UK Scraps Failing Cyber Fraud Reporting Agency

Brits are often told to report phone and internet scams to Action Fraud, the National Cyber Crime and Fraud Reporting Centre, but that will soon change as the government has announced the agency will be scrapped. The government’s recent Beating Crime Plan includes the following promise.

We will improve our understanding of how fraudsters are operating. We will replace Action Fraud with an improved national fraud and cybercrime reporting system and increase intelligence capabilities in the NCA and the national security community to identify the most harmful criminals and organised criminal gangs.

To promise that the new system will improve upon Action Fraud is to beg the retort: could it possibly be any worse? Action Fraud answers to the City of London Police but the work is outsourced to the private sector. Over time Action Fraud accumulated a reputation for being the pinnacle of an especially pointless segment of the anti-fraud community that repeatedly tells the public what they should do to reduce fraud, but refuses to explain what paid professionals intend to do about it. They say actions speak louder than words, but Action Fraud did nothing but talk, and a lot of what they said was wrong.

A 2019 investigation by journalists working for The Times revealed that staff at Action Fraud routinely misinformed the public about the extremely low probability that the police would even be told about the crimes being reported. They also found victims had been mocked by Action Fraud call center operatives. Meanwhile, management at Action Fraud claimed the police “do absolutely everything in their power to avoid” investigating fraud.

A Freedom of Information request submitted by Rob Chapman, COO of the Risk & Assurance Group, confirmed suspicions that I had long held: statistics about crime fed to journalists by Action Fraud are utterly unreliable. The request was instigated because of an irreconcilable discrepancy between SIM swap numbers produced by Action Fraud at two different points in time. This was alarming, as the figures were obviously supplied to the press in the hopes of pumping up fears about SIM swap crime. When challenged to explain the differences between their figures, the police first resorted to delaying tactics, then eventually produced a report that admitted Action Fraud’s data is so poorly managed that they are incapable of generating consistent statistics about crimes like SIM swaps. Partly this is because individual reports of crime are not usefully tagged and categorized, and partly it is because staff cannot tell when they are double-counting multiple separate reports of the same crime.

The failure of Action Fraud illustrates why law enforcement agencies will never beat sophisticated high-tech criminals by employing sloppy low-tech clowns. The police needs useful intelligence about cybercrime in order to set the correct priorities and to train police officers appropriately. The UK has been hamstrung by an amateurish attitude to collating intelligence and investigating the methods used by modern criminals. Network-savvy fraudsters are far more capable than street thugs. The police need to raise their game accordingly.

The truth about the systematic failure of law enforcement in the UK, as epitomized by Action Fraud, has been glossed over by lazy journalists writing hyperbolic stories that are not worth the paper they are printed on. We should not distract from the lack of intelligence shown by bodies responsible for upholding the law by exaggerating how smart criminals are. Gathering and analyzing intelligence about technology crimes is a serious challenge that can only be overcome by intelligent, hard-working and dedicated professionals with a keen understanding of the domain. Let us hope the British authorities employ some intelligent people to do it this time.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.