By Dr Michael Levi, Professor of Criminology, Cardiff University
Fraud – what’s new?
Through our reliance on the internet and technical devices, ‘cyberspace’ has become a significant new economic crime scene. Whether this is through spam emails, software-generated cold calling, or identify theft experienced by the general public; or thefts of customer accounts, fraud and business disruptions for organisations.
We estimate that well over half of crimes reported to Action Fraud – the national reporting tool for fraud - by individuals and businesses over Q4 last year, had some form of ‘cyber’ involvement. Criminal attacks committed online and using ICT are becoming much more common, and cost hundreds of thousands annually. This includes not only the costs of recovery and paying for protection, but also the money lost by the victims themselves.
As crime changes, so must policing
The draw of cyberspace for criminals is obvious. It allows traditional and new frauds to be carried out on an industrial scale; criminals can operate in multiple jurisdictions and across borders, so they are hard to reach or even identify in the first place.
This raises questions around how best can we tackle these issues? And, what is the role of the police, when so many elements of crime are now outside of police control?
Key law enforcement stakeholders we interviewed for this research recognised that current approaches to pursuing economic cybercrimes are being challenged – both in terms of prevention and in identifying and pursuing suspects across borders. But, even if police budgets were expanded and a large proportion of it spent on pursuing cyber-criminals [as opposed to other types of criminal], this might not reduce frauds significantly.
How can we help those impacted by cyber-fraud?
Though the cost of fraud to individuals and small businesses is often seen as relatively minor, it is a high cost in terms of the amount of harm caused to these victims. We need to ensure that these groups are protected, through awareness-raising and media campaigns, such as those used for other issues like stopping smoking, or persuaded us to use seat belts.
Cyber-protection for individuals and SMEs would ideally be built-in with minimal effort for the user or administered in a ‘bottom-up’ way through peer groups, community bodies and charities, to help these groups adopt simple security processes. Larger businesses can promote good security practice through their already established organisational frameworks, paying attention to insider as well as outsider threats. As part of this, firms should think about what core assets need to be protected, and consider separating these from ICT access.
We also need to identify those at risk of repeat victimisation - a quarter of mass marketing fraud victims have been found to be victims previously. This requires focusing prevention efforts on the most vulnerable, preferably with the participation of community bodies as well as technology firms and Community Officers. Data from Action Fraud can also be used to identify those individuals and businesses that are at risk of repeat victimisation, to focus prevention efforts on the most vulnerable.
The future of policing
Clearly, the issues are complex. There is no quick fix for tackling cyber-fraud.
It is important that economic cybercrimes are established on the policing agenda and in ways that allow a meaningful and realistic response, where the role of the police is less about being the sole player in the law enforcement landscape, and more about partnership working. This will require a careful analysis of resources, police priorities and engagement with other agencies to complement police roles.
However, partnership policing in itself is not the solution to combating economic cybercrime. We also need to think critically about the resources available and how best to use these; and individuals and businesses need to take responsibility for protecting themselves against cyber-threats, as much as is possible.