UK’s Open Door to Telecoms Fraud; Freedom of Information Update

Here’s a quick recap for new readers.  Global telecoms crime is worth USD 38 billion. Money is being laundered and terrorists are being financed. Despite their hard work, the TelCos haven’t been unable to make a significant impact and international frauds continue unchecked. The TelCos agree that crime would be reduced if payment didn’t reach the fraudsters – but, after years of discussion, still can’t agree how to block those payments.

Because the money being made from telecoms crime is subject to seizure the same as any other crime, one answer is to use money laundering legislation – in UK that’s POCA (the Proceeds of Crime Act 2002).  Delegates at the RAG Summer Conference were able to estimate the scale of telecoms crime, but nobody knew how much gets seized as proceeds of crime.

Show me the money!

To answer that question, I raised Freedom of Information requests; one to Action Fraud to establish the volume and value of reported telecoms crime and one to the Crown Prosecution Service (CPS) to establish the volume of telecoms crime prosecutions.

Action Fraud response

Action Fraud was asked to provide data for the years 2013, 2014 and 2015, in relation to the telecoms categories in their own fraud classification:

a) the number of crimes reported under NFIB7 Telecoms Industry Fraud (Misuse of Contracts)

b) the value of crimes reported under NFIB7

c) the number of crimes reported under NFIB52D Computer Hacking – PBX/Dial Through

d) the value of crimes reported under NFIB52D

Action Fraud Reports under:201320142015
NFIB7 (Misuse of Contracts) number of reports599256641011
NFIB7 (Misuse of Contracts) value of reports£3,931,644£4,958,218£1,014,163
NFIB52D – PBX/Dial Through number of reports384247158
NFIB52D – PBX/Dial Through value of reports£5,457,050£4,868,692£2,071,520

Ref NFIB 7 – Action Fraud found several misclassified reports within this category.  Since it would take 10 weeks to read every report, only losses exceeding £500,000 were checked.

CPS response

The CPS was asked to provide data for the years 2013, 2014 and 2015, in relation to:

a) the number of prosecutions brought under the Communications Act 2003 section 125

b) the sum of the related dishonest benefit

c) the value of Proceeds of Crime Act (POCA) confiscation orders made in these case

d) the value of any related POCA recoveries

And since CPS charging advice also provides for prosecutions to be brought under the Fraud Act 2006 section 11, or the Computer Misuse Act 1990 section 1, my request included data for prosecutions brought under these Acts and sections where they relate to the provision of telecommunication services.

The response to a) is shown in this table:

Prosecutions under:201320142015
Communications Act 2003 s1253102
Computer Misuse Act 1990 s1141105148
Fraud Act 2006 s11265247158

However, when I checked with the CPS it turned out that none of the Computer Misuse or Fraud Act prosecutions are telecoms related.  So the answers are:

a) prosecutions brought under the Communications Act 2003 section 125 15

b) the sum of the related dishonest benefit £14,179.77

c) value of Proceeds of Crime Act (POCA) confiscation orders nil

d) value of POCA recoveriesnil

Telecoms crime summary

Let’s put all the pieces together.  At RAG’s Summer 2016 event, delegates were polled on the value of UK telecoms fraud:

rag-poca-survey

Based on the responses, I’ve used a fraud figure of £75 million per annum.  Working from that number and the Freedom of Information data above, we can sum up UK’s approach to Telecoms Crime in just 4 lines:

Estimated UK Telecoms Fraud 2013-2015£225 million
Value Reported to Action Fraud:£22 million
Value Prosecuted:£14,179.77
% Reported Fraud Prosecuted (by value)0.064%

 
Does that data suggest UK is dealing with Telecoms Crime?
 

How did we get here?

In my opinion, the situation results from a ‘catch 22’ scenario:

arrow-circle-3The Home Office hasn’t paid telecoms fraud much attention because there’s no data to show it’s a problem.

The Police don’t allocate resources because, a) the Home Office doesn’t think it’s a problem and, b) the Home Office doesn’t measure Police performance on telecoms crime.

The TelCos don’t get much assistance because the Police aren’t measured on telecoms crime.  Because telecoms crime doesn’t get investigated, the TelCos don’t bother reporting it and the Home Office remains unaware of the issue. And so on.

As always, the full explanation is more complicated, but that’s the core of the issue.

