British Policing Faces The Future

The UK Police is struggling to cope in the face of changing and rising crimes, as a result of falling staff numbers, outdated technology, and fragmented leadership. There has been a 27% increase in crime in the last eight years in the UK. 

The UK House of Commons Home Affairs Committee has also just released their Policing for the Future report which was published on 22nd October and is about the changing trends in crime and policing and the overarching problems facing the police service in England and Wales. 

The main issues raised are funding and investment and that there are three specific areas of growing pressure on policing, online fraud, child sexual abuse, and safeguarding vulnerable people. 

The use of internet-enabled smartphones and tablets has increased drastically during the last decade, and data suggests that 86% of people go online “daily or almost daily” in 2018, compared with 35% in 2006.

Unsurprisingly, this explosion in internet use has been accompanied by an upsurge in online crime, including fraud. 

Earlier this year, it was reported that victims of online fraud are turning to private investigators, due to dissatisfaction with the police response. This report explores the police response to fraud, particularly online, including key trends in offending, the role of Action Fraud, the quality of the police response, capacity and structural issues, and the role of industry. 

Cyber skills and training are also crucial issues that are reported.

Prevalence and trends

The Office for National Statistics (ONS) estimates that there were 3.2 million fraud offences in the year ending March 2018, including 1.7 million cyber-related offences (54% of the total). 

Based on these figures, approximately one in six offences are incidents of online fraud, and fraud (more broadly) is now the most commonly-experienced crime, accounting for 42% of all estimated offences. 

New questions on fraud and computer misuse were only added to the Crime Survey for England and Wales in October 2015, so long-term trends are difficult to assess, although City of London Police (the national lead force on fraud) have said that “Fraud and cyber-crime have grown exponentially”.

The latest annual fraud indicator estimated that fraud costs the UK £190 billion per year, including £134 million from online banking fraud and £568 million from plastic card fraud. 

Action Fraud

Action Fraud is run by the City of London Police, although the contact centre is contracted out, and it works alongside the National Fraud Intelligence Bureau (NFIB). 

Action Fraud has repeatedly attracted negative press attention, after a series of administrative problems and reports of poor service. It was reportedly forced to apologise to almost 2,500 people in 2013, after their crime reports went missing due to an IT error.

Recently Action Fraud has undergone reform, with £35 millions of government funding spent on improvements to the helpline and website, including a new online reporting tool. 

Since October 2016, the call centre has been available 24/7 and the Home Office has invested £5.5 million in a new IT system for Action Fraud and the NFIB. Nevertheless, The Times reported in May 2018 that only cases involving losses of over £100,000 are being passed to a human investigator, with others being “dismissed by a computer algorithm as unworthy of investigation”. 

In August this year, it was reported that Action Fraud only picks up two-thirds of phone calls, with an average wait of 11 minutes and 8 seconds.

The force argued: “The volume of fraud means that investigative resources need to be prioritised towards the most harmful and organised frauds and, where offenders cannot be identified or offenders are based outside the UK, criminal justice outcomes are not always achievable”. 

Giving evidence to us, Temporary Commander Dave Clark, then the national lead officer for online fraud, emphasised that “Action Fraud does not investigate anything. [It] is simply a call centre and an online reporting facility”.

Cases are sent to the force where there are relevant lines of inquiry, such as a local bank account, postal address, internet address or telephone number, rather than where the victim is based, if the crime crosses force boundaries.

Overseas offenders account for a substantial proportion of offences, with approximately 14,000 criminals identified outside the UK in 2017. Organised criminal groups also play a prominent role: last year, for example, Europol disrupted a group which stole more than 8 million euros from over 130,000 payment card holders in 29 EU countries.83

Criticism of the Police Response

A series of reports have been highly critical of the police response to online fraud. A 2015 study of digital crime by HMIC, covering six out of the 43 forces, found “very few police officers and staff who understood either their own roles and responsibilities or those of their force in relation to the investigation of fraud.” 

HMIC found a particularly poor level of knowledge, at all ranks, of the functions of Action Fraud and the NFIB. It also criticised an “absence of strategic leadership and direction” on digital crime in all but one of the forces examined. 

The Public Accounts Committee (PAC) subsequently said that the Home Office “must prioritise efforts to improve the collection and reporting of data on fraud”, and called for the department to work with the City of London Police to establish “opportunities to identify, develop and share good practice in a more systematic way”.

Case Outcomes

Action Fraud received over 23,000 crime reports per month, on average, during 2016/17; in the same reporting year, 71,133 cases were disseminated to forces, and there were 37,632 “Home Office outcomes”–this includes judicial (8,214) and non-judicial (29,245) outcomes. 

The latter category can include failure to identify a suspect and a determination that prosecution would not be in the public interest, among other outcomes. These figures suggest that little more than one in five (22%) recorded outcomes involved charges or summons, and that as little as 3% of cases reported to Action Fraud may result in charges or summons. 

A report published by the Home Office in June examined the causes of attrition in fraud and cybercrime cases. It concluded that a number of factors contributed to cases being dropped after referral to forces, including confusion in police forces about who is responsible for investigating these crimes; the sheer number of cases disseminated, “and the risk that there are so many crimes they are unmanageable for forces”; a lack of recording of non-judicial outcomes; and a lack of clarity regarding inter-force cooperation, when cases cross force boundaries.

The proportion of fraud cases being investigated is shockingly low, in the context of 1.7 million offences per year and substantial costs to the UK economy, as well as to individual victims. 

The private sector could do much more to reduce the demand on policing from online fraud. This problem can only be addressed effectively with a whole-system approach, including by regulatory reform, if necessary, to force companies to be ‘secure by design’. 

Key private sector companies, those whose customers create the most substantial workload for the police and NCA, should also employ analysts internally to facilitate evidence-gathering by law enforcement agencies. 
If industry partners will not do so voluntarily, the Government should consider imposing statutory requirements on companies to cooperate with law enforcement agencies.

At force-level, there is a clear need to upskill the existing workforce and bring in more staff and officers with advanced cyber skills. 

Parliament.uk:

You Might Also Read:

Machine Learning Algorithms & Police Decision-Making

UK Victims Lose £28m To Cybercrime In 6 Months

« The Pentagon Prepares A Cyber-Attack On Russia
Social Media Companies Scan For Potential Terrorists »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Insta Group

Insta Group

Insta are a trusted cyber security partner for security-critical companies and organizations.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Centroid

Centroid

Centroid is a cloud services and technology company that provides Oracle enterprise workload consulting and managed services across Oracle, Azure, Amazon, Google, and private cloud.

Wib

Wib

Wib is an API security leader. We are the only company providing a solution for the entire API development lifecycle.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.