this person, the fraudster will ask them to send them some money so they can book an air ticket to come across to see them and of course this person then disappears and the money is then lost. Quite a wide range in ways that fraud can be committed.
Gerry: Are they all types of crimes that people don’t tend to report out of embarrassment or?
John: Yeah, I think there’s a real embarrassment factor there, people feel foolish for falling to this trick, embarrassed about even telling their family and friends about it. So these figures will shine a light on these sort of things, I think in a much more useful way than we’ve till now been able to do.
Gerry: Just to go back to the card frauds, it’s probably worth spelling out for people listening how exactly that fraud takes place.
John: Yeah. There’s a variety of methods. Often cards are skimmed or cloned so the details are then copied by a criminal and sold on the darknet to others. Then those card details are then used fraudulently to buy goods and services and the first time that the account holder finds out about it is either they see some payments on their bank statement which they don’t recognise or typically their card provider will ring them up and say I’ve noticed a series of unusual transactions particularly if it’s happening abroad, and you know quite a few hundred pounds will be racked up on that card before a stop is put on it.
Typically, we found that those victims are reimbursed by their financial services provider. About 8 out of 10 people told us they were reimbursed in full but of course those costs are not hidden or invisible where they are absorbed by the cardholders and passed on indirectly to all of us in some form or another.
Gerry: So John, to date this kind of card fraud, this bank account fraud, it’s called various different things and has been viewed societally as a sort of victimless crime but the burden of the cost must fall somewhere. Is it the banking institutions paying for it? Is it the individuals who are not being reimbursed or is the burden falling somewhere else?
John: I think it’s a mix. It varies across crime to crime. In some of it, the banks are making sort of commercial decisions about a threshold to which they’ll write certain costs off. We certainly know from our figures that what the banks refers to the police for investigation is the tip of the iceberg where they estimate something like 2 million fraudulent transactions on UK issued cards each year but less than one in ten of those go reported to the police for investigation.
John: Largely because there isn’t good evidence at fraud investigation or the fraudster is in a country where we have no jurisdiction of rights of extradition. So there’s nothing the police can do about it unless they’ve got agreements with force through the police services in those countries. Companies operating online may absorb the cost themselves but of course these costs have to be passed on in different ways. I mean the insurance industry is a good area where there was a big problem with insurance fraud in recent years and it was well known that that led to an increase in insurance premiums for all of us. So if we can reduce this level of fraud, it will reduce costs across society.
Gerry: So we’re definitely, although it’s not that visible, we’re definitely seeing the cost of fraud reflected in the price that we’re paying online and the price that we’re paying although it seems like a highly competitive market there’s still some built-in costs there because I think ultimately at least a very large percentage of this fraud cost is being borne by the merchants, is that accurate?
John: Certainly one could conclude that from the low reporting rate to the place and these companies must be making some commercial decisions about the value and the time and effort in reporting the crime, the chance of the police and also identify the criminal and bring them to justice.
Gerry: Do you think it’s a problem with policing? Is it a problem with the law right now that it is so difficult for the police to get a prosecution in this case or even for a merchant to pursue a prosecution, it seems that it’s almost a consequence for a crime at the moment and do we need to change the state of the way we police it in order to change that?
John: I think a lot could be done through education and growing awareness amongst the public and you know, if you think back to previous crime problems, we had big marketing campaigns to raise awareness about things you can do to reduce your risk of being a victim of crime and for many people the internet is still a new thing. There is a lot we can do to raise awareness, simple things all of us can do to reduce our risk of falling victim to fraud by ensuring our computers have antivirus software installed and regularly updated and not clicking on links in unsolicited emails or text messages and generally being sceptical of deals that seem too good to be true.
Gerry: But in terms of credit card fraud there’s not a lot you can do, there are already 13 billion cards out there on the darknet. The chances are that your card is probably already available somewhere in some format so it hasn’t come to fruition yet. So really the burden is on the merchants to do as much as they can to stop themselves being subject to defrauding. There is lot of money there. That’s probably who’s going to pay.
John: Yeah, absolutely. I think the fraudsters are constantly evolving their methods. Every week it seems a new scam appears. I mean, I follow the Action Fraud website and it is quite interesting to see how scams develop and how typical they are. So you know, around Olympics, we are getting ticket fraud and tapping into people’s interest in these sort of events and so you know the industry and police need to be up to speed and as quick in evolving their methods of detection and prevention as the criminals are creating new ways of committing these crimes.
Gerry: What would you make of the argument that, if we look at crime levels, crime reporting levels over the last 20 years, again, the UK Statistics will be better here for some reason than elsewhere. Thanks to your good work, John, but we’ve seen the actuals of headline crime, the figures come down, the amount of murders and the robberies, the amount of violent crime have all gone down, the police budgets have gone down at the same time. It’s clear that the crime has shifted online but the smart criminal is not going to bust someone over the head or break into someone’s house and steal their television, they’re going to steal it online somehow but what do you make of the argument that that’s actually a net social good, and that for people living in the country, it’s actually a better place to live because I’m not going to be the victim of a violent crime or something that’s going to traumatise me but rather it’s going to happen almost silently online.
John: I can see some people might argue that but I mean crime, any sort of crime, is not a good thing and there are often other repercussions, your credit card gets defrauded, you get your money back from the bank but you might now have to go through a whole lot of inconvenience in terms of changing your account details, making sure your credit reference records are not being falsely downgraded. There are all sorts of repercussions that can go on beyond just the immediate problem of having to get in touch with the bank to get your money reimbursed and of course, as we mentioned earlier these costs are all borne one way or another by all of us.
Gerry: Yeah and do you think that this crime is becoming, again if I’m trading online, I’m running a business and, should I consider that this problem is only going to get bigger? Does it seem to be growing? I know we’ve only got one year of statistics so it’s hard to be definitive in the conclusions around that but does it look like a problem that’s going to get worse before it gets better? Is it something that I need to be particularly vigilant about now, more vigilant of as time goes on?
John: I think we’re getting better information now about the scale of the threats and one thing which we do need to bear in mind is that the volume of transactions online is growing year-on-year and so inevitably we’re going to see more cybercrime but really what we’re looking at is what proportion it makes of the total and I think, there is some evidence that suggest that as the number is getting larger, it’s not necessarily becoming a higher proportion. As we’re getting more clever at the way we can solve these problems and correct them, so that’s not to say that we should be complacent but it’s to try and put the figures in context.
Gerry: So John, one of the things we see as a vendor of fraud protection tools is that the way online commerce is being conducted is changing. So increasingly it’s apps, it happens on a mobile phone, the amount of details that people are asked for is becoming as few as possible because they just want to have this really smooth sign up journey and it’s really easy but ordering journey too, you know buy a good or service and they want as few blocks as possible, they don’t want 3D Secure in there, they don’t want to add additional security questions, they don’t want you to remember a password. You know all those things that would be I guess security measures are designed out of the customer flow. I wonder if there’s anything in there that sort of shows that this is increasing the likelihood of fraud or at least to begin to manage fraud in a different way than trying to stop at the front door you’re trying to stop it somewhere further down the customer journey.
John: And that’s a really interesting question but I think it’s a bit too early to say because this is the first set of figures and I think most of it is reflected in the more traditional ways of committing fraud via the internet and through responding to emails and text messages and even telephone calls but that’s something we’d certainly be looking out for going forward to see whether that is an emerging problem.
Gerry: One thing, I mean some of the, I guess we didn’t really touch on some of the headline stats in that thing which were pretty startling. One of which was, is it natural to say that card fraud is the most common crime in the UK?
John: Yeah absolutely. Yeah, so when we first started with the crime survey back in the early 1980’s, there was real problems with burglary and with vehicle theft. They were at historically high levels in the mid-1990’s and that was the real focus of the police service in terms of working out how to target hard on vehicles, making it more difficult to break into homes. The police service worked very effectively with industry partners, local authorities and other agencies to really make it much harder to steal from vehicles and from homes and you know that’s been very effective in the last couple of decades and I think a similar drive is now needed with the cybercrime and fraud to drive it down in the same way as we have done with more traditional types of crime.
Gerry: And do you ever cross notes with your international colleagues in other countries seeing similar trends in the cybercrime? I know it’s not a uniquely British problem but is it more of a problem here than elsewhere? Or is this a global issue?
John: I think one of the unfortunate things is that there are very few countries that have come as far as we have in trying to develop statistics to give us a good picture on this. I mean, there are some exceptions. United States have done some good work as well and they’ve, like us, identified this as a much bigger problem than traditional crime types and other countries have been in contact with us to learn from our experience and hoping to repeat it in their country. So hopefully, we’ll get a much better global picture in the coming years.
Gerry: So that’s great John, I think that’s really interesting. I think we know that fraud’s going to be an ongoing problem, the more light that we can shine on it, it is going to be very important over the coming years and you know I think it is going to be, as you say, it’s going to be a cross-discipline effort to stop it from what we do, to what police do, to how merchants report it and those mechanisms need to come into play so we can actually try and tackle this problem properly.
John: Thank you.
Gerry: Okay, thank you!