Where do we go next?

There is light on the horizon.  As a result of the RAG campaign, and the FoI requests, the Home Office is now aware of the scale of telecoms fraud.  Also, recent discussions with Action Fraud have resulted in an offer to meet with industry representatives to establish a common understanding of the issues – watch this space.

And on POCA?

The absence of POCA proceeding in telecoms made me wonder how it’s used in other industries so I’ve requested the Home Office to provide data.  In particular, for the years 2013, 2014 and 2015:

  • the number of civil recovery proceedings initiated
  • the value of civil recovery proceedings initiated
  • the value of unlawful property forfeit.

The response is due soon and will be published here and via the RAG website.  Please feel free to contact me with any questions.

David Morrow
David Morrow

Dave has 35 years of law enforcement, investigation and fraud management experience including multiple international assignments. He is a recognised telecoms fraud expert and for a number of years chaired the GSMA workgroup responsible for Security & Fraud Risk Assessments.

Dave now provides fraud management support as an independent consultant.

Related Articles

6 COMMENTS

  1. Hi David,
    Very interesting article.
    I was wondering though can this turn out to be a can of worms? Is there a legal basis in the UK for a telecom operator to investigate potential telecom fraud cases to begin with? Access to that level of info and metadata should not be subject to oversight by law enforcement/judge and most importantly, a warrant?
    Isn’t this a double edged sword when the more standardization is applied to telecom fraud the more scrutiny it will bring to something that for the most part remains a pretty opaque process (the investigation itself).
    Curious to hear your point of view on this

    Akrittok

    • Hi Akrittok, and thanks for your questions.

      Investigating telecoms fraud hasn’t been a deterrent so I’m proposing that we don’t investigate – we stop the money flow so there is no incentive for the criminals and, consequently no fraud and therefore no need for expensive, inefficient investigations. Where we haven’t been able to stop the money but we know where it went, we use civil powers to freeze and recover it.

      In answer to your question, yes, it is legal for an operator to investigate telecoms fraud in UK; its the same in many countries. Those investigations may not be subject to law enforcement/legal oversight but they are required to comply with all relevant laws and privacy regulations and may be subject to prosecution if those laws/regulations are broken. I think that more official scrutiny of telecoms fraud can only be a good thing – the authorities won’t act until they realise the scale of organised crime in telecoms.

      • Hi, thanks for the answer.
        Perhaps I misunderstood the whole point – to stop payments from reaching the fraudsters one needs first to identify who the fraudsters are and for that one needs to do an investigation?

        Thanks for confirming that there is a legal basis for the investigations, I was not aware of this. From my knowledge, most operators use a brute force approach when analyzing fraudulent behavior. If police were involved, their capabilities would be severely diminished compared to what I’ve seen operators do, most probably they would need a warrant for every piece of information they obtain, nevermind being able to cross check that with other suspects. I was also thinking that perhaps a lot of the “evidence” that telco operators may obtain during an investigation would not hold up in court since it would not have been obtained through legal channels. Thanks again for your insight.

        best regards,
        akrittok

        • Hi Akrittok, the approach I’m proposing doesn’t identify the fraudsters, just their fraudulent calls. If a court decides the evidence shows those calls are fraudulent then payments in relation to those calls are proceeds of crime and can be frozen by the court. I dont care who the fraudsters are – I just want to detect their frauds and use the evidence to have any payments frozen; no investigation required.

          Hope that helps,

          Regards
          David

  2. Solve most toll fraud on the outbound side (B party) by autoblocking fraud calls in real time using TollShield. This undermines the fraudsters ‘revenue’ model – they make zero money as calls cannot proceed. AI and machine learning algorithms ‘pre-authenticate’ all SIP calls at the network edge. See http://www.tollshield.com for more info.

    • Good work ‘Jerry’, a.k.a. @disqus_rFQzYggFU1. Was your objective to trash the reputation of TollShield by abusing the comments system to leave a wanky spam advert on the one website where real telecoms risk professionals routinely castigate shitbag vendors? If so, you just nailed it. Your comment will remain in glorious public view as documentary evidence that TollShield is run by greedy cretins who are too stupid and/or lazy to check out a website before they spunk their unwelcome advert across it. And this comment will remain in public view to encourage readers to laugh at your expense.

Comments are closed.

Get Our Weekly Newsletter by Email