Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Stemming the Tide: Older People and Mass Marketed Fraud George and Lennard Associates December 2014 1 Contents page Acknowledgements Key findings and recommendations 4 1. Introduction 9 2. Who is at risk and what is happening 11 3. Reporting and support 19 4. What action is being taken 25 References 47 2 Acknowledgements We would like to thank the numerous organisations and individuals interviewed for this report who assisted us with information and advice - most are cited in the report. However, it would be remiss of us if we did not mention in particular Professor Mark Button at the Centre for Counter Fraud Studies at the University of Portsmouth as well as representatives of the Trading Standards Institute and Action Fraud. Authors This work was carried out by George and Lennard Associates: namely Mike George, Professor Cosmo Graham, University of Leicester, and Linda Lennard. 3 Key findings and recommendations What is happening Mass market fraud (MMF) has become a serious and widespread domestic and global problem. Large numbers of people can be contacted on a massive scale by post, phone, text and online by fraudsters based here and in other countries. The types of mass marketed fraud that are taking place are highly varied. To name just some types of MMF: current frauds against consumers include account takeover, advance fee fraud, fake prize draws and lotteries, investment fraud and even fraud recovery fraud. The techniques used by fraudsters also vary and they are often quick to adapt – for example, to developments in products and policies, as well as changes in our use of communications, and to counter the efforts of enforcement authorities. Tactics used by fraudsters include befriending or `grooming’ potential victims and isolating them, and the use of seemingly professional documentation, official-looking websites, and sometimes threats and intimidation. Commercially and publicly available data is used to build up profiles of potential victims, including information from social media. Many are put on `suckers’ lists’ shared by fraudsters in the UK and elsewhere. Some fraud victims are targeted repeatedly. Who is at risk Fraud is a form of theft and we need to avoid implying that it is a game, or that victims are also to blame. The reality is that anyone can become a victim. Although research findings have highlighted the diversity of fraud victims, older people may be particularly targeted, often because it is assumed that they have more money available in their bank or on their card accounts than younger people. Moreover, the many older people who are on a fixed income and/or have long-term health problems may well find it especially difficult to `bounce back’ financially and in other ways. Although the effects vary, the impact can be highly damaging and longlasting for people’s physical and mental health, their relationships and finances. Older people and others may also be especially vulnerable and at risk at particular times because of personal circumstances such as financial pressures, social isolation, confusion or memory problems. However, people who consider themselves to be financially sophisticated can be vulnerable as well because of overconfidence. What is known about the extent of MMF and the experiences of victims is patchy. Although anyone can be affected, it appears that some types of fraud are specifically targeted. It is a matter of serious concern that some older people appear to be especially at risk of being targeted by certain types of fraud, such as mass mailings about prize draws and lotteries, with potentially devastating impacts for their lives. 4 Older people also appear to be particularly targeted by fraud involving bank and card account takeover, as well as `pension liberation’. Moreover, whilst younger people may be more likely to be at risk from online fraud, increasing numbers of older people are also likely to be vulnerable as more go online. What is known about the extent Past estimates of the total losses associated with mass-marketing fraud in the UK stood at around £3.5 billion. This is likely to be a serious under-estimate. The evidence base about MMF is fragmented and inadequate. Overall there is a striking lack of comprehensive, consistent and comparable data for the UK. This makes it extremely difficult to ascertain the true extent of the problem and to track changes over time. The issue of poor data is compounded by high levels of under-reporting. Research suggests that this is often due to self-blame and embarrassment on the part of victims or refusal to admit it has happened. In some instances victims may be unaware that fraud has taken place. But not nearly enough is known about why some people report fraud and others don’t. Reporting processes The effectiveness of existing reporting processes needs to be fully explored from the consumer standpoint, including levels of consumer awareness and factors regarding accessibility and ease of use particularly for people in vulnerable circumstances. The main channels for reporting fraud for consumers consist of Action Fraud (which is meant to provide a single point of contact), the police, and trading standards (TS) services via the Citizens Advice consumer service. If a customer reports a fraud on their bank or card account and the matter is resolved by the company, it can still be reported to Action Fraud. Banks share crime information bilaterally with the National Fraud Intelligence Bureau or pass data to Financial Fraud Action UK. Questions arise about how well these arrangements are working, including levels of consumer awareness and understanding of what to do in the event of fraud and what is likely to happen. If reporting processes are too complicated, then people drop out. Equally, more needs to be known about the effectiveness of what happens once fraud has been reported: including the recording and referrals arrangements of the Citizens Advice consumer service and trading standards services, of Action Fraud and police forces; and those of the banks and card companies. Questions also arise about how decisions are made about whether to investigate and prosecute fraud cases. It is vital that consumers are not discouraged from reporting fraud because they do not expect anything will happen as a result. What is being done and what needs to happen In terms of the overall legal framework, we have not identified significant gaps or omissions. But there are serious concerns about the resources available to the 5 relevant authorities and agencies for prevention, investigations and prosecutions, notably the police and trading standards services, and about how fraud is prioritised. It appears that, to some extent, the problem of mass marketed fraud is receiving greater attention from government departments, regulators, enforcement authorities, industry associations and consumer bodies than was previously the case. But, although there is more collaboration taking place between the various organisations involved, it is a complicated process to find out who is doing what and how well they are co-ordinating their efforts. Whilst there are a number of initiatives taking place to raise public awareness of MMF and to help people to protect themselves, much more needs to be known about what types of public campaigns work best and in what ways in order to inform future efforts. The effectiveness of current and future public awareness campaigns should be fully evaluated and lessons shared. It is crucially important that older people, particularly those who may be in vulnerable circumstances, are well-informed about how to spot fraud and avoid becoming a victim. This should be done using a wide range of methods to suit people’s needs. An important part of the message should be that this is happening to other people (and therefore not to be embarrassed if it happens to them). Consumers need clear and understandable information about what to do to report fraud, feedback about what happens next and why, together with signposting to other sources of help. The changes taking place how victims’ support services are commissioned in England and Wales raise concerns about the possible implications for consumers such as postcode lotteries, for example, regarding how fraud is prioritised and the quality of service across local areas. Appropriate support should also be available for older people and others who become victims of fraud to help them deal with the impact and to avoid becoming repeat victims. This is likely to require multi-agency partnership work, for example, involving older people’s social services, health professionals and trading standards services. In addition, it is clear a lot of attention is being paid to alerting consumers to online fraud, which is welcome. But this must not be at the expense of other types of fraud, such as through the mail or on the doorstep, which is likely to be particularly targeted at older people. Although some multi-agency initiatives are taking place, there is clearly scope for greater co-operation and partnership work to provide support and to help prevent people becoming fraud victims; for example, involving police and trading standards services, social services and care professionals, advice agencies, regulators and industry bodies. 6 In carrying out this research, we have been struck by the sheer inadequacy of official data about MMF and other types of fraud, and the patchy evidence base regarding the experiences of victims, including reporting processes. There is an urgent need for co-ordinated action to improve the evidence base, and to explore and share information about how to help people reduce their vulnerability and avoid becoming fraud victims as well as repeat victims. Recommendations 1. Urgent attention needs to be paid by policy-makers and investigation and enforcement authorities to the priorities and resources given to tackling mass marketed and other types of fraud against consumers, particularly regarding resources for the police and trading standards services. 2. There is a balance to be struck by trading standards services and other enforcement bodies regarding best use of resources in terms of prevention and disruption activities and prosecutions. However, if criminal offences are taking place, then there need to be some prosecutions and the potential deterrent effect should be taken into account. The role of the CMA in this area should be re-considered. There are concerns about the resources available to the National Scams Team and trading standards services to investigate and prosecute fraud offences so that they can build on their work and have more of an impact on the problem. 3. The effectiveness of current reporting arrangements for fraud should be examined from the consumer standpoint, including the interests of older consumers. This work should cover issues such as levels of consumer awareness, ease of use of reporting processes, recording and referral arrangements, and how decisions are taken regarding possible action. 4. The experiences of older people and other consumers need to be fully explored, including why some people are affected by fraud and how consumers can be supported and protected from fraud, particularly people who are in vulnerable circumstances. 5. The Home Office, BIS, Action Fraud, trading standards services and the police, regulators and other relevant bodies should collaborate and co-ordinate activities in this area as much as possible. This should include ensuring the provision of clear and understandable information about how to spot and report fraud and about sources of advice and support. Current and future public awareness initiatives should be properly evaluated and lessons shared. 6. Information about how to spot fraud and avoid becoming a victim needs to be widely available in a variety of formats and through a range of channels to meet the range of consumers’ needs. Particular attention should be paid to clarity and ease of use, such as having a clear and brief list of `handy hints’ for different situations. 7 7. All opportunities for collaboration should be explored to provide support for fraud victims, including multi-agency partnerships. These should include the involvement of social care and health professionals and others who are in direct regular contact with older people who may be especially at risk. 8. Action Fraud should consider changing its processes so that victims are asked whether they wish to opt out of a referral to victim support services, instead of the current opt-in. 9. The Home Office, ONS, Action Fraud, trading standards services, police services and other relevant bodies should collaborate to draw up an action plan to improve the comprehensiveness, quality and consistency of official data about MMF and other types of fraud; and of the broader knowledge base about the experiences of victims. 10. Urgent consideration should be given by policy-makers to making one organisation responsible for acting as a central source of knowledge and intelligence about MMF and other types of fraud against consumers, and to have a co-ordinating role; for example, to identify and help fill gaps in the evidence base, and to share lessons and information. 11. Banks and other financial institutions should review their processes to ensure that potential fraud against consumers is identified as early as possible and to alert and protect customers who are at risk. This should include regular training to ensure that staff are knowledgeable about how to identify customers at risk of fraud, and that staff have a good understanding of data protection legislation. Staff should also be trained to explain to customers why there are concerns, what is happening and what might happen in ways that are clear and understandable. and that take account of people’s needs and circumstances. 12. The Home Office should carry out a review of the effectiveness of links with overseas enforcement bodies in the EU and elsewhere, including consumer protection and criminal aspects. 13. Police and Crime Commissioners in England and Wales should ensure that fraud is a high priority when commissioning victims’ support services. The Home Office should establish national standards for these services to ensure consistency of priorities, quality and approach regardless of where people live, and also monitor the effectiveness of the new arrangements from the standpoint of fraud victims. 14. Research is needed to see what lessons can be obtained from approaches to tackling fraud in other countries, including enforcement and disruption strategies, multi-disciplinary programmes, and public awareness campaigns. 8 1. Introduction In these tough economic times, for a great many older people it’s hard enough to get by without being defrauded financially. However, fraud committed against individuals often seems to be regarded as less important and therefore not afforded sufficient attention and priority. This may be because it usually takes place in a private realm: through a phone call, letter, online or on the doorstep. Another factor can be the assumption that victims have themselves to blame. The reality is that fraud is a form of theft and financial abuse, and anyone can become a victim, including people who consider themselves to be financially sophisticated. The impact for victims varies but the consequences of fraud can be severe and long-lasting and affect people’s physical and mental health, their relationships and financial resilience. This report focuses on mass marketed fraud (MMF) and the implications for older people. MMF is rapidly becoming a serious and enduring problem on a global level, affecting very large numbers of people in the UK and elsewhere. MMF involves fraud that is carried by post, phone, text and online by fraudsters based here and in other countries through a seemingly ever-widening range of tactics and techniques. As set out in the accompanying evidence review, the inadequacy of the evidence base on the prevalence of mass marketed and other types of fraud is striking and a matter of serious concern. This makes it extremely difficult to ascertain the true extent of fraud being committed against individuals in the UK and to track changes over time. The research also highlights the lack of comprehensive and up-to-date evidence about fraud victims, why some people are affected and others are not, and the reasons why some fraud is reported but much goes unreported. Consequently, trying to ascertain to what extent older people are affected by mass marketed fraud has been a challenging task. It is also crucial to avoid assumptions that older people are by definition vulnerable, and indeed research findings and interviews carried out for this report highlight the diversity of fraud victims. But it is clear that older people are particularly targeted for certain types of fraud. Moreover, some older people are likely to be especially targeted – often repeatedly – perhaps because it is assumed that they have money available or due to personal circumstances. Dealing with the impact of fraud may also be particularly difficult for the many older people on fixed incomes and/or with long-term health problems. The findings show that more attention is being paid to tackling fraud against individuals and there are welcome moves to improve collaboration between relevant agencies and authorities. However, as well as highlighting the urgent need for improvements in official data and the overall evidence base, the findings raise serious questions about the priorities and resources available to prevent fraud and to 9 protect people from becoming repeat victims. The report also underlines the need for adequate support for victims, including multi-agency collaboration. The methodology for this report consisted of a combination of desk research and interviews with a wide range of organisations and experts. Due to the complexity of the subject matter, the inadequacy of the evidence base and time constraints, we cannot claim that this is a completely comprehensive account of mass marketed fraud across the UK and of the implications for older people. However, we are confident of the validity of the findings and that the report gives an accurate as possible reflection of the situation. This report is accompanied by a broader evidence review on fraud and older people: Only the tip of the iceberg: evidence review, 2015, Age UK. 10 2. Who is at risk and what is happening Mass marketed fraud (MMF) involves unsolicited contact by email, letter, phone or adverts, with the intention to defraud, for example, through false promises of cash prizes, or goods or services in exchange for upfront fees.1 There is general agreement that the problem of mass marketed fraud (MMF) is growing and spreading through myriad methods, tactics and techniques. Changes in how society operates and, in particular, developments in communications, have enabled ‘multiple opportunities for frauds to be perpetrated on an industrial scale’ and `created daily risks of victimisation to many people who previously would have been rarely openly targeted’2. Who is at risk The short answer to this question is that anyone is at risk of being targeted by fraudsters and becoming a victim. Although the evidence base is limited and in some respects out-of date, research findings have shown that victims of fraud are diverse, including those who are young, educated and professional as well as people who are older and more vulnerable.3 As discussed in the Age UK evidence review on fraud, working out who is at most risk can be a complex matter. This is due to the inadequacy of official data, different definitions and data recording practices used by relevant official and other agencies, and limited research evidence about victims’ situations and experiences. Obtaining a comprehensive and accurate picture is also made more challenging because of high levels of under-reporting of fraud by victims. According to a recent article on online fraud: “There has been a paucity of research over why victims fall for scams based on contact with actual victims, and victims of fraud in general have been neglected by researchers in comparison with other crime victims (our emphasis).”4 It is important to avoid stereotyping by simply assuming that older people are by definition more at risk of fraud and more vulnerable than others in the population. However, the many older people who are on a fixed income and/or have long-term health problems may well find it particularly difficult to deal with the financial and other impacts of fraud.5 Although the impact varies, the effects for people’s physical and mental health, their relationships and finances can be severe and long-lasting. Nevertheless, from our research for this report and the accompanying evidence review it does appear that some types of MMF are especially targeted at older people, such as fraud aimed at bank and card account takeover or `pension liberation’. This may be because, for example, fraudsters assume that they are likely 11 to have more money available in their bank or on their card accounts than younger people. It is also a matter of serious concern that some older people are especially at risk of being targeted by certain types of fraud, such as mass mailings about prize draws and lotteries, with potentially devastating impacts for their lives. Older people and others may be especially vulnerable at particular times because of personal circumstances such as financial pressures, social isolation, cognitive impairments.6 According to ThinkJessica: `Chronic victims refuse to believe they are being scammed and spend most of their time reading sorting and replying to scams. The scam mail knits together and forms a delusional world that becomes a victim's reality. This type of victim will shun all help and advice. Sometimes clairvoyant scammers turn the victim against their families.’7 However, it is important to recognise that people who consider themselves to be financially sophisticated can also be vulnerable, for example, because of overconfidence. One of the findings from recent FCA research on investment fraud is that the more financially sophisticated a person is, the more likely they are to become a victim of investment fraud, highlighting the sophistication of fraudsters’ techniques.8 Moreover `Discerning a fraud from a legitimate investment opportunity is not a simple process’, according to the FCA research findings.9 In addition, whilst younger people are currently more likely to be at risk from online fraud, increasing numbers of older people are likely to be potentially affected by these types of fraud as more go online. People who are new to online communications may also be more at risk if they do not use up-to-date protection tools to guard against fraud attempts. Other recent survey data include the results of an online poll for the British Bankers’ Association (BBA). The research asked that, if phoned by their bank due to an alleged severe security breach on their account, whether people considered it would be safe to divulge personal details, give their card to a courier, or transfer money to another account allocated by their bank. On the basis of this research, the BBA estimated that in Britain:i 8 million people are vulnerable to “vishing” or voice phishing 4 million might transfer money into another supposed “safe” account if instructed i i All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 2034 adults, of which 2029 were bank account holders. Fieldwork was undertaken between 26th - 28th September 2014. The survey was carried out online. The figures have been weighted and are representative of all GB adults (aged 18+). The population figures in the release were calculated by BBA using the data for the GB population aged 18 and above (Total: 49,103,873). Annual Mid-Year Population Estimates for the UK, Office for National Statistics, 2014. 12 3 million could be willing to carry out “test transactions” online 1.7 million would pass their bank card over to a courier on their doorstep if they carried some form of ID card A particular point of interest is that the findings showed that older people are less likely than younger people to go along with such requests: 44% of those aged 55+ said they would not agree to any of these types of requests compared to 23% of those aged 25-34. * HM Revenue and Customs (HMRC) is warning taxpayers to be on their guard against fraudulent phishing emails, after almost 75,000 fake emails were reported over the last six months. Some 74,743 scam emails were reported to HMRC’s dedicated phishing email account between April and September – a 70% increase on the same period in 2013. The emails promise a tax refund and often ask for personal and financial details that can then be used to steal money from their bank account. Their details may also be sold on to other criminal gangs, which can lead to identity theft.10 Types of fraud and tactics The types of mass marketed fraud being perpetrated on individual consumers are numerous and constantly changing. Current frauds against consumers include fake prize draws and lotteries, inheritance fraud, investment fraud, bank account takeover, and fraud recovery fraud. (See, for example, Only the Tip of the Iceberg: evidence review, Age UK; and the Action Fraud website11.) Fraudsters’ techniques often change rapidly in order to exploit official announcements, including setting up seemingly legitimate websites, and to counter the efforts of enforcement authorities. For example, one area of emerging concern relates to `pension liberation’ fraud.12 From April 2015, most people will be able to take out all their pension savings in cash once they reach 55. There is a risk that some people could be deceived into cashing in their pensions early, through emails, mass texting or cold calls. For most people, the offers will be bogus and victims will lose most, if not all, of their savings according to the Pensions Regulator.13 (The government is setting up a free guidance service and, at the time of writing, the Treasury had announced plans for legislation to underpin the guidance, including an amendment that will make imitation of the guidance service a criminal offence14.) Scammers cashing-in on Green Deal `The Government’s flagship energy efficiency scheme is at risk of being undermined by scammers trying to make a quick buck, reveals new evidence from Citizens Advice. Seven in 10 consumer queries to Citizens Advice about Green Deal are about scams. More than half of people caught out by these scams are contacted out of the blue, either over the phone or by door to door 13 sales, and offered thousands of pounds worth of home improvements for free. New analysis from Citizens Advice finds people are losing up to £500 after paying a fee for an assessment that never goes ahead or, if it does, the company then doesn’t get in touch to do the work.’15 As has been pointed out elsewhere, many frauds use a mix of methods including the internet.16 Consequently, trying to separate types of fraud from the methods and tactics used by fraudsters can be tricky. The latter can include for example: Phishing: use of bogus emails and texts that purport to come from organisations such as banks or government departments. Consumers’ online security information may then be accessed through fake links included in the message thus enabling fraudsters to take over someone’s bank account for example. Vishing: when fraudsters obtain someone’s personal details by phone. For instance, the fraudster may claim to be from a bank, card company or the police and allege that the consumer’s credit or debit card needs to be collected because of fraud. A courier is sent to collect the card, which is then delivered to the fraudster along with the person’s security details thereby enabling fraud on their account. Malware: sending of malicious software designed to disrupt someone’s computer and possibly to collect information that can be used to commit fraud. `HM Revenue and Customs (HMRC) is warning taxpayers to be on their guard against fraudulent phishing emails, after almost 75,000 fake emails were reported over the last six months. Some 74,743 scam emails were reported to HMRC’s dedicated phishing email account between April and September – a 70% increase on the same period in 2013. The emails promise a tax refund and often ask for personal and financial details that can then be used to steal money from their bank account. Their details may also be sold on to other criminal gangs, which can lead to identity theft’.17 Fraudsters are frequently based in other countries and may well be operating globally. Methods used can involve mass attempts aimed at very large numbers of people with the expectation that some will respond. The fraudsters may employ complicated processes to evade being caught, such as using email accounts that are difficult to trace or re-routing phone calls across international networks. As well as mass attempts, some types of fraud are specifically targeted at certain people. Fraudsters use a range of ways to profile potential victims, including obtaining information from commercially or publicly available directories and marketing databases, and from social media. Some people end up on so-called ‘suckers lists’ as people who are likely to be especially vulnerable to fraud, possibly after responding only once to a fraudster. These lists are often shared/sold on 14 between fraudsters based in the UK and in other countries, with victims being subjected to repeated fraud attempts. According to research regarding online fraud, tactics used by fraudsters include: diversity: each scam may be tailored to a particular type of victim small amounts of money and mass targeting: large numbers of people are targeted to elicit smaller sums of money authority and legitimacy: for example, professional-looking website and documentation visceral appeals: appeals to needs and emotions such as financial gain embarrassing frauds: for example, dating frauds pressure and coercion: use of threats, time pressure, repeated bombardment, and suggestions that the activity was not legal to prevent reporting grooming: for instance, starting with smaller amounts of money before escalating fraud at a distance: for instance, through the phone or online, making it difficult to confront and/or contact the offender, and it may also impede enforcement intervention.18 Tactics used by fraudsters can often include befriending or `grooming’ potential victims as well as threats and intimidation. Fraudsters may also seek to exploit people’s trust of authority by making a fraud appear to be a legitimate offer from a reputable business or official institution.19 (Detailed research findings on fraud, including fraudsters’ tactics and victims’ experiences, can be found on the website of the Centre for Counter Fraud Studies, University of Portsmouth20.) Investment fraud may be carried out using mass marketed methods, for example, online or via the telephone as well as through other methods. Research for the FCA in 2014 showed that investment fraud frequently involves the appearance of professionalism such as high quality documentation, well-presented sales people, and the use of products that appear topical and interesting.21 Investment fraudsters may seek to build friendship and trust, and make victims feel indebted to them, as well seeking to isolate them from their own networks, according to these findings. Moreover, the more financially sophisticated a person is, the more likely they are to become a victim of investment fraud, highlighting the sophistication of fraudsters’ techniques.22 Findings from other research for the FCA on investment also concluded that it is not possible to protect yourself against investment fraud simply by educating yourself on financial matters: `Discerning a fraud from a legitimate investment opportunity is not a simple process.’ 