We sit down with the owner of a UK fraud consultancy firm to discuss how fraud has changed over the years, why fraud has become so pervasive in the UK, and the role of organizations in protecting their customers from fraud attacks.
Despite very quickly reaching the rank of CID officer, you were with the police for a comparatively short time – just shy of eight years; what were the main reasons for you moving to the private sector?
My police career was short but busy. I became a CID officer within about three years, which is unusual, and worked in a very dynamic and young CID office. Fraud had always been my passion and the police were increasingly turning their back on it to focus on other priorities.
It was apparent at that time that people were disposing of their own cars and then making fraudulent insurance claims, and unfortunately, in many cases, it didn’t lead to prosecution, as the insurance companies were unable to detect it. I decided to take a risk and set up my own specialist fraud investigation business Taylor & Moore Investigations. At the time it was the first of its kind and within 18 months we had 22 people working for us and half the top 10 UK insurance companies as clients.
What specific experience from your years in the police best prepared you for the transition to work as a fraud investigator for insurance companies?
The business I set up was based on a good CID office. I began by intelligence gathering to understand how insurance fraud worked. I then produced a cost-effective system to detect and investigate insurance fraud. I built a whole training system based around what was needed, including criminal and insurance law. I also made great use of the intelligence we uncovered about those frauds. So, even back then we took a strategic approach of prevention, detection, containment, and analysis that is still used today by most of the industry.
Obviously, fraud investigation techniques have changed dramatically since you started in the ‘80s, but what were some of the major differences in how you approached fraud investigation in the police and in the private sector?
There are of course advantages in having a warrant card, a power of arrest, and the huge resources police have available.
As my specialism was interviewing that made my life much easier. I am not sure folks realise the extent to which suspects and witnesses clam up when talking to figures of authority like the police.
What about fraud investigation techniques in general, how have they changed over the years?
Interviews, data, and forensics in that order were the core of investigations at the time I left the police. Our business model was based on the same principles. The evolution of fraud and counter fraud has seen development in all three areas but particularly in data and forensics. A simple view is that the order in which they are relied upon has changed now to be data, forensics, and then interviews last.
Gathering intelligence is much easier nowadays because of the widespread use of the internet and the volume of data now routinely available to investigators. In some cases, the interview is still very much part of gathering evidence but can often just be there to make sure we are not making a mistake by giving the people involved the opportunity to explain things that look suspicious.
Fraud and fraud prevention has always been a hotly contested game of cat and mouse. Was there any period of history where the ‘game’ was more one-sided?
The numbers tell the story. When I started out, fraud was around 1% of all crime and we were definitely the cats and the criminals, the mice. That slowly changed around the year 2000. I believe the web enabling criminals to easily communicate with each other and reach targets within a much wider circle has been the main catalyst.
Another factor that fuelled the fire was policing in the UK and other countries had massive funding cuts whilst having to focus on other especially important stuff like terrorism, domestic violence, and grooming. Fraud is now running at 40% of all crime, much of it does not get reported so it is hard to claim anything other than that the criminals now have the upper hand. That will change but not any time soon.
The future of fraud and digital identity verification in the UK.
Technology is often regarded as a double-edged sword when it comes to fraud. What impact has the proliferation of technology had on the fraud landscape in the UK, and wider market? Is there a danger of ceding too much control, and outsourcing too much of the process to artificial intelligence?
When we introduce new technology, there tends to be three stages of adoption:
- Stage one: What can we do with this?
- Stage two: Can we make it safe?
- Stage three: Can we make sure it is legal?
Then it becomes a cycle of constant development and fixing things that we never quite catch up on.
You cannot efficiently deal with any volume of crime without technology. For example, you would not try to run a bank or any other business without it, and countering fraud is no exception. AI in some ways is just the latest standard, albeit like adding a turbo charger to an already fast car.
Routine process should go through automation wherever practical, and we should use all the tools available. The dangers come from ignoring people who can see it is not working properly, and we have to be objective enough to actually listen to accused people who say it was not working properly too. Hence the Post Office Scandal.
The biggest worry I have right now though is complacency around data accuracy. If the data is inaccurate or the AI poorly trained, then it will get things wrong. For me technology must be supervised rather than supervise important decisions.
The UK is often referred to as the fraud capital of Europe, why do you think this is? What changes do you think need to be implemented to address this?
In many ways illicit trade follows the same paths as legitimate trade. Although we are no longer part of the EU, the UK has for many decades been a hub and gateway to the EU for the US and other countries and vice versa. As the English language is also used across so many nations as a primary or secondary language, it is therefore familiar and a sort of lingua franca to many of those who commit crime.
