We sit down with the Director of Strategic Solutions at Cifas – the UK’s largest not-for-profit fraud prevention service – to discuss what changes the company would make to the UK’s fraud strategy, the importance of a whole-of-system solution to a whole-of-system problem and much more.
Beginning on a personal note, you seemed to have spent most of your career in fraud prevention in some capacity. What was it that first attracted you to the industry?
What attracted me to the fraud prevention community initially was the rewarding nature of keeping people safe and, more importantly, trying to stay one step ahead of an adversary that has no moral boundaries. Feeling like you have really made a difference to people’s lives at the end of each working day is what gets me out of bed in the mornings too.
Perhaps a good place to get into this is with the UK’s fraud strategy, released in 2023. Do you think the earmarked £100 million and 400 new specialist fraud officers is enough to help reduce fraud by 10% by 2025? How likely do you think it will be to achieve?
Fraud represents almost 40% of all crime in England and Wales and has more than doubled in Scotland over the past nine years. It’s the most prevalent crime in the UK that devastates individuals financially and emotionally, damages business reputations, and targets the public purse meaning wider communities miss out on critical resources and support.
While the publication of the government’s Fraud Strategy in 2023 was a positive first step, we must do more to turn the tide on the fraud epidemic sweeping the UK.
We want a future without fraud so welcome the additional investment and extra resources. However, we also recognize we can’t arrest our way out of the problem. The focus needs to be on prevention – that means clear focus on intelligence-led responses that go beyond traditional policing and builds on the premise of organizations working together.
What would you say are the most common forms of fraud (e.g. money mules, social engineering fraud) in the UK?
The latest data recorded by our 750-plus membership to the Cifas National Fraud Database (NFD) revealed that account takeover – where a criminal utilizes compromised personal data to hijack an existing account or product – rose by 13% in 2023 compared to 2022. Additionally, we saw a 5% increase in account abuse (often referred to as ‘misuse of facility’). Identity fraud also remained our most dominant case type, accounting for 64% of all 374,000-plus NFD cases.
Filings to the Cifas Insider Threat Database continued to increase and was up 14% in 2023 compared to the year before. Just under half of these (49%) related to dishonest action by employees.
UK Fraud Awareness Report 2024
On May 15, Cifas delivered its ‘Fraud Pledges 2024’ to Number 10 Downing Street. What areas of the government’s approach to tackling fraud do you think need to be improved? What was the reaction and have any next steps been agreed?
As our Cifas Fraud Pledges make clear, there is no silver bullet for tackling fraud. It is a whole-of-system problem requiring a whole-of-system solution. However, we think a good starting point for the next government would be to appoint a Minister for Economic Crime to drive proper cross-system leadership on this issue.
Beyond this, it is essential we invest properly in fraud policing and the criminal justice response as well as harness the capabilities of the private sector, through enhanced data-sharing, to disrupt fraud and financial crime and act as the first line of defense.
Cifas is advocating for social media companies to collaborate more to combat fraud. As social media fraud is such a huge arena, spanning almost every platform, from job search platforms to dating platforms, which parties do you think should be collaborating? And, as many platforms offer a very light-touch identity verification process, how important is it to ensure all users are required to undergo a thorough customer onboarding process?
No one sector can single-handedly tackle fraud. It is an issue which cuts through industries and across the public and private sectors. The only way we can tackle the problem is by breaking down cross-sector barriers, finding meaningful ways to collaborate, and sharing data and intelligence to ensure there is no weak link in the chain.
Additionally, it is essential that the biggest online platforms and services most abused by criminals join the counter-fraud community and multi-sector data-sharing initiatives, and including where appropriate, to ensure robust customer screening.
With most fraud in the UK happening online, across every medium and industry, how can people and companies best protect themselves?
At Cifas, our whole purpose is to eradicate fraud in the UK. To do so, we must build products and services that help organizations, and their customers fight economic crime and protect themselves against fraud.
We’re rolling out several preventative solutions to help businesses scale their counter-fraud efforts and keep people safe. One currently being developed is a consumer-based app that proactively protects consumers from identity fraud and puts them in complete control of their personal information, effectively making stolen data worthless. It’s in beta testing and on track to launch in 2025.
More generally, people and companies must work collaboratively to gain maximum protection against the threats of fraud because criminals will always find new ways to exploit weaknesses, particularly when they’re able to hide in relative anonymity online. We would always urge individuals and companies to stay vigilant and think if something seems too good to be true, it probably is.
What dangers does AI pose to UK’s fraud landscape? What steps can business, government and the local public take to weather the storm?
Technology and AI are going to be critical in how we deal with the threat posed by criminals’ use of AI and other technologies – it presents both opportunities and challenges to the UK’s fraud landscape.
Typically, criminals exploit weaknesses and rely on panic and urgency to get personal information and/or financial details. Both businesses and consumers should take a moment and challenge where a piece of communication has come from. Where possible, getting a second opinion is incredibly important and if something doesn’t look right, report it at the earliest opportunity.
Overall, eradicating fraud is not down to one individual, industry, the government or law enforcement – it’s a collective effort. Our mission at Cifas is to create the largest counter-fraud community that shares data, intelligence and knowledge – all of which can be used to create products and services that protect everyone. To do so, we want to be a central component of a new and more effective UK-wide, data-sharing architecture that unlocks cross-sector collaboration across the public, private and law enforcement domains.
How have fraud attacks changed over the last 20 years and how do you envision it changing in the next 20?
Today, you no longer need a complex piece of malware to trick a consumer into handing over key personal data. All that’s required is a mobile phone, a few vague details about an individual and some social engineering for an attack to be successful time and time again.
I feel that fraud will evolve with AI over the next 20 years in such that the AI component, whatever that may be, will automate a lot of the attack vectors we see today and make them even more scalable and lucrative for criminals to execute.
Again, it comes back to cross-sector collaboration – if we create the right data flows, safeguards, and frameworks to share real-time risk data, we can defeat fraud.
If you’re interested in more insights from industry insiders and thought leaders from the world of fraud and fraud prevention, check out one of our interviews from our Spotlight Interview series below.
- Jinisha Bhatt, financial crime investigator
- Paul Stratton, ex-police officer and financial crime trainer
- David Birch, global advisor and investor in digital financial services
By
Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn