This article is part of a special series, and examines the first of the top 10 serious and organised crime threats to the UK and their evolution over the past decade. It traces the journey of the fraud threat – which has grown exponentially to represent the most experienced crime in England and Wales today – and the response to it.
Fraud was once something that happened to other people. Over the last 10 years, it has become the crime that an individual is most likely to experience in the UK, accounting for over 40% of all crime. Today, members of the public are bombarded on a daily basis by scam texts, phishing emails, spoofed calls and fake adverts on social media, all designed to trick them out of their money.
According to the Office for National Statistics (ONS), 3.3 million offences of fraud were recorded in England and Wales in the year ending June 2023. Although this was a decrease of 13% from the previous year, a hunt around the archives of the ONS website reveals that just 230,335 fraud offences were recorded in the year ending June 2013.
While there have been methodological changes in how ONS crime statistics are gathered over the last 10 years, it is abundantly clear that there has been an exponential growth – a rise of over 1,400% – in fraud in the last decade. And, if the early part of the 21st century was marked by a series of sometimes staggeringly audacious corporate frauds – Enron, WorldCom, the fall of Bernie Madoff – the last decade has seen the focus shift to the high-volume but low-value frauds that have become a sadly ubiquitous feature of life in the UK.
The Same but Different
While Authorised Push Payment (APP) frauds do not make up the majority of frauds in the UK, their rise is probably the defining feature of the fraud landscape in the last 10 years. The key characteristic of an APP fraud is the role that the victim plays. In an APP fraud, the victim is tricked into authorising (hence the name) a transaction to send money to a criminal, often under false pretences. The APP frauds seen today are the successors to the emails that the public used to receive from Nigerian princes offering a huge reward for a small downpayment. They are, fundamentally, confidence tricks designed to persuade the victim to hand over their cash. The difference is that these new types of fraud are far more sophisticated, leveraging advances in technology and exploiting social engineering techniques to have maximum impact – and make maximum profit.
Authorised Push Payment frauds are, fundamentally, confidence tricks designed to persuade the victim to hand over their cash
UK Finance first began publishing statistics on this modern breed of fraud in 2017, when 43,875 instances were recorded, with total losses of £236 million. In 2021, losses from APP fraud peaked at £583.2 million. While a number of factors have contributed to this rise, it is inextricably linked to the increased digitalisation of many aspects of our lives and the popularity of social media.
In 2013, just over half of the population used social media. This has risen to just under 85% in 2023, partly driven by the Covid-19 pandemic, which forced many of us online. Social media platforms allow criminals to easily target victims at scale, flooding feeds with adverts for fake crypto investment scams or sending the same phishing message to thousands of users.
Technology allows romance fraudsters to maintain hundreds of fake relationships, tricking their unwitting victims into parting with huge sums of money. All it takes is a few people to take the bait to have made the whole exercise worthwhile. UK Finance has found that in 2022, 78% of APP fraud started online. Social media and the internet also allows us to be targeted by overseas criminal networks: the City of London Police estimates that 70% of fraud has an overseas element.
While APP fraud often hits the headlines, vast amounts of money are still being lost to unauthorised frauds. UK Finance statistics show that annual losses from card fraud have risen from £450 million in 2013 to £556 million in 2022, and the number of instances of card fraud has more than doubled over the same period.
Within this category of frauds, Card Not Present (CNP) frauds have continued to dominate, making up the bulk of card losses. CNP frauds occur when a purchase is made remotely – typically online, over the phone or by mail order – using stolen card details. This type of fraud is driven by data theft and data loss. As a result, fraudsters can gain easy access online to the personal information, including card details, of millions of people.
CNP fraud is still significant – it generates the biggest financial losses of all payment frauds, including APP frauds – and has been an area of increased industry focus. In March 2022, industry introduced Secure Customer Authentication in the UK, requiring users to have multiple ways of verifying that a payment is legitimate, such as One Time Passcodes. This appears to have had an impact on the amount of fraud: the most recent statistics from UK Finance show that losses for the first half of 2023 were 12% lower than the same period last year, and the lowest since 2015.
Keeping Up with the Fraudsters
Fraudsters have generally had it pretty easy over the past 10 years. Fraud-enabling technology is widely available online, as is access to almost everyone’s personal data. The financial system has become increasingly fragmented due to an influx of new payment firms and electronic money institutes, some with weak onboarding controls which have enabled fraudsters to easily launder the proceeds of their crimes. Adding to this is the increased adoption of cryptocurrencies by criminals and legitimate users alike, which can obscure payment trails.