It’s also important to recognize that as the UK was present in many other nations through trading, colonialism, and military conflict for hundreds of years, there is also a perception abroad that we are all wealthy as individuals and businesses.
This all makes the UK a target for overseas fraudsters, but we cannot ignore the reality that many fraudsters are based in the UK too. I often hear of us referred to as the butler to the world because of our involvement in laundering foreign wealth.
Organized fraud sits within three areas: white collar crime, organized cybercrime, and organized crime. The UK criminals are prolific in all three areas.
The changes needed are wholesale and we do at last seem to be making progress, but it will take time. What we need are:
- Consequences for committing fraud i.e. arrests and convictions.
- A long-term strategy ideally within education that encourages young people to stay away from cybercrime, and to know how to protect themselves from financial crime and risk.
- A focus on ethics and not just profit across government, public services, education, and the private sector.
- A way of confirming who people are and what age they are without having to submit documents like passports and driving licences.
What part does consumer awareness play in the fight against fraud?
Educating consumers as to the risks they face and how to protect themselves from fraud is a vital element of fraud prevention. Making people aware of what may happen and giving them clear advice helps. I am not convinced we do enough across the board to provide a remedy for them when an attempt is made, or a successful fraud occurs. However, this is only one side of the coin, organizations must also use technology to protect the consumer too.
Many attacks can be stopped through good anti-virus software, as well as good standards of multi-factor authentication. I foresee the day when all this functionality will automatically be included on every device sold. Look at cars for example. They all now have transponders, dead locks, and alarms built in. Car thefts are rising again right now but until recently they were reducing year on year having hit around a million thefts per annum in the 1990s.
How can organizations educate their customers on the dangers of fraud more effectively?
I would like to see some sort of reward system for those who thwart serious fraud attempts, such as authorised push payment. It could be monetary, or it could be some other benefit but to acknowledge that the consumer has done the right thing could go a long way to prevent fraud. With the banks being expected to compensate customers who lose money to fraud then the banks benefit from fraudsters not getting away with it rather than the consumer. No good deed, however, goes unpunished and there would inevitably be attempts to cheat any such system.
You deliver training in fraud prevention across a wide range of verticals, including insurance, banking, lending, online retail, workplace fraud, and organised cyber fraud, are there any similarities in fraud attacks across the industries, and conversely, what are the main differences?
The UK Fraud Act 2006 clearly sets out the main fraud offences and the way frauds can be committed happen across all industries. People like to give names to different types of fraud based on the method and the target. I understand that and do it too and it can help with statistics, data, and analysis. Despite there being hundred of categories of fraud, the reality is there are a only handful of ways that fraud is committed e.g. false representation, not disclosing information, obtaining services by deception, abuse of position, and making or supplying articles for use in fraud.
There are other financial crimes that come into play, such as bribery and corruption, money laundering, and theft, but most, if not all, frauds involve the above. The similarities far outweigh any specifics for different industries, which is why around 80% of the training I deliver is generic with the remainder being specific to the delegates taking part.
From my experience of working with prolific career fraudsters they commit fraud across the board. One person I interviewed about his life of crime committed card fraud, insurance fraud, bank fraud, benefits fraud, and tax fraud. That surely shows that the same methods are adapted across different sectors and that it is the same fraudsters targeting different sectors too.
How can organizations better protect themselves and their customers from the threat of fraud?
I have found that much like charity, protection from fraud and cybercrime starts at home. I have just worked with a client who has allowed me to train and educate all their staff on how fraud and cybercrime works, how they are at risk, and how to protect themselves from it. Get that done first and then they will automatically protect their organization and their customers in the same way. Feedback and engagement with the delegates has been tremendous. They were not just trained they changed what they do.
Learn more about the UK’s fraud landscape in an upcoming webinar with Peter and other thought leaders on May 21, 2024. More information can be found here.
If you’re interested in more insights from industry insiders and thought leaders from the world of fraud and fraud prevention, check out one of our interviews from our Spotlight Interview series below.
- Jinisha Bhatt, financial crime investigator
- Paul Stratton, ex-police officer and financial crime trainer
- Lloyd Emmerson, Director of Strategic Solutions at Cifas
- Or, discover all about the rise of social media fraud, and how one man almost lost a million euros to a pig butchering scam in our blog, ‘The rise of social media fraud: How one man almost lost it all.’
By
Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn