UK police are failing to protect and support businesses and individuals who suffer Internet fraud, the government's top legal advisor has warned.
A report issued earlier this week by the Office of the Attorney General claimed that victims of Internet fraud often aren't able to report the crime to the authorities, and that the police often view fraud perpetrated against companies as being victimless.
While 8 percent of all fraud in the UK is now carried out online, victims often do not know who to report the crime to, according to Lord Goldsmith's Fraud Review.
"It is often confusing for victims to know who to report the fraud to, particularly if it crosses geographical or sectoral boundaries," said the report.
One key factor is that someone who loses money through an email scam or a fake Web site may find that their local police aren't able to follow up the case, because those responsible are based overseas.
"Fraudsters benefit from this lack of continuity of response. Internet fraud is a particularly good example of how a fraud can become difficult to report," the report continued.
"It is clear that fraud suffers under the current crime reporting arrangements and that this is unhelpful, both to police efforts to develop an intelligence led response to fraud, and to victims, who are frustrated when reporting a crime."
Crimes which are low value and occur within a different authority may not be investigated by the police and trading standards, the report concluded.
To illustrate this point, the report outlined an example of a successful Internet auction fraud:
"A computer is advertised for £2,000 on an auction site by Mr. Bogus. Mr. Green successfully bids for it, and transfers his money to the seller. The goods never arrive. Mr. Green makes a complaint to the Internet auction company, to the police, and possibly also to trading standards authorities in the area where he lives.
As Mr Bogus lives in a different police force area the police are reluctant to accept the report. It is a similar situation with trading standards.
Furthermore, if the goods are not worth a large sum of money, it does not appear to be a significant crime and the police will often not investigate the case, even if they do take a report.
Mr. Bogus remains free to re-advertise the computer and performs the same fraud on an increasing number of victims.
The police and trading standards do not identify Mr. Bogus as a repeat offender because the reports of fraud are either not accepted, or appear in different force areas.
Even if complaints from victims manage to get the goods removed from the auction company Web site, Mr. Bogus may advertise again on another site."
The report criticised the attitudes of some police officers towards fraud perpetrated against businesses, saying that "there is often, though by no means always, a perception that fraud against business [is] somehow 'victimless'". The police were also criticised for being unsympathetic towards businesses fooled by tricksters.
"There is often... an attitude that victims of fraud should have done more to protect themselves," said the report. There was also "a pragmatic realisation that fraud is not a policing priority and so is unlikely to get investigated," said the report.
Many fraudsters and cybercriminals operate abroad, which makes it very difficult for the police to pursue them, according to security experts, who agree that jurisdiction and lack of resources are major problems for law enforcement.
"There's a danger with tech crime that the authorities don't think it's worth pursuing," said Graham Cluley, senior technology for Sophos. "There's not a great willingness to investigate these things. Criminals using the Internet have already done their getaway — they're in Brazil."
"You can bounce the crime around the world, and it's harder to follow the paper trail," said Cluley.
Legal experts agreed there is an enforcement problem with Internet fraud.
"The Internet has provided new opportunities for fraud to be committed and it is now a significant problem for both businesses and individuals," said David Woods, an associate and litigation expert with Pinsent Masons solicitors.
"The current system has made it difficult to co-ordinate efforts among the various law enforcement agencies to effectively tackle fraud," Woods told Out-Law.com.
Lord Goldsmith's report claimed that many of the proceeds of fraud go to organised criminals, and that the harm caused is second only to class A drug trafficking. To overcome the problem of reporting these crimes, the Fraud Review proposed establishing a National Fraud Reporting Centre for businesses and individuals to report fraud.
This Fraud Reporting Centre would receive those reports, analyse them, identify patterns and trends, and provide police and other investigative agencies with information to target investigations.
Consumer confidence has been knocked by online fraud. The 2002/03 British Crime Survey results showed that 75 percent of respondents were worried about the security of using a credit card online.
The telecoms industry has also been severely affected by fraud, with £866m, or 2.4 percent of annual turnover of total retail revenue being lost to fraudsters in 2004.
Talkback
A very good assesment of the problem, but does it deal with the problem. Again, because this is a crime, the police become to source to which this matter is reported, but realistically, it is beyond their ability and resources to deal with it. This is a problem for the government of this country. This cannot be left up to a local police service to deal with. Let's hope that Lord Goldsmith report cause some realistic action.
The solution is simple. Do not use any electronic means to transfer money in any way. If enough people do this you'll find that the companies that were quick enough to further grow their bottom line without any realistic liability or security counter measures (effectively making it our problem and not theirs; as a way of saying thank you for allowing them to make more profit) will have to rethink their business plans. After all, you get what you pay for. And as long as you're willing to pay for lack of liability and lack of security that's exactly what you're going to get.
And don't think that making up new laws will help here. It really comes down to voting with your wallet. And voting during elections. Yet another reason why governments should choose national IT solutions and nothing else.