On-line fraud: let’s shut the loopholes
The internet is a criminals paradise. A place where they pay no taxes, are subject to few laws, rob the public with almost impunity, and launder and store their money.
The government’s online security bill will not bring order to this outlawed area. It is likely to have limited impact on the crimes it seeks to stifle with layers of duties, codes of conduct, goals, and assessments.
The draft law is intended to give the regulatory authority Ofcom the power to regulate “certain Internet services”. The new law, the government said, will protect young people and curb racist abuse online. The press release states: “A milestone in the government’s fight for Internet security.”
Internet service providers are required to remove and limit the distribution of illegal or harmful content such as child sexual abuse, terrorist material and content about suicide. Fines of up to 10 percent of global sales can be imposed. It is also claimed that it will tackle user generated scams like romance scams through dating apps, which UK Finance says cost 3,000 net victims £ 13million in 2020.
But it is the loopholes in the bill that scare critics. Two years ago and one government, the Online Harms White Paper was published to promote the state’s intention to “create an Internet that is open and alive, but also protects its users from harm”.
After a long consultation, there is a draft