23 15 What is known about the extent It is extremely difficult to obtain a comprehensive and up-to-date picture of the prevalence of mass marketed fraud, which is also the case with other types of fraud. This issue is explored in more detailed in the accompanying evidence review on fraud (Only the tip of the iceberg: evidence review, 2015, Age UK). An estimate of the total losses associated with mass marketing fraud in the UK by the former National Fraud Authority stood at £3.5 billion.24 This figure had previously been put forward in a report on mass marketed scams published by the Office of Fair Trading in 2006, which estimated that UK consumers lose about £3.5 billion to scams each year.25 The figure is likely to be a serious under-estimate according to a number of interviewees for this report. The issue of poor data is compounded by high levels of under-reporting. Research suggests that this is often due to self-blame and embarrassment on the part of victims or refusal to admit it has happened. In some instances victims may be unaware that fraud has taken place. But not nearly enough is known about why some people report fraud and others don’t. Mass marketed fraud was included in a focus on property crime by the Office of National Statistics, whereby the 2011/12 Crime and Justice Survey in England and Wales (CSEW) asked respondents if they had personally received any emails, texts, letters or phone calls from an individual or a company they have never heard of before that might have involved a request for money.26 The results showed that: 56% of respondents had received an unsolicited communication in the previous 12 months; only a very small percentage actually fell victim those receiving unsolicited communications were more likely to be aged between 25 to 44; highest rates of receipt were found among those aged 25-34 (63%) and 35-44 (61%). Those aged 75 and over were less likely to receive such communications (40%). of those who had used the internet in the last 12 months, 62% had received an unsolicited communication compared with 37% of adults who had not used the internet in the last 12 months. Less than 1% of adults who received either a communication involving a lottery, guaranteed high investment return or romance fraud, sent or transferred money. However, as the ONS noted, the number of victims is too small to produce any reliable estimates of the scale of victimisation, and these may represent underestimates as some victims may have been too embarrassed to disclose this information.27 Other limitations of this data on MMF have been pointed out elsewhere in an article on online frauds. For example, it seems that the scenarios presented to interviewees did not reflect the full diversity of this type of fraud.28 Also the survey did not account for people who became victims through searching on the internet for products and services, as opposed to those targeted by unsolicited communications: 16 `At best the results should be treated as a barometer of some of the most popular scams perpetrated’.29 More generally, fraud is not included in the main CSEW crime estimates published by ONS. However, the CSEW includes supplementary modules of questions on victimisation across a range of fraud and cyber-crime offences, including plastic card and bank/building society fraud. But these are currently reported separately from the headline crime estimates.30 The 2013/14 CSEW findings showed that 5.1% of plastic card owners were victims of card fraud in the previous year, with a statistically significant rise from the 4.6% estimated in the previous CSEW. According to the ONS: `The current increased level of victimisation remains higher than more established offences such as theft from the person and ‘other’ theft of personal property (1.1% and 1.9% respectively)’.31 Separate analysis by the ONS (based on the 2012/13 CSEW) showed that together, plastic card fraud and bank and building society fraud could have contributed between 3.6 and 3.8 million incidents of crime to the total number of CSEW crimes in this survey year. These numbers provide an approximate indication of the scale of these offences that are not covered in the ONS headline estimates each year. However, according to the ONS, these are based on some simple assumptions given the current absence of data on the number of times respondents fell victim within the crime reference period.32 The ONS is currently exploring the feasibility of extending the main victimisation module in the CSEW to cover elements of fraud and cybercrime. This work is expected to run throughout most of 2014 with the aim of questions being implemented in the 2015/16 questionnaire.33 Obviously it remains to be seen to what extent this work will serve to capture significantly more information about the extent of MMF and other types of fraud against individuals. Key concerns It is clear that mass market fraud (MMF) has become an ever-increasing problem, affecting very large numbers of people including many older people. The types of mass marketed fraud that are taking place are impossible to list in full and often rapidly adapt to new developments. The methods used by fraudsters can involve mass attempts, for example, via online channels. Victims are also targeted by building up personal profiles, through befriending and/or seeking to isolate victims, and the use of professional-looking documentation, fake websites, and sometimes coercion. Some fraud victims are targeted repeatedly with potentially severe effects for their health and well-being. Anyone can be a victim including people who consider they are financially astute. It is a matter of concern that some older people may be particularly targeted by certain 17 types of fraud, and/or because of personal factors such as financial pressures, social isolation, or cognitive impairment. In addition, more older people are likely to be vulnerable to MMF as more go online. The inadequacy of official data and the wider evidence base is extremely concerning. Similarly concerns arise about the seemingly high level of underreporting. Not nearly enough is known about why some people are vulnerable to fraud, and why some report fraud and others do not. 18 3. Reporting and support Reporting processes If a consumer thinks that they are a victim of a fraud, or are concerned that a fraud is taking place, it is essential that they know how to report it and who to contact. The channels for doing so consist of Action Fraud UK, local police, and local trading standards departments via the Citizens Advice consumer service. Action Fraud Action Fraud is the UK’s national fraud and internet crime reporting centre, based at the City of London Police. Its website advises that Action Fraud should be the first point of contact if someone has been a victim of fraud.34 This can be done using its online reporting tool or on the phone. There is also a service for carers to report scams on behalf of a vulnerable victim (the victim must be under 17, or have a mental health problem or learning difficulty, or a physical disability). However, people are also free to contact their local police direct if they choose to do so. Reports made via Action Fraud are passed to the National Fraud Intelligence Bureau (also based at the City of London Police), where the content is analysed to determine if there are other reports concerning the same suspect(s) and if there is an opportunity for the crime to be investigated by a UK Police force. If the report exhibits viable lines of enquiry it is sent to the relevant local police force for possible investigation. This depends on whether the suspect is likely to be traceable and there is an opportunity for enforcement. In addition, reports are passed on if it is considered that it would be preferable or appropriate for local police to provide a service to the victim, for example, if the person is very distressed and unable to provide a full account of what happened.ii People are routinely notified by Action Fraud if a report is passed on to a local police force, and given their contact details. However, not all fraud reports are investigated by local police forces as much depends on their resources and priorities. Action Fraud changed its processes in May 2014 so that people are also notified in situations where it has decided not to pass on the report to a local police force (normally 28 days later). In these circumstances, people are informed that the report could not be placed with local police at this point in time but that this may change in the future. Action Fraud passes on the reports it receives to the National Fraud Intelligence Bureau, and these are put together with other intelligence about fraud, which can lead to subsequent action. The police in Scotland are not currently part of Action Fraud. However, Action Fraud does not make a distinction between fraud reports it receives as long as there is a ii Telephone interview with National Fraud Intelligence Bureau, 13 November 2014 19 UK aspect. If it appears that an offender is based in Scotland, for example, Action Fraud will notify Scottish police. It is understood that Action Fraud is looking at how its service and communications with the public can be improved to achieve a better understanding of what can and can’t be done. This is welcome as it is crucial that everyone who calls Action Fraud is routinely sent a clear and easily understandable response that explains what is happening: either that a report has been sent to a local police force; or that it was not possible to do so at the present time but their information will be kept `live’ and may be followed up in future. Callers should also be signposted to other possible sources of information and advice. Citizens Advice consumer service and Trading Standards The Citizens Advice consumer service provides confidential and impartial advice on consumer issues across the UK, including advice for consumers who have lost money because of a fraud or scam. The service has an agreement with the Trading Standards services to help consumers to report a problem to them. People can contact the consumer service by phone or online by completing a webform. The service’s website also advises people to contact Action Fraud if they have been targeted by a scam or know someone who has been targeted. If someone contacts their local Citizens Advice bureau for advice about a potential fraud, they may be signposted to contact the national consumer service. The service advises anyone who has lost money because of a scam to get in contact as the information can be used by Trading Standards services to help stop other people from becoming victims. The consumer service advisers undergo intensive training to spot key triggers in conversations with clients in order to identify potential criminal activity and how to elicit further information if it is required. The advisers will assess the information provided by callers and work out whether to pass it on to Trading Standards. (In some situations, more than one local TS may need to be alerted.) Trading Standards departments are sent details of all issues reported by consumers and, in some cases, Trading Standards may be able to help and will contact the consumer directly if this is the case. The information provided by callers may be passed on to other bodies as well as Trading Standards with the powers to take action against the trader. In some instances, consumer service advisers may also signpost clients to contact Action Fraud and/or other organisations such as Age UK and the Samaritans for further support. Where it is clear that someone is calling from somewhere in Scotland, the service would normally route them to its Scottish call centre where advisers have an affinity 20 with Scottish consumers. The centre operates in the same way as other parts of the consumer service. When local trading standards departments receive a referral from the Citizens Advice consumer service, they decide what action if any to take depending on local priorities and resources. Cases where criminality is suspected or where `vulnerable consumers’ are involved are likely to be high on their priority lists. Local trading standards can also decide to refer to and work in partnership with the police but this depends on local relationships. However, it should be noted that budget cuts are restricting the ability of many trading standards departments to investigate. According to a recent survey, by 2016 most trading standards services in England and Wales will have been cut by an average of 40% since 2010.35 The level of cuts to individual services varies widely but several authorities anticipate their budgets will be more than halved. ONS fraud statistics for England and Wales do not include trading standards prosecutions. However, the TSI National Scams Team are currently working on this issue at a national level. Banks and card companies If a customer calls their bank or card company to report a fraud on their account and the matter is resolved by the company (for example, where the customer’s account is reimbursed), it can still be reported to Action Fraud. Customers should report all suspected fraud to Action Fraud, according to the BBA. Banks share crime information bilaterally with the National Fraud Intelligence Bureau (NFIB), or pass data to Financial Fraud Action UK (as part of an industry arrangement that takes bulk fraud data from banks and shares regularly on their behalf with the NFIB). Under-reporting As set out in the accompanying evidence review, much of fraud against individuals is not reported to the relevant authorities. This was confirmed to us by many interviewees for this report. Again the evidence base about levels of unreporting is inadequate. There are some findings from research carried out for the former National Fraud Authority in 2009, which found that mass marketing fraud often goes unreported. 36 Embarrassment about being a victim was identified as a key factor. Or people may feel the financial loss is too low to take the matter further and/or they do not expect to receive much response from statutory authorities. In some situations, people may not know that what happened involved fraud. The House of Commons Home Affairs Committee report on e-crime expressed concern about the frequent failure to report low level fraud on bank accounts and about reporting processes: 21 “We are very concerned that there appears to be a 'black hole' where low-level ecrime is committed with impunity. Criminals who defraud victims of a small amount of money are often not reported to or investigated by law enforcement and banks simply reimburse victims. Criminals who commit a high volume of low level fraud can still make huge profits. Banks must be required to report all ecrime fraud to law enforcement and log details of where attacks come from.” 37 “Current recording practises are inadequate to give an accurate picture of the extent to which reported crime is committed over the internet. We recommend the introduction of an additional field on crime reporting forms to indicate whether or not there was digital evidence relating to a crime. This would help the police to understand the extent of the problem they were facing and to make sure they have the appropriate resources in place.” Other support Some of the support arrangements for victims of fraud include the following, as well as the advice that is available from Citizens Advice Bureaux and other advice agencies: Victim Support People who report a fraud to Action Fraud are offered the option of having their details passed on to Victim Support. Those who do so are then contacted by someone from the charity and offered free and confidential emotional support and practical help.38 Fraud offences are one of the priorities of the Victim Support service and people are contacted within 48 hours when referred by Action Fraud by phone and/or in person. After an initial assessment, the type and duration of support provided depends on individual needs and circumstances, and can include practical advice to help people protect themselves from fraud in future. Some situations require the involvement of other services such as social services. Fraud is a growing area for Victim Support and, as a result, it has developed a toolkit for its volunteer advisers on economic crime, which includes potential impact on victims, practical steps to be considered, and a checklist/action plan. Between October 2014 and April 2015, the majority of support services for victims of crime will be commissioned and provided at a local level by Police and Crime Commissioners (PCCs).39 MIND is calling for PCCs to prioritise mental health so that local victims' services work for people with mental health problems.40 ThinkJessica The ThinkJessica organisation was set up to help protect older and vulnerable people from fraud attempts that arrive via the post and by telephone.41 It is 22 campaigning for greater awareness of the difficulties faced by people who have what is described as `Jessica Scam Syndrome’: where someone is a chronic fraud victim but denies or refuses to accept they are being defrauded, for example, because of mental health problems, loneliness or gambling addiction. The charity’s experience is that relatives and carers can find it very difficult to intervene, and it is calling for `Jessica Scam Syndrome’ to be recognised as a condition whereby the victims can be separated from the criminals. The aim is to enable this to happen by means of the person’s mail being redirected to a trusted person and their phone number changed. Another important element is for the provision of counselling and support to overcome social isolation. Financial Ombudsman Service (FOS) The role of the FOS is to sort out individual complaints between consumers and businesses providing financial services in or from the UK. People aged 65+ comprise the largest group of consumers in terms of age who complain to FOS, referring more than a quarter of the cases resolved during 2013/14.42 Complaints received by the Ombudsman include those relating to disputed transactions, which may involve fraud or suspected fraud. Typically, these will involve transactions that a consumer says were made by a third party who has obtained their card or payment details. In some cases, the business accepts this but is unwilling to refund the money, for instance, because it asserts that the consumer has been careless with their card or has breached the account terms and conditions. Or the bank may insist that the consumer authorised the transactions or made them themselves. The role of FOS is to establish the most likely sequence of events using available evidence, which can include police reports, bank statements, electronic records, and information about the firm’s security procedures.43 The Ombudsman receives around 80-100 new complaints about fraud each week across all banking products. This figure has broadly remained the same over the course of the last year but the types of fraud vary. In general the majority are about debit or credit cards which the consumer believes has been compromised in some way. FOS has noted an increase in complaints relating to`vishing’ or `courier fraud’, as well as continuing complaints about identity fraud (where bank accounts or credit cards are set up in other people’s names), and have been working closely with financial firms to share knowledge, insight and the approach used when dealing with complaints of this nature. Alzheimer’s Society Alzheimer’s Society has published a charter on dementia-friendly financial services, which is aimed at improving the customer experience of people living with dementia when dealing with financial service organisations (produced in conjunction with the Lloyds Banking Group).44 23 This includes a section on fraud that explains how fraud prevention measures can create a significant barrier in enabling access to their funds and account information for someone with dementia who is still able to make informed financial decisions. Fraud prevention methods can also make life difficult for carers and attorneys trying to manage money on the customer’s behalf. The charter does not require that fraud prevention methods are removed. Instead, it commits the financial institutions who sign up to exploring alternative fraud prevention methods that may allow access while still providing security. Key concerns Far more needs to be known about levels of consumer awareness and understanding about what to do if they are targeted by fraudsters or spot a fraud taking place. Similarly, more information is needed about consumers’ experiences and views of reporting arrangements in order to see where changes are required. This includes signposting and referrals - it is critically important that people are not put off by being referred on. Equally, more needs to be known about the effectiveness of what happens once fraud has been reported, including information and feedback for consumers; the consistency and comprehensiveness of data recording; and how well the relevant bodies are working together. In addition, questions need to be addressed about the adequacy of the resources and priorities given to tackling fraud against individuals. It is vital that fraud victims have access to appropriate support when they report a fraud and to deal with any subsequent impact. For example, some people may need help in recalling and corroborating what happened if they have cognitive impairments for example, or require help in providing a clear account. This underlines the need for partnership work including not only the bodies involved in reporting processes but also other relevant organisations and experts, such as adult social care services, mental health services and voluntary organisations. A related question is whether victims who contact Action Fraud should be given the choice of opting-out of a referral to victim support services instead of the existing opt-in. Although these issues are beyond the remit of this report, it is necessary to highlight concerns about the effects of cuts in social care budgets and reductions in access to these services, and of changes in the way that victims’ support services are commissioned in England and Wales. These developments are likely to have significant implications for people’s access to support services if they are targeted by fraudsters or have been victims. 24 4. What action is being taken The police and the Fraud Act The lead body for police activity in this area is the City of London Police which hosts the National Fraud Intelligence Bureau (NFIB) and Action Fraud. Currently the service receives 20,000 crimes and 15,000 information reports each month. The system used to analyse these reports is similar to those used by the HMRC and banks. All reports of crime are analysed to identify common features with other reports of fraud and data from other partners. They are then placed within a workflow that permits them to be prioritised and assessed by a member of the NFIB staff. A decision will be made whether or not to allocate it to enforcement or disruption activity, or whether the police need help from abroad. Reports may come in from police forces or from individuals affected fraud or third parties representing the individuals.iii In circumstances where the suspect is believed to be local the appropriate police force may make initial enquiries themselves before recording the matter on Action Fraud. If the case does not require immediate inquiries, then they will refer the case to Action Fraud. Allocation to an individual police force is on the basis of five principles: 1. The police force area covering the location of the fraudulent operation/suspect‘s address or for business related fraud the office address of the employee or if no office address, the Head Office of the company. 2. The police force area with the greatest number of individual usages or offences. 3. The police force area where the first offence was committed. 4. The police force area where the victim resides or works. 5. In the unlikely event that it is impossible to determine a Force Area using these principles the NFIB will determine a Force Area. Enforcement also includes referring cases to trading standards partly because not all the cases are fraudulent but may involve poor business practices, for example, a delay in sending the goods ordered. It appears from our discussions that there are good links between the NFIB and trading standards nationally, as well as between the Metropolitan Police and the National Trading Standards Scams Team. In addition to investigating reports of fraud the NFIB and territorial police forces will often attempt to disrupt criminals. It is often difficult to know precisely who is iii Police Scotland is not currently part of Action Fraud. However, where a crime is believed to have occurred in Scotland it will be allocated to them and, should a person who resides in Scotland choose to report via Action Fraud, a report will be taken and handled in the same manner as a report from a person who lives in England and Wales. Fraud in Scotland is prosecuted under the common law which contains a wide offence of fraud: https://www.fraudadvisorypanel.org/pdf_show_197.pdf?id=197 25 committing the fraud and whether or not they are within this jurisdiction. The fraudsters, however, tend to act through other companies, for example, they may need a bank account or a PayPal account in order to receive payments. Most companies have terms in their contracts saying that their services cannot be used in aid of criminality. If fraud can be shown, then companies might stop dealing with these clients. So, for example, the Metropolitan Police have spent some time working with the Royal Mail to try and develop a protocol for dealing with possible scam mail (see below). The Metropolitan Police have also been working with the banks regarding ways of alerting the police or the TS National Scams Team when there is suspicious activity on an account. For example, if someone aged 70+ applies for more than one cheque book in a month, this may suggest they are making multiple payments to fraudsters. An example of disruptive activity is the seizure of letters that had entered the country through Heathrow as cargo before being placed within the mail systems. This was done in liaison with the Heathrow Mail Practice Team, part of the UK Border Agency but it appears to have been, at least initially, a matter of individual initiative, rather than a policy decision. As well as the disruption this activity caused, the police were able to liaise with the US Federal Trade Commission which prosecuted some of the offenders.45 One of the problems with enforcement is the sheer volume of activity combined with fraud being the poor relation in comparison with crimes of violence and acquisitive crimes. Police forces are directed to deal with these two categories rather than fraud. It has been suggested in recent research that, although the number of police resources dedicated to investigating fraud is not as small as perhaps had been thought, it is still too small given the scale of the problem.46 This need not necessarily be the case. For example, the Metropolitan Police have a dedicated fraud unit, FALCON, which covers the entire range of fraud offences. Within this unit is a group, Operation Sterling, who focus on the prevention of low level fraud. In addition, we were told that the Metropolitan Police are recruiting an additional 400 officers who will be allocated to the investigation of low level fraud, split across four sites in London. Issues also arise around the soundness of evidence. For example, a common problem is that a consumer is given a false representation verbally but the written documents say something different which is not deceptive. The problem here may be in showing that all the victims have the same recollection. In 2013, the National Cyber Crime Unit (NCCU) began operating within the National Crime Agency (NCA). Half of the NCA’s officers are being trained to become digital investigators who can work alongside and support existing NCCU specialists. Cyber crime training is also being carried out across police forces, and regional cyber operations are being expanded. 26 Overseas offenders Where the content of a report or collection of reports appears not to offer an opportunity for allocation to a force in the UK because the suspect is believed to be overseas, consideration is given to the creation of a request to the appropriate foreign jurisdiction. Such requests are passed to Interpol via the National Crime Agency. Where it is proportionate, Action Fraud will seek the assistance of other jurisdictions, either by making a general request for Intelligence or by passing the matter to a police force (most likely on a victim basis) and suggesting that they consider and International Letter of Request (ILOR). However, these require the support of the Crown Prosecution Service and consequently are generally only issued where it is considered likely that a prosecution can be achieved. Action Fraud also work closely with ‘European’ (it goes beyond the EU) colleagues who are members of Europol and make use of their SIENA tool to seek and share appropriate intelligence; this is supplementary to the above process. The NFIB is a participant in the International Fraud Mass Marketing Working Group (whose members include the Federal Trade Commission, Nigerian Economic and Financial Crime Commission, Europol etc). There is recognition of the need to work with partners such as the FTC to apply pressure to foreign government and law enforcement. The consumer policy and enforcement landscape The existing consumer landscape dates from 2012 when BIS made a number of changes both organisationally and in terms of policy.47 In policy terms the main change was to move responsibility for enforcement away from the OFT (now the CMA) and onto local authority trading standards departments. This is reflected legally in the obligation of trading standards departments to enforce the Unfair Trading Regulations and in the power of the CMA to choose to enforce the same Regulations. As there would be some cases which raised national issues, mechanisms were created for allocating cases between trading standards and the CMA, as well as allocating cases within the trading standards network. There is an added complication in that enforcement arrangements are split between England and Wales, Scotland and Northern Ireland. Policy making Before looking at enforcement, it is necessary to describe the wider policy landscape. In 2012 BIS created the Consumer Protection Policy Partnership (CCP) whose primary purpose is to bring together key partners in order to identify and prioritise areas where there is greatest harm caused to consumers, agreeing and coordinating collective action to tackle such detriment, and using all available tools at the disposal of each member. 48 27 Scams (and doorstep crime) was identified as among the CCP’s priorities, and an action plan was produced with the aim of achieving a more holistic and joined up approach. Led by the Convention of Scottish Local Authorities (COSLA), the CPP’s Mass Marketing Scams study’s primary purpose was to identify a strategy to make the greatest impact in tackling mass marketing scams. This drew on expertise from within and outside the Partnership, including the NTSB’s National Scams Team, Royal Mail, and Action Fraud. In August 2014, it was agreed that the initial aim and purpose had been met through the launch of a revised action plan. According to COSLA, in coming together, members of the group have gained a better understanding of the different roles partners play in tackling mass marketing scams and, that with a more joined up approach, a stronger prevention led focus may help to disrupt more schemes than was previously possible.49 The group will continue to meet on an informal basis, monitoring progress, sharing examples of best practice, and reporting points of significance to the CPP. A small number of actions have taken place including: Training to help postal staff spot and report suspect post is being rolled out across the country by trading standards officers. This collaboration with Royal Mail also aims to cancel the contracts of companies that send out mass marketing scams; The Scams Team have facilitated the distribution of names identified on ‘suckers lists’ to the relevant local authorities, working closely with COSLA where names have been identified in Scotland. Local authorities are encouraged to intervene to warn victims that they are being targeted by criminals. COSLA, the Scams Team and Action Fraud are working together to drive forward the shared definitions work that will seek to harmonise understanding of terminology amongst partners; and Action Fraud are currently reviewing their online reporting mechanisms with a view to making these more streamlined.50 The CCP’s priorities also include developing capability to tackle e-crime and ensure trust in online markets. Following a scoping exercise, the CCP agreed that the issue is too cross-cutting to engage in a focused study, and instead expertise from the NTSB’s E-Crime Unit will be requested to assist other working group studies where there is an e-crime element.51 28 Enforcement Trading standards The changes to the consumer landscape created a National Trading Standards Board (NTSB)iv which covers England and Wales. In order to coordinate enforcement between the CMA and trading standards, a National Tasking Group meets every two months, composed of Board members, regional representatives and members of the CMA. Other organisations attend as observers, including Trading Standards Scotland. One of the tasks of this group is to identify suitable cases which require support, which would most often be national cases (formally called Level 3 cases) when they involve: complex cases, cross-boundary activities, multiple defendants, high levels of consumer and business detriment and/or significant breaches of trading standards legislation or extensive fraud. Regional cases will be supported where intervention will stop it becoming a national case or set a precedent. National Trading Standards Scams Team The NTSB has created a National Trading Standards Scams Team (NST), which is funded by the National Trading Standards Boardv and hosted by East Sussex County Council. Its aims are to: identify victims of fraud prevent victims from further victimisation disrupt and investigate criminal activity, and educate local authorities/agencies on how to work with scam victims The focus of their work is on MMF carried out by mail and on the phone. Their experience is that victims of these types of fraud tend to be older people aged 72+. Some are repeatedly targeted by fraudsters, for example, someone could be receiving 60 pieces of mail per day. The NST is involved in partnership work with Royal Mail and 20 other national partners, covering law enforcement and consumer organisations (see section on `mail fraud’ below). A training package has also been developed to help staff at mail sorting offices to spot possible mail fraud. Key indicators include the amount of post for an individual and what is says on the envelope, for instance, references to prize draw or lottery wins. iv The NTSB does not have legal personality. It therefore does not have any enforcement powers of its own, these rest with local trading standards officers. v Around £170,000 (National Trading Standards Board (2014) Summary of Activities April 2013 to March 2014) 29 The team has also been setting up service level agreements with local authority trading standards teams in England and Wales who agree to contact potential fraud victims. So far about 75% of LAs have signed up to these agreements. Due to the inadequacy of the research relating to MMF, the team are also keen to carry out comprehensive research in order to find out more about its extent and the impact on victims but this depends on securing the necessary funding. There are several bits of work being planned in this area and financial institutions are supportive. Other activities include work with banks to encourage them to improve their monitoring processes to identify possible fraud, for instance, by routinely looking at accounts where someone aged 70+ is receiving more than one cheque book per month to see if they are victims of fraud. The NST are also keen on financial institutions to be involved in partnership work centrally to share intelligence, help protect victims and to raise public awareness, as well as contributing to disruption and investigation activities. More than 6,000 people across the UK had money returned to them as a result of a new crackdown on prize draw mail scams. This action was part of an initiative by the National Trading Standards Scams Team and Royal Mail to return seized responses to mail scams before the money reaches the hands of scammers. So far over 6,000 items of mail have been returned as part of the operation in the UK and more than £108,000 has been returned to victims. Importantly, people are receiving their money alongside a letter or visit from a local trading standards officer informing them that they have been a victim of a prize draw scam. It is hoped this will deter them from responding to such mail in future.52 National Trading Standards ecrime Team The National Trading Standards eCrime Team (NTSeCT) conducts national investigations into online scams and rip-offs, committed via the web, email and by text. It covers England and Wales and is hosted by the Yorkshire and Humber Trading Standards Group. The Team takes on investigations in its own right but also supports investigations conducted by local TS offices and regional TS Scambusters’ teams. It is also responsible for improving trading standard’s capacity to tackle online scams across the whole of the organisation. NTSeCT works closely with the National Trading Standards Intelligence Team so it can spot patterns in online scams and frauds from intelligence gathered from a number of sources including local and regional trading standards offices, Citizens Advice and the police. (It does not currently have direct access to data held by Action Fraud, although discussions are ongoing as to how this can be facilitated.) Investigations have included what is believed to be the first ever successful prosecution in the UK of a defendant involved in the Microsoft computer scam. This involved people from overseas calling consumers in the UK claiming to be “Microsoft 30 Certified” engineers or from a company working for Microsoft. Consumers are told that their computer has serious faults and persuaded to allow remote access to their computer. They are then charged for installing anti-malware software that is available for free; their computers may be compromised and their personal details put at risk.53 Some older people who are new to being online can be especially vulnerable to this type of fraud. Further work is being carried out to see what more can be done to tackle ‘Microsoft scam’ calls. The team is also involved in crackdowns on copycat websites (where consumers are misled into thinking it is a government site and then pay a fee to a third party for services that can be obtained free)54. Although the team will be leading on any potential enforcement activities, a multi-agency approach to tackling the wider issue has been agreed.55 The focus of the team’s website and social media profiles is to raise public awareness by providing alerts for consumers about online fraud and scams and specialist advice. The techniques used include infographics that can be embedded in other organisations’ websites and disseminated via social media, as well as animated videos. Work is underway to link up with other organisations to make best use of social media to publicise alerts and advice including Get Safe Online, Citizens Advice, Which? and Action Fraud. At the time of writing work was also underway to pull together data about the extent of e-crime across the UK. Currently, there is very little research on the growing phenomenon of online fraud and no clear definitive statistics. The eCrime report will analyse consumer reports to Trading Standards in an effort to fully understand the scope and impact of online fraud. Local authority enforcement The Consumer Protection from Unfair Trading Regulations 2008 cover commercial practices between traders and consumers and introduce a general prohibition on unfair commercial practices. They contain prohibitions of misleading and aggressive commercial practices, and create criminal offences for traders that breach the Regulations. Amendments to the Regulations provide consumers with a right to redress if, among other things, a trader engages in misleading or aggressive practices (new part 4A). Trading standards services have enforcement and prosecution powers under these Regulations (it is only trading standards services and the CMA who can enforce these regulations). For example, a high profile case, taken by Bedfordshire County Council, resulted in the jailing of the fraudster and the council being able to obtain around £562,000 under the Proceeds of Crime Act.56 Prosecuting cases is time and resource intensive, and trading standards services also engage in fraud prevention and disruption activity where appropriate. 31 The Competition and Markets Authority (CMA) The CMA also has powers to take up fraud cases. The CMA’s view is that: “ … enforcement action may be appropriate where it has determined that breaches of law point to systemic failures in a market, where changing the behaviour of one business would set a precedent or have other market-wide implications, where there is an opportunity to set an important legal precedent or where there is a strong need for deterrence or to secure compensation for consumers.” 57 In making such a decision, the CMA will have regard to its prioritisation principles, which focus on impact, strategic significance, risks and resources. 58 The CMA has not yet used its powers under the Consumer Protection from Unfair Trading Regulations. There are different arrangements for prioritising cases in Scotland and Northern Ireland and, in the time available, it was not possible to explore these. The CMA has said that it will work with the relevant authorities to identify priority cases.59 At the time of writing the CMA was consulting on its annual plan for 2015/16, and some of the content appears relevant for its future work with regard to fraud.60 For instance, key commitments and initiatives that are set out include: `Initiate as many consumer protection cases or projects as possible, where we have the requisite evidence; and as a minimum launch three new consumer protection cases or projects. Conclude our consumer protection cases effectively either by agreement or by proceeding to litigation; we will aim for the majority to be concluded within 18 months of being opened’ The CMA’s vision for its work in 2015/16 includes to: lead policy development and identify and pursue complex, precedent-setting cases where the CMA is best placed to intervene and can have the greatest impact on markets support and work effectively alongside other UK consumer agencies, and: continue to develop and implement ways of working with our national consumer protection partners to help to ensure that the consumer protection regime operates as effectively as possible to develop and implement ways of working with our national consumer protection partners to help to ensure that the consumer protection regime operates as effectively as possible The draft annual plan also refers to new ways of working which include: `Reaching out to a more diverse network for consumer insights to include more of those who have expertise on the consumer perspective, and those 32 with specific knowledge of vulnerable, hard to reach or less obvious groups of consumers’ Cross-border cases Under the EU’s Consumer Protection Cooperation Regulation (CPC)61 the CMA is the Single Liaison Office for the UK. The CPC has created a network of EU consumer bodies to provide mutual assistance to each other. The CMA says that this means that they: “… can call upon a member in another Member State to supply information about, or to take action against, a trader in their jurisdiction whose acts and or omissions may be causing detriment to the consumers in another Member State in breach of specified EU consumer protection laws.” 62 Competent authorities who receive such a request have to act upon it as if it were a breach of domestic law. These arrangements are, of course, only applicable to companies and individuals operating within the EU. In addition, the CMA will be taking up the presidency of the International Consumer Protection and Enforcement Network (ICPEN) from July 2015 to June 2016. The Financial Conduct Authority (FCA) The FCA has statutory objectives to reduce financial crime and protect consumers from harm posed by investment fraud. Under the Financial Services and Markets Act 2000 (FSMA), the FCA has an extensive range of disciplinary, criminal and civil powers to take action against regulated and non-regulated firms and individuals who are failing or have failed to meet the standards required.63 The FCA can take action where there is evidence of financial crime, or a risk of it, in the sectors and markets that it regulates. This action can include enforcement action against firms and individuals and restricting or imposing requirements on firms’ business. For example, in November 2014, the FCA implemented a scheme to return money to investors in certain illegal deposit-taking schemes through an order obtained from the High Court on 5 November 2014. Mail fraud With regard to MMF perpetrated through the post, there are three underlying issues. One is that mail is protected from interception by the Postal Services Act 2000 from the time that it is posted to the time that it is delivered.64 Additionally mail is communications data and is subject to the Regulation of Investigatory Powers Act, which means that if the police wish to acquire that information they must serve a notice under this Act. The second underlying issue is that it is unrealistic to expect Royal Mail, according to our interviews, to decide from the outside of the letter whether or not the 33 communication inside is fraudulent or not. Since 2012 and the changes in the consumer landscape, Royal Mail have worked consistently and closely with the National Scams Team (NST) and local trading standards. Royal Mail has a part of their website devoted to scam mail (and one part for scam e-mails).65 These allow the public to contact them (they had about 1,500 contacts in the first year of operation) and once contacted, they will ask for a sample of the mail that the customer is complaining about. When Royal Mail has samples of alleged fraudulent mail, they will pass them onto the NST to get an opinion on whether or not the item is fraudulent. The third problem for Royal Mail is that they do not, in general, have a contractual relationship with the fraudsters. This can be explained in the context of companies based overseas. Typically the fraudster arranges for the material to be produced by a printer who will then make arrangements with a mail consolidator e.g. Spring Global Mail who will enter into a contract with a shipping agent. If there is a problem with mail that originates via this route, Royal Mail will write to the mail consolidator asking them to give their customer two warnings and opportunities to make their material compliant with UK law. If there is a third breach then Royal Mail will ask the mail consolidator to cancel their contract with their customer. If there is an overseas company which does have a direct contractual relationship with Royal Mail, they will similarly give that company two warnings before cancelling the contract. Similar arrangements may exist in the UK if the fraudsters use other postal operators, such as TNT or UK Mail. These operators will ship their mail into Royal Mail centres for delivery. Royal Mail has just begun talking to these operators on the issue as they have not had data about the issue before now. Responsibility for gathering intelligence on mail fraudsters is shared with Trading Standards in England, Scotland and Wales and the police, which is potentially confusing. This prompted Royal Mail to set up its ‘Scam Line’ to gather current examples of mail from fraudsters. Royal Mail recognises that their two-strikes-thenout policy also takes time to work through when mail shots by fraudsters are infrequent and advice from Trading Standards has to be sought on each occasion that suspect material is identified. This policy is under review and may be tightened in the future. The NST are currently prioritising and investigating several MMF offences. Some investigations focus on UK-based Post Office box return addresses that may have links with MMF. Some of these are delivered in partnership with other law enforcement agencies. Royal Mail has introduced a major initiative, in collaboration with the NST and trading standards in order to offer support for victims. The foundation of this is to allow 34 trading standards to conduct work-time learning and training sessions. Trading standards officers will go into Royal Mail offices and make a presentation about scam mail, what it looks like, who the victims are and the effect on the local community. This programme has initially been introduced into some larger sorting offices and was felt in the interviews to have been successful. The process is that postal workers will, of their own volition, identify potential scam mail being sent to an address and report this to the Royal Mail security team’s helpdesk. This has been yielding about 20 to 40 addresses for each sorting office. The helpdesk then passes the information onto the NST who then passes it to the local trading standards, who will then undertake work with their local authority partners, typically adult protection services. They will then assess whether or not the person is at risk of financial harm. If so, there are various measures that can be put in place, such as meeting the victim and providing a support plan to protect and safeguard that individual from further financial abuse. The procedure is being rolled out carefully to avoid overwhelming adult services with many unplanned cases. The NST are currently working with St Helens Trading Standards and Merseyside police to roll out a pilot where scam victim data is prioritised and victims are then visited to assess the level of harm and support that is needed. Results have not been collated yet. Data sharing and protection issues Banks and other financial institutions have a crucial role in spotting situations in which consumers are potentially victims of fraud and in helping to protect their customers. For example, if someone is ordering multiple cheque books, this could be an indicator that they are being targeted by a fraudster who is demanding repeat payments. Sudden withdrawals of large amounts of cash relative to the money in an account could indicate that someone is the victim of courier fraud. These types of situation give rise to questions about data sharing and protection. Staff at banks and building societies need to be able to identify that a crime may be taking place and intervene quickly to alert the consumer. They may need to take appropriate action such as notifying the police, which will involve sharing some data about the consumer with the police. The legal framework for data sharing is set out in the Data Protection Act 1998 (DPA). It should also be noted that the DPA is not the only consideration for banks when determining whether or not they can share data. Banks also have duties to their customers under the common law duty of confidence. The Tournier principles set out when a bank may legally disclose information about its customer in accordance with its common law duty. (For further information, see the FOS website66.) 35 It is clear that there are serious questions that need to be addressed about whether the provisions of the DPA are fully understood and correctly applied by banks and other financial institutions. A number of interviewees for this research raised concerns that the DPA is frequently cited as an excuse not to take action to stop a fraud, rather than enabling a crime to be prevented. The reality is that much can be done within the framework of data protection legislation to prevent fraud without a consumer’s privacy being unduly infringed. The Information Commissioner’s Office (ICO) has published a statutory code of practice on data sharing67 under the DPA (which can be used in evidence in any legal proceedings). Among other matters, the code emphasises the need for organisations involved in data sharing to work together to ensure that the individuals concerned know who has, or will have, their data and what it is being used for, or will be used for. The company’s assessment of the situation needs to ensure processing is lawful and fair, and appropriate safeguards need to be in place to ensure that the consumer is properly informed about what is, or may be, happening with their data. Banks, building societies and other companies should ensure that they have a good understanding of what is and isn’t permissible under the law in terms of data protection and data sharing, and that they have the right policies, procedures and processes.vi The ICO also advocates that organisations undertake a privacy impact assessment.68 A crucial aspect is ensuring that company staff have clear and informed conversations with consumers so that they understand the problem and why the bank or building society needs to take action, such as notifying the police of a possible crime. This should be underpinned by formal and regular staff training to ensure that there is proper understanding of what is permissible under data protection legislation, and what action should be taken if it is suspected that someone may be a victim of fraud. Safeguarding people There is an established safeguarding concept or principle which implies that some people who are particularly at risk in a variety of ways should have statutory protection arrangements in place. Although this is a broad subject, it has relevance for helping to protect some people who might be regarded as being especially at risk of fraud. England and Wales The Care Act 2014 covers England and Wales and takes effect in April 2015. It sets out how local authorities and other health and care services should protect adults at vi Telephone interview with ICO, 13 November 2014 36 risk of abuse or neglect. Safeguarding becomes a specific statutory duty, and local authorities are required to set up a Safeguarding Adults Board in their area, giving these boards a clear legal basis for the first time. The Act provides a legal framework so that key organisations and individuals with responsibilities for adult safeguarding can agree on how they must work together and what roles they must play to keep adults at risk safe.69 Of particular relevance is the fact that the Act requires local authorities to make enquiries, or ask others to make enquiries, when they think an adult with care and support needs may be at risk of abuse or neglect in their area and to find out what, if any, action may be needed (s.42). This applies whether or not the authority is actually providing any care and support services to that person. Abuse includes financial abuse, and this includes: `(a) having money or other property stolen, (b) being defrauded, (c) being put under pressure in relation to money or other property, and (d) having money or other property misused.’ Scotland Under the Adult Support and Protection (Scotland) Act 2007, local councils must make inquiries about a person's well-being, property or financial affairs if it knows or believes that the person is an adult at risk, and that it might need to intervene in order to protect the person's well-being, property or financial affairs. It requires councils and a range of public bodies to work together to support and protect adults who are unable to safeguard themselves, their property and their rights. The Scottish Government’s website has a section - `Act against Harm’ – that explains the legislation and advises people what to do if they feel they need help or know someone who is being harmed.70 Trading standards services in Angus have found that the legislation is invaluable, particularly in facilitating partnership work with professionals who are in direct contact with people in their local communities, such as social workers, tenancy support officers, meals on wheels services, and local police. This type of joint approach helps to address a range of factors that may be placing people at risk, including help to remain living independently rather than going into care homes. Angus TS are also extremely concerned about people who are in vulnerable circumstances, for example because of medical conditions and/or social isolation, and at risk of repeated targeting by fraudsters. Work being undertaken with other TS services includes exploring what call blocking techniques are most appropriate to help protect people from MMF carried out on the phone.vii vii Telephone interview 30 October 2014 37 Other activities being undertaken in Angus includes Operation Carpus: a partnership between Police Scotland, Angus Local Policing Area, Angus Council Trading Standards and Social Work Adult Protective Services. The main objectives are to keep people safe by preventing and disrupting criminal activity, providing crime prevention advice and identifying vulnerable adults to provide appropriate support through partner agencies.71 Approximately 200 people in Angus were identified on a `suckers’ list’, which had been passed to Angus Council Trading Standards by the National Scam Hub. Where possible, those on the list were contacted and visited. Their average age was 72 (the range was 32 to 95 years). Some were referred for help and support where there were concerns about safeguarding and protection, and people were also referred to trading standards officers for advice and help with protection against fraud. This included installation of devices to block some incoming phone calls, registration with the Telephone Preference Service and Mail Preference Service, and protection to block scam emails. In addition, where people have been targeted by fraudsters, further assessments are also being carried out to ascertain potential vulnerability to fraud via other channels of communication, such as via online methods, on the doorstep and on the phone. The savings from the intervention activity were estimated at between £1 million to £2 million. The interventions also helped to ensure that the individuals visited as a result of the operation are less likely to become victims of fraud or repeat victims, according to a report on the operation.72 Other wider benefits included an increase in public awareness which has helped people to identify scam approaches and avoid becoming a victim. Operation Carpus is now an embedded practice between Police Scotland in Angus, Angus TS and Angus Council Adult Protection Unit. US: Financial Abuse Teams In the US, specialist Financial Abuse Specialist Teams have been set up in a number of states. These Teams are multi-disciplinary and assist service providers with expertise regarding financial exploitation. Some FAST teams offer free community education on financial abuse, and advice on relevant legislation.73 This type of approach may well offer useful lessons for the UK. Consumer awareness campaigns and other action Citizens Advice service (CAS) The CAS runs an annual Scams Awareness Month, usually in May, together with citizens advice bureaux, Citizens Advice Scotland and the Trading Standards Institute. Information provided includes top tips on for dealing with scams and what to do if someone has been a victim, such as how to obtain advice and report fraud. 38 The latest campaign in 2014 warned people to watch out for non-secure websites that ask for financial details but also that scammers are at the end of the phone and on the doorstep.74 FCA Using funds recovered from the proceeds of crime, the FCA launched a national Scamsmart campaign in 2014 for eight weeks to warn people about investment fraud and how to spot it75. It is aimed in particular at consumers who are in retirement and have financial resources, reflecting the findings of the recent FCA research on investment fraud76, and intelligence from Action Fraud and the City of London Police. The aim is to influence consumers’ behaviour, in particular, to encourage people to be more mindful/ sceptical when they are approached about an investment opportunity. The FCA hopes this will enable consumers to be more conscious of possible fraud and sceptical about investment scams. The FCA’s online tool advises consumers about warning signs to look out for, and consumers can also check firms that they are considering investing in against the warning list published on its website of firms running scams or operating without authorisation, and its financial services register of authorised firms. The FCA has been working with a range of internal and external organisations to bring the campaign to life including Action Fraud, the National Crime Agency, the Financial Ombudsman, the Home Office, the Money Advice Service, Age UK, and the BBA. As well as the tools on its website, the FCA is aiming to raise consumer awareness about investment fraud through targeted media coverage, including identifying potential opportunities to repeat and reinforce the messages. The FCA is intending to evaluate the effectiveness of the campaign and to use that information to inform future work and to refine the campaign if needed. This will include quantitative and qualitative research with consumers, for example, regarding their understanding of what the campaign was aiming to convey. In addition, the FCA’s website also advises consumers about other types of fraud such as those involving banking, early pension release and advance fee fraud. If consumers suspect that they have been contacted by investment fraudsters, they are encouraged to report it to Action Fraud. Consumers can also report possible investment fraud, share frauds or boiler room scams to the FCA via its online forms or by calling its Consumer Helpline. The BBA The BBA is the UK-industry association for the banking sector, and it works with members and external partner organisations to improve customer protection against fraud.77 39 The BBA is aware that fraudsters’ tactics are evolving rapidly with a range of techniques used to target consumers who are assumed to have money in their accounts. The issue for banks is how staff can balance the need to try to prevent fraud if they suspect it is happening against personal intrusion into a customer’s financial affairs. Good staff training on these matters is therefore of key importance, according to the BBA, who recently established a partnership with the City of London Police to provide fraud training for banks. The BBA is keen to get the message across that anyone can be a victim of fraud and it can affect people of all ages and backgrounds. As well as information on its website about how to avoid fraud, the BBA launched an awareness drive in October 2014 with UK retail banks, law enforcement agencies and consumer groups called `Know Fraud, No Fraud’. The campaign is aimed at helping customers spot the difference between a legitimate call and one from a fraudster. The leaflet gives advice on how to avoid becoming a victim and instructions on what to do if people are caught out78. It also lists 8 things a bank would never ask a customer but a fraudster might, such as asking for their full PIN number or passwords over the phone or via email, or sending someone to their home to collect cash or bank cards. The BBA is also having discussions with advice agencies and voluntary organisations to explore how its material to raise public awareness can be disseminated more widely and the message adapted for particular audiences. In addition, the BBA has announced a new Financial Crime Alerts Service due to start in early 201579. It will allow a range of public bodies to share financial crime information with banks more efficiently on topics including fraud via real-time alerts. Building Societies Association (BSA) The Building Societies Association (BSA) is the UK industry body for building societies and some other mutual financial service providers. It receives regular reports from its members about instances of potential fraud being perpetrated against customers, for example, frontline staff becoming concerned about unusual transactions or account withdrawals. The BSA together with the BBA and the Office of the Public Guardian is currently engaged in discussions with the ICO to clarify how customers being targeted by fraudsters can be supported. The key issues revolve around whether staff can refer suspicions of fraud against customers to the relevant authorities, such as local authority adult services, without the account-holder's permission. This includes instances where the account holder does not appear to have the mental capacity to make the relevant decision. In this context the BSA would like to see a review of the Mental Capacity Act 2005 to clarify the position regarding people with fluctuating mental capacity. The discussions with the ICO have so far clarified that building societies can follow up concerns raised by a third party (such as a relative or carer) 40 about a possible fraud by noting the information and investigating further with the customer. More broadly the BSA considers that more collaboration and co-ordination of efforts are needed to prevent consumers targeted for crime from becoming fraud victims, or repeat victims. This particularly applies to sharing of intelligence with consumers about different types of fraud taking place and fraudsters' tactics, as it is important to underline the message that what is happening to them is also happening to other people. An option could be for one organisation to have responsibility for coordinating, publishing and distributing information on types of fraud and how to avoid becoming a victim.viii Cifas Cifas is a not-for-profit membership organisation which provides two UK databases of confirmed fraud data, as well as a range of fraud prevention services to protect organisations from the effects of fraud. 300 organisations from the public and private sectors currently share fraud information through Cifas in order to prevent further fraud. Cifas also provides information, advice and a service called Protective Registration to members of the public who are at increased risk of falling victim to fraud. 80 Financial Fraud Action UK (FFAUK) Financial Fraud Action UK is the name under which the financial services industry co-ordinates its activity on fraud prevention. It works in partnership with The UK Cards Association on industry initiatives to prevent fraud on credit and debit cards, with the Fraud Control Steering Group on non-cards fraud matters and the Cheque and Credit Clearing Company on credit clearing and cheque fraud. As well as publishing annual statistics on fraud on UK-issued cards, FFAUK publishes fraud alerts and also information on its website on how consumers can better protect themselves against fraud. It is also engaged in efforts to help people to avoid becoming fraud victims through collaborative work with partner organisations. In general, FFAUK would like to see greater co-ordination of messages to raise public awareness of financial fraud, particularly to increase the visibility and consistency of public messages, and to explore opportunities for more collaboration. FFAUK receives regular reports from members about fraudulent activities taking place. Currently it is receiving an increasing number of reports about consumers being approached by fraudsters by phone or email, in attempts to manipulate someone into providing personal financial information and, in some instances, transferring money to the fraudster’s account. Fraudsters may use a one-off viii Telephone interview with BSA 6 November 2014 41 approach or concerted attempts to build trust. These fraudulent approaches can be based on speculation or on using information gleaned about an individual, for example, from social media, and/or from mailing lists. In some instances, fraudsters may target older people on the assumption that they may have more money in their account than younger people. ThinkJessica The ThinkJessica charity works to raise public awareness through national poster campaigns and other material to inform and forewarn other bodies, potential victims, relatives and carers about the risks of people becoming chronic fraud victims. A crucial aspect is to convey what can happen with a clear story that people can recognise and relate to, rather than complicated explanations: Jessica's story can be read on the ThinkJessica website and in its scam aware literature.81 Government campaigns and initiatives Much of the focus of the current work of the government in this area relates to tackling cyber-dependant crime and cyber-enabled crime (such as online mass marketing frauds, ‘phishing’ e-mails; online banking and e-commerce frauds.)[1] Following the ‘Get Safe Online’ and ‘The Devil’s in Your Details’ public awareness campaigns, in 2013/14 the government launched the `Be Cyberstreetwise’ campaign, which consists of a range of online and interactive resources and work to secure media coverage.82 The aim is to change the way people view online safety, and provide skills and knowledge regarding cyber security. The campaign is led by the Home Office, working with BIS and the Cabinet Office, and it involves a range of organisations such as Action Fraud, the ICO, third sector organisations and industry. To complement the `Be Cyberstreetwise’ campaign, a joint Home Office and Avon and Somerset police initiative – the “Spot It, Stop It” campaign – was delivered in 2014 to encourage people aged 60-85 to adopt behaviours to help protect them against fraud, whether on the doorstep, via phone or online. The pilot is taking place in the Avon and Somerset police force area, and the results are currently being evaluated. More broadly, the Home Office Strategic Centre for Organised Crime is engaged in work to support local areas to take action against all Serious and Organised Crime locally, including fraud. The Government’s view is that local areas should develop (or using existing structures to deliver) Local multi-agency Partnerships on Serious and Organised Crime.83 It also proposes that these should be steered by Local [1] Cyber crime describes two distinct but closely related, criminal activities: cyberdependent crimes, and cyber-enabled crimes. Cyber-dependent crimes can only be committed using computers, computer networks or other forms of information communication technology. Cyber-enabled crimes (such as fraud) can be conducted on or offline, but online may take place at unprecedented scale and speed. (Serious and Organised Crime Strategy, Home Office, 2013) 42 Profiles that set out a shared partner understanding of the key local threats and vulnerabilities. The Home Secretary has now written to all forces with guidance on the proposed content for the Local Profiles. As part of this, the Home Office is exploring what levers are available at national and local levels to help to prevent people from becoming fraud victims, particularly through multi-agency collaboration. This work includes discussions with the private sector about their role in helping to prevent fraud; and to encourage better understanding of data protection legislation regarding data sharing between agencies when a crime is suspected. Furthermore, in 2013 the Home Office commissioned a review of cyber crime, which provided an overview of current published evidence on the scale and nature of this type of crime in the UK – to identify what is known, where evidence is most reliable and where major gaps remain. The review described the introduction of Action Fraud reporting as a key element to improving understanding of the scale and nature of cyber crime but also suggested other improvements, including systematically improving the quality and range of individual measures of cyber crime. In order to capture more information on types of cyber crimes not covered by Action Fraud, the Home Office has introduced a voluntary cyber ‘flag’ onto police recorded crime. It has also been encouraging new questions to be added to the Crime and Justice Survey for England and Wales (CSEW); and will continue to review the effectiveness of these improvements. A new external working group will be set up by the Home Office, focusing on improving the estimates of the cost of cyber crime. Following the above review, the Home Office is currently engaged in plans for research into the impact of mass marketed fraud on people who may be particularly vulnerable. Its current focus is to co-ordinate research on victims of cyber crime together with the City of London Police, which is planned to take place in early 2015. This work is driven by concern about the rising numbers of people affected by this type of crime. The results of the research will be used to inform future `Prevent, Prepare’ policy and service provision. More generally the Home Office has worked with the Ministry of Justice to produce the Code of Practice for Victims of Crime, which summarises a list of key entitlements that victims of criminal conduct are entitled to under this Code.84 The BSI At the time of writing the BSI was exploring the viability of a national BSI standard to better protect vulnerable adults in the UK from scams, frauds, rogue traders, nuisance calls and other such attacks. Action to tackle unsolicited calls 43 Some unsolicited or `nuisance’ phone calls involve attempts at mass marketed fraud as this is one of the methods used by fraudsters. Recent research for Ofcomix on nuisance calls in general found that calls that were perceived to be ‘scams’ were more likely to be considered distressing.85 Mounting concerns about unsolicited calls and texts have been raised over the years by a range of consumer bodies, including the Consumer Forum for Communications, the Communications Consumer Panel and Which?. Although registration with the Telephone Preference Service (TPS) helps consumers to opt-out of receiving unsolicited live sales or marketing calls, rogue companies ignore the TPS register and consumers may consent to receive marketing calls without realising it.86 There have been a number of developments in the last couple of years that have explored the problem of nuisance calls and what can be done to tackle it. These include an All Party Parliamentary Group On Nuisance Calls Inquiry87, a report by the House of Commons Culture Media and Sport Committee88, and the publication of an action plan by the DCMS. The ICO and Ofcom are working together to tackle the problem and have produced a joint updated action plan.89 At the time of writing, the report of a stakeholder task force on reform of the rules on handling personal data for third-party marketing, was due to be published imminently (as part of the DCMS Action Plan on nuisance calls). Chaired by Which?, other participants include representatives from government, regulators, consumer bodies and industry. In particular, the task force has been looking at issues relating to consumer consent to being contacted by direct marketing firms. Its recommendations are likely to focus on improving companies’ policies and practices regarding how consumers are asked to give consent and their internal recording processes. The task force is also likely to call for companies to place restrictions on the nature and length of consumer consent for marketing calls, including their policies with regard to passing on or selling customers’ details to third parties. The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) govern when a direct marketing call can and cannot be made. The ICO is responsible for enforcement, and at present the ICO can issue a civil monetary penalty of up to £500,000 for those in breach of the regulations. The ICO believes that the penalty regime must be broadened to create a stronger deterrent effect and this is supported by a range of consumer organisations.90 At the time of writing the DCMS was consulting on proposals to lower the threshold.91 ix The research involved a nationally representative sample of UK adults with home landline phones who undertook a diary study to record all unwanted calls personally received on their home landline phone across a four week period (13th January to 9th February 2014). 