This month, IASME is launching a brand new Counter Fraud Fundamentals scheme which has been developed in partnership with The Open Banking Implementation Entity. Aimed at raising the standard of counter fraud best practices across the spectrum in the banking, payment services and other financial and retail sectors, the new certification will help protect and prepare a wide range of companies. The Counter Fraud Fundamentals scheme will help provide customers and those within their supply chains with the assurance that the most important measures are in place to prevent fraud and protect their information.
Joining IASME as head of the new Counter Fraud Fundamentals Scheme is Craig Wooldridge who comes from a 28 year career in the police service, 17 of those years working in counter fraud. Craig has worked in the Economic Crime Unit, the Regional Organised Crime Unit and the National Intelligence Fraud Bureau.
Welcome Craig, can you tell us why we need a counter fraud scheme?
According to the National Crime Agency, fraud is the most commonly experienced crime in the UK and is a growing crime globally. Local bank branches are closing and being replaced with an almost total digitalisation of the banking sector, and in retail, it is a similar story, with more transactions than ever occurring online. Figures from 2019 estimate that around 20% of all sales are made online and figures from 2020 suggest that UK online sales reached over 100 billion pounds. New technologies, changing behaviours and a shift in business – consumer relationship, are all creating new fraud risks. The Financial Cost of Fraud Report 2019 developed by Crowe UK and Portsmouth University estimated fraud losses in the UK to be £130 billion each year. It also reported that global fraud losses have risen by 56% in the last decade.
The Counter Fraud Fundamentals scheme arrives in a timely manner to address many of the basics that will make a big difference in the fight against this rising crime. The scheme operates as a verified self-assessment which has been assembled by experts in counter fraud. This is a way for every company, no matter how new or how small, to check that their organisation is putting the right protection in place to protect themselves and their customers. The certification is a badge of honour to show that a business is abiding by counter fraud rules and managing their company within the guidelines of the assessment. It will act as a trust mark for their customers and give them confidence that they are protected in line with established best practice, while banking or using a financial service.
Can you tell us about your experience working within counter fraud?
I became a police officer when I was 29 years old for West Midlands Police. While playing football for Coventry Police, I suffered a bad injury that affected my mobility and caused me to be sent for light duties, which meant being posted to a fraud enquiry, within Coventry CID. The case involved a secretary diverting school funds to the value of £140,000 into her own bank account. I successfully got a conviction at Crown Court, and it was from there that I started a Police career in fraud.
After that case, I went to work at the Major Fraud Unit within West Midlands Police in Birmingham City Centre where I worked in cheque, credit card and debit card investigations, leading to an APACS accreditation in ‘police credit card examination’ and I was used as an expert witness in court. I investigated all kinds of fraud as a detective within the newly formed Economic Crime Unit, (formally known as the Major Fraud Unit.)
I then became a Financial Intelligence Officer for the Economic Crime Unit, looking at the intelligence coming in about Organised Crime Groups and leading to the recovery of their illegally gained assets through the Regional Asset Recovery team (RART). Following that, I went to City of London Police for just over a year on the National Fraud Intelligence Bureau as a Regional Intelligence Officer covering West Mids, Staffs, Warwickshire and West Mercia. When it was disbanded, I came back to be the Financial Intelligence Officer at the Regional Organised Crime Unit of the West Midlands where I stayed until my retirement in 2018.
Let’s start with the basics, what is fraud?
In law, fraud is the intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud involves deceit with the intention to illegally or unethically gain at the expense of another.
The Fraud Act came into force on the 15th January 2006 and replaced the eight deception offences contained within the Theft Act 1968 and 1978.
Organisations can experience fraud from many angles, a third party using stolen customer credentials, from their own customers, suppliers or an insider working within the company. I will attempt to describe how the crime of fraud manifests while referencing the relevant subsections of the Fraud Act with real life examples (names have been changed).
Section 1 of the Fraud Act establishes a new general offence of fraud, which can be committed in three ways:
Fraud by false representation (S.2)
In fraudulent misrepresentation, a party or person makes a false claim regarding a contract or transaction but knows it isn’t true.
Ms P uses a stolen credit or debit card, where she is misrepresenting its true owner. This section also covers Mr K who sends out phishing emails which deceive people into revealing their personal details.
Fraud by failing to disclose information (S.3)
A person is in breach of this section of the Act if they dishonestly fail to disclose to another person information which he is under a legal duty to disclose and he intends thereby to make a gain for himself or cause a loss, or risk of loss, to another.
Mr A’s car has been modified to make it go much faster, the engine size is now 2000cc, Mr A needs insurance but knows this size engine will cost him an extra £500 on his insurance, therefore Mr A submits his form to get insurance for the vehicle telling the insurance company the engine size is the original size of 1100cc, and he therefore makes a “dishonest gain”.
Fraud by abuse of position (S.4)
This is committed by a person who occupies a post in which he or she is expected to safeguard (or not act against) the financial interests of another but then dishonestly abuses that position, intending to make a gain for him or herself or to cause loss, or risk of loss, to another.
The case I mentioned regarding the independent school’s secretary is an example of this. Mrs B was the sole secretary for the school, who was trusted by the headmaster and the school board to collect all monetary fees that came into the school, including school fees, charity money and monies for school trips etc. She abused that position of trust by writing out cheques from the school chequebooks into her own private bank account, and covered her tracks by falsifying the cheque books and accounts. These acts caused loss not only to the school, parents and teacher but to financial institutions and insurance companies.
The above offences can carry a maximum sentence of 10 years
Other offences that can affect financial institutions are:
Possession of articles for use in fraud (Section 6)
A person is guilty of this if he has in his possession or under his control any article for use in connection with any fraud.
Police Officers raid a suspected ‘Credit Card Factory’ contained within Mr G’s bedroom. On arrest, Mr G is searched and an officer recovers a list of 200 credit card numbers. An investigation finds these numbers are those of genuine account holders who have reported their cards either stolen or their details compromised from online transactions. Their fraudulent use would cause a huge loss to banks, building societies and financial institutions from which they came.
Making or supplying articles for use in frauds (Section 7)
A person is guilty of this if he makes, adapts, supplies or offers to supply any article knowing it is designed or adapted for the use in fraud.
As above, when Mr G was arrested, the bedroom was searched. An officer recovers thousands of white plastic cards, a skimming machine used to put data onto a credit card, an embossing machine used to emboss credit card numbers and names onto a card, and a computer containing templates to make credit cards. All of these are part of a illegal credit card factory used to make counterfeit cards.
Participation by sole trader in fraudulent business (Section 9)
A person is guilty of participation by a sole trader in fraudulent business if they knowingly being party to the carrying on of a company business or intend to defraud creditors or for any other fraudulent purpose.
A carpentry business has hardly any money in its accounts but carries on trading with all of its suppliers of timber so they can make bespoke furniture. The owners of the business are well aware of their financial predicament but carry on trading, knowing there is no realistic prospect that those creditors (suppliers) would ever be paid.
A business sets out from the start to be run for a fraudulent purpose, this might include, ‘rogue traders’. An example is a roofing business who regularly overcharge their customer for incomplete work that they have no intention of completing.
Obtaining services dishonestly (Section 11)
A person is guilty of this offence if they obtain services for himself or another by doing a dishonest act and they do not intend to pay for such services.
Miss N obtains a loan from an online financial service, but she has no intention of ever paying that loan back, likewise, Ms N takes out a store card with a credit limit of £1000, she does this in store, and immediately spends most of the credit she has been given, but she has no intention of ever paying that debt back.
Can you tell us more about counter fraud, what does it involve?
Counter fraud describes the measures taken to prevent, detect or respond to fraud.
The counter fraud experts that put together our counter fraud fundamentals self-assessment questionnaire have identified a framework which includes a number of recommended policies and procedures that a bank, a financial services provider or anyone involved with financial transactions need to put in place as a minimum to counter fraud. These recommendations have a focus on oversight and control, protection and detection, response and recovery and the data management and analytics of businesses.
Looking ahead, what do you anticipate being the biggest counter fraud challenges in the next few years?
Who, when asked that question last year, would have anticipated a global pandemic which changed the digital world and introduced multiple new attack vectors for fraud in less than a year?
Change always gives fraudsters new opportunities, whether that be through social engineering scams, preying on disadvantaged and vulnerable people, or taking advantage of the use of new devices and new online platforms.
Businesses are now competing in an exclusively online environment to attract new customers, get them onboard and retain them. Amidst that attractive, user friendly, process of opening a new bank account, creating a new gaming or gambling account or buying a new phone, is the huge challenge of mitigating fraud. Balancing out the security challenges of online services with customer experience is an evolving landscape and will hopefully drive companies to really think about these problems and to innovate solutions.
I would encourage businesses to ask themselves, ‘what is it about my service or feature that criminals could make money from? How can I prevent that from being a profitable attack vector?’
For more information on the IASME Counter Fraud Fundamentals scheme, contact [email protected]