Until the last couple of years, fraud has not really been seen as a anyone’s priority. This has been evident in the lacklustre response to the threat; in its October 2022 report, the House of Lords Committee on Digital Fraud found that under-prioritisation had ‘create[d] a permissive culture across Government and law enforcement agencies towards fraud and the criminals who perpetrate it’. The Committee concluded that law enforcement was ‘chronically underfunded for the fight against fraud’. Last year, the Public Accounts Committee found that fewer than 1% of frauds reported to Action Fraud resulted in charges or a prosecution. This also does not reflect the reality of the number of frauds that go unreported, either because victims feel too ashamed to report incidents or because they simply think there is no point.
Fraudsters have generally had it pretty easy over the past 10 years
Earlier this year, the government published its Fraud Strategy – the first for over a decade – aiming to cut fraud by 10% from pre-pandemic levels. While the Strategy promises a small number of additional law-enforcement resources and a review of the criminal justice response to fraud, the real focus is prevention and the desire to ‘block fraud’ at its source.
This includes actions like banning cold calling for all financial products and making it illegal to possess a sim farm, a device capable of sending out spam texts in volume. It also includes collaboration with the tech sector to develop an online fraud sector charter, committing some of the big social media firms to doing more to prevent fraud that starts on their platforms. While there is a lot for the private sector – notably banks, telcos and tech firms – to do, the idea of disrupting criminal activity upstream is one that is inherently sensible from a law-enforcement perspective. Fraud is not a problem that we can just arrest our way out of.
The UK has been called the ‘bank scam capital of the world’. It is at the centre of a global fraud epidemic, viewed internationally as both an exporter of fraud and the eventual home for the proceeds of frauds committed all over the world.
The UK has long been an attractive destination for fraudsters. The ubiquity of the English language, the rapid pace of digitalisation and the ease of setting up companies have all been pointed to as reasons for this. Another factor which makes the UK more attractive to fraudsters than other countries is its Faster Payment System, which allows almost instant transfers between bank accounts. According to UK Finance, 98% of APP fraud payments use Faster Payments. The speed of payments in the UK means that the proceeds of a fraud can be moved through multiple bank accounts within minutes, reducing the ability of banks to detect and recover stolen funds.
This is why global collaboration and information sharing is so vital to law-enforcement efforts. There have been notable successes over the last few years. For example, in April 2023, the National Crime Agency was involved in an international operation – led by the FBI and the Dutch National Police, and involving 17 countries – to take down Genesis Market, an online marketplace where the stolen identities of over 80 million people were on sale. This kind of international activity, directed at the criminal infrastructure that facilitates widespread fraud, is becoming increasingly key to the operational response.
So, What Comes Next?
As noted earlier, the last year has actually seen a fall in the number of reported frauds. It does not really feel like there is any less fraud about at the moment, though. As technology continues to develop at pace, increasingly sophisticated types of fraud are likely to be seen. AI offers the potential to revolutionise the way that criminals go about committing fraud, even if there is no real evidence of its widespread adoption yet.
Tackling some of the criminal infrastructure, including the AI tools and dark web marketplaces where such tools are freely available, must be an international law-enforcement priority. There is still a long way to go on the prevention side, particularly around the need for some of the big online platforms to step up and take meaningful action against the huge amount of fraud that is enabled by social media. The introduction of mandatory customer reimbursement for all victims of APP fraud in October 2024, rather than just than in cases of gross negligence on the part of the victim, may well change some of the ways in which fraudsters operate.
As we consider how the fraud threat might evolve over the next few years, the importance of cross-sector collaboration becomes even more vital. More engagement is needed between law enforcement and the private sector – particularly the tech sector – to ensure that all parties have access to the information and data that they need.
Ultimately, however, the real challenge for the coming decade is maintaining the momentum that has developed over the last couple of years. While it may have been no one’s priority for much of the last decade, the level of public concern about fraud means that it has now become a high priority for the government – and as a result, for law enforcement. Keeping it there is a whole different ball game, however. The language of disruption and preventative action does not grab many headlines, but it is essential in order to protect the public from the crime to which they are most likely to fall victim.
The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.
Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.
10 Years; 10 Threats
Independent Analysis of the Top 10 Organised Crime Threats to the UK
As the NCA marks its 10-year anniversary, RUSI is using this critical moment to reflect on the trajectory of the threat and the UK’s record in tackling it. This 10-part series traces the evolution of the top 10 serious and organised crime threats since 2013, analysing what this means for the UK’s response as the threat landscape shifts and evolves to 2033.
View the project
WRITTEN BY
Kathryn Westmore
Senior Research Fellow
Centre for Finance and Security
- Jack BellMedia Relations Manager+44 (0)7917 373 069JackB@rusi.org