44 In addition, Ofcom has powers to tackle persistent misuse of electronic communications networks and services under the Communications Act 2003 (sections 128 to 131). It has been using this power to tackle abandoned and silent calls. In addition to formal enforcement cases, Ofcom has also taken informal enforcement action to bring companies into compliance without pursuing formal action.92 An enforcement challenge is identifying the organisations generating the calls because many choose to hide their identity by spoofing or withholding their number. Ofcom has been working with industry and regulators in other countries to improve call tracing processes. The Internet Engineering Task Force (IETF) is also working globally to make it harder for callers to use Voice over Internet Protocol to spoof numbers. Screening calls by looking at the calling line identification (CLI) is another possible solution to help consumers to guard against nuisance calls. However, fraudsters can use number faking or (`spoofing’), which misleads consumers into thinking that they are speaking to their bank for example. Call blocking and filtering mechanisms can help to block calls from fraudsters but may not be a complete answer as rogue callers may change their number frequently or spoof the number of another organisation. Ofcom is discussing possible technical solutions to these problems with industry, as well as working with consumer organisations and trading standards to see what can be done to raise consumer awareness of how to reduce nuisance calls and where to complain. While Ofcom’s powers are generally limited in terms of being able to tackle fraudulent and criminal activity using the telephone system, it works closely with other bodies and enforcement agencies to identify the best method of tackling such activity. This includes work with the telecommunications industry to identify network solutions where certain features of telephony systems are being abused to carry out fraudulent activity. An example of this has been Ofcom’s work on tackling courier fraud where criminals have taken advantage of phone lines being left open even though the person called may think that the call has finished. For example, a tactic of fraudsters is to call someone claiming to be from the police or their bank, and then suggesting the consumer calls back to verify this. When the consumer tries to phone their bank or the police to check, in reality they end up speaking to the fraudster instead as the line has been left open. Consequently Ofcom has been exploring solutions with industry to reduce the time that phone lines are left open. Due to various changes to fixed-line and mobile networks, this problem has been largely eradicated due to timers now having been cut to two seconds (previously two minutes). These changes have already been implemented for most of the UK, and should apply to the whole country in 2015. Criminals are moving on to new scams to make the people they are phoning believe 45 they are speaking to a trusted organisation – like a bank – by misleading them by displaying spoofed numbers (see above). Calling line identification (CLI) is another possible solution to help consumers to guard against nuisance calls. However, fraudsters can use number faking or (`spoofing’), which misleads consumers into thinking that they are speaking to their bank for example. Call blocking and filtering mechanisms can help to block calls from fraudsters but may not be a complete answer as calls may also be blocked from official organisations, for example if they withhold their number. Ofcom is exploring possible solutions to these problems, as well as working with organisations such as trading standards to see what can be done to raise consumer awareness. Key concerns This research has not identified significant gaps or omissions in the legal framework. But serious concerns were expressed to us during the course of the work about the resources available for prevention and enforcement, and the priorities given to tackling fraud against individual consumers. In addition, efforts to tackle financial abuse, including MMF and other types of fraud, need to take account of the opportunities presented by care and safeguarding legislation. However, concerns also arise about the resources available for social care and safeguarding services, which may affect victims of fraud amongst other people. It is welcome that the problem of mass marketed fraud is being paid more attention alongside a number of initiatives and collaborative activities involving government departments, regulators, enforcement authorities, industry associations and consumer bodies. But it has proved to be a time-consuming and complicated process to find out who is involved, what is happening and how well the various efforts are being co-ordinated. There are welcome activities taking place to raise public awareness about mass marketed fraud. But more needs to be known about the effectiveness of different types of public campaigns in order to inform future activities. In addition, although more attention is being paid to alerting consumers to online fraud, this should not result in less attention being paid to tackling other types of fraud, such as through the mail or on the doorstep. The research has also highlighted the importance of appropriate support for older people and others who become victims of fraud, which may often require multiagency work. There is clearly scope for greater co-operation and partnership work to provide support and to help prevent people becoming fraud victims, and greater sharing of information and lessons. 46 References 1 http://www.Action Fraud.police.uk/types-of-fraud/mass-marketing-fraud Online frauds: Learning from victims why they fall for these scams, Button M et al, Australian & New Zealand Journal of Criminology published online 28 March 2014, Sage Publications 3 A better deal for fraud victims Research into victims’ needs and experiences (2009), Button M, Lewis C and Tapley J, Centre for Counter Fraud Studies, University of Portsmouth and National Fraud Authority 4 Online frauds: Learning from victims why they fall for these scams, Button M et al, Australian & New Zealand Journal of Criminology published online 28 March 2014, Sage Publications) 5 http://www.ageuk.org.uk/latest-press/one-in-four-pensioners-struggling-financially/ 6 Policy Brief: Scams & Think Jessica Campaign 2009 (2009), Trading Standards Institute 7 http://www.thinkjessica.com/faqs.htm 8 Understanding victims of financial crime - A qualitative study with people affected by investment fraud (2014), NatCen and the FCA) 9 A quantitative analysis of victims of investment crime (2014), Financial Conduct Authority 10 HMRC press release, 20 October 2014 11 http://www.Action Fraud.police.uk/a-z_of_fraud 12 Serious and Organised Crime Strategy (2013), Home Office 13 http://www.thepensionsregulator.gov.uk/regulate-and-enforce/pension-scams.aspx 14 https://www.gov.uk/government/news/pensions-guidance-providers-unveiled 15 Scammers cashing-in on Green Deal, Citizens Advice press release, 24 April 2014 16 Online frauds: Learning from victims why they fall for these scams, Button M et al, Australian & New Zealand Journal of Criminology published online 28 March 2014, Sage Publications) 17 HMRC press release, 20 October 2014 18 Online frauds: Learning from victims why they fall for these scams, Button M et al, Australian & New Zealand Journal of Criminology published online 28 March 2014, Sage Publications) 19 The psychology of scams (2009), University of Exeter and the OFT 20 http://www.port.ac.uk/centre-for-counter-fraud-studies/ 21 Understanding victims of financial crime - A qualitative study with people affected by investment fraud (2014), NatCen and the FCA) 22 Understanding victims of financial crime - A qualitative study with people affected by investment fraud (2014), NatCen and the FCA) 23 A quantitative analysis of victims of investment crime (2014), Financial Conduct Authority) 24 Annual Fraud Indicator (2013), National Fraud Authority 25 Research on impact of mass marketed scams: A summary of research into the impact of scams on UK consumers (2006), Office of Fair Trading 2 47 26 Chapter 4: Mass Marketing Fraud (2013), Office for National Statistics Chapter 4: Mass Marketing Fraud (2013), Office for National Statistics 28 Online frauds: Learning from victims why they fall for these scams, Button M et al, Australian & New Zealand Journal of Criminology published online 28 March 2014, Sage Publications on behalf of the Australian and New Zealand Society of Criminology. Article can be found online at: http://anj.sagepub.com/content/early/2014/03/28/0004865814521224 29 Online frauds: Learning from victims why they fall for these scams, Button M et al, Australian & New Zealand Journal of Criminology published online 28 March 2014, Sage Publications on behalf of the Australian and New Zealand Society of Criminology. Article can be found online at: http://anj.sagepub.com/content/early/2014/03/28/0004865814521224 30 Chapter 1: Property Crime – Overview, November 2014, Office of National Statistics 31 Chapter 1: Property Crime – Overview, November 2014, Office of National Statistics 32 Chapter 1: Property Crime – Overview, November 2014, Office of National Statistics 33 Chapter 1: Property Crime – Overview, November 2014, Office of National Statistics 34 http://www.Action Fraud.police.uk/report_fraud 35 Trading Standards Workforce Survey Report of the TSS 2014 Survey (2014), National Trading Standards Board and Trading Standards Institute 36 Fraud typologies and victims of fraud Literature review (2009), National Fraud Authority and the Centre for Counter Fraud Studies, Button M, Lewis C and Tapley J 37 House of Commons Home Affairs Committee - Fifth Report E-crime 38 http://www.Action Fraud.police.uk/support-and-prevention/ive-been-a-victim-offraud 27 39 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/32640 9/pcc-funding-awarded-2014-15.pdf 40 http://www.mind.org.uk/news-campaigns/campaigns/victims-of-crime/ 41 http://www.thinkjessica.com/main.htm 42 http://www.financial-ombudsman.org.uk/publications/ar14/complained.html#a1a 43 http://www.financial-ombudsman.org.uk/publications/ombudsman-news/116/116disputed-transactions.html 44 http://www.alzheimers.org.uk/site/scripts/download_info.php?fileID=1983 45 See: http://www.thinkjessica.com/index.php/news/view/1EHfXFihwr8kYtCa 46 The Not So Thin Blue Line After All? Investigative Resources Devoted to Fighting Fraud/Economic Crime in the United Kingdom (2014). Button M, Blackbourn D and Tunley M, Policing, November 1-14. 47 Better choices, better deals: report on progress on the consumer empowerment strategy (2012), BIS 48 www.gov.uk/government/publications/consumer-protection-partnership-priorities2013-to-2014 49 COSLA e-mail 11 November 2014 50 COSLA e-mail 11 November 2014 48 51 Consumer Protection Partnership: Priorities Report 2013-14 (2013), BIS 52 http://www.eastlothian.gov.uk/news/article/1762/more_than_100_000_returned_duri ng_scam_mail_campaign 53 http://www.tradingstandardsecrime.org.uk/national-e-crime-team-brings-downmicrosoft-phone-scam-operator/ 54 http://www.tradingstandardsecrime.org.uk/copycat-web-site-crackdown-2/ 55 SUMMARY OF ACTIVITIES APRIL 2013 TO MARCH 2014 (2014), National Trading Standards Board 56 http://www.bbc.co.uk/news/uk-england-beds-bucks-herts-29140248 57 Consumer Protection: Guidance on the CMA’s approach to use of its consumer powers (2014) CMA 58 Prioritisation Principles for the CMA (2014) CMA 59 Consumer Protection: Guidance on the CMA’s approach to use of its consumer powers (2014) CMA 60 Annual Plan Consultation 2015-16, available at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/37848 0/Draft_Annual_Plan_2015-16.pdf 61 REGULATION (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (OJ L 364, 9.12.2004, p. 1) 62 Consumer Protection: Guidance on the CMA’s approach to use of its consumer powers (2014), Competition and Markets Authority 63 Enforcement Information Guide (2014) Financial Conduct Authority 64 See ss. 83-4, 104 Postal Services Act 2000. 65 http://www.royalmail.com/personal/help-and-support/what-can-I-do-about-scammail (mail) and http://www.royalmail.com/personal/help-and-support/I-think-Ive-hadan-email-from-a-company-pretending-to-be-royal-mail (e-mails) 66 http://www.financial-ombudsman.org.uk/publications/ombudsmannews/45/45_bankers_duty.htm 67 Data sharing Code of Practice (2011), ICO 68 Conducting privacy impact assessments code of practice (2014), ICO 69 https://www.gov.uk/government/publications/care-act-2014-part-1-factsheets 70 http://www.actagainstharm.org/ 71 Police Scotland, Angus Local Policing Area OPERATION CARPUS REVIEW REPORT (2014) 72 Police Scotland, Angus Local Policing Area OPERATION CARPUS REVIEW REPORT (2014) 73 http://ncall.us/content/fast 74 http://www.citizensadvice.org.uk/index/pressoffice/press_index/press_20140501.htm 75 http://www.fca.org.uk/news/national-campaign-will-target-those-most-at-risk-ofinvestment-fraud 76 http://www.fca.org.uk/your-fca/list?ttypes=Research&ssearch= 77 http://www.fca.org.uk/news/anderson-peacock-pruthi-unauthorised-deposit-taking 78 ] https://www.bba.org.uk/news/press-releases/poll-finds-millions-leave-themselvesopen-to-scams-as-banks-launch-campaign/ 49 79 https://www.bba.org.uk/news/press-releases/banks-team-up-with-government-tocombat-cyber-criminals-and-fraudsters/ 80 https://www.cifas.org.uk/ 81 http://www.thinkjessica.com/jessicas-story.htm 82 https://www.cyberstreetwise.com/ 83 Serious and Organised Crime Strategy (2013), Home Office 84 Code of Practice for Victims of Crime (October 2013), Ministry of Justice 85 LANDLINE NUISANCE CALLS PANEL WAVE 2 (JANUARY- FEBRUARY 2014) (2014), GfK NOP, Ofcom 86 Ofcom and ICO - Research into the effectiveness of the Telephone Preference Services (2014), Ofcom and Ipsos MORI 87 House of Commons All-Party Parliamentary Group On Nuisance Calls Inquiry into the unsolicited marketing industry, Final Report Recommendations, Oral Evidence and Summary of Written Evidence received, October 2013 88 Nuisance calls Fourth Report of Session 2013–14, House of Commons Culture, Media and Sport Committee (2013) 89 Update on the ICO and Ofcom Joint Action Plan for tackling nuisance calls and messages (2014) 90 Update on the ICO and Ofcom Joint Action Plan for tackling nuisance calls and messages (2014) 91 Proposal to lower the legal threshold for enforcement of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), for regulations 19-24, to tackle unsolicited direct marketing calls and SMS text messages. Consultation Document (2014), DCMS 92 Update on the ICO and Ofcom Joint Action Plan for tackling nuisance calls and messages (2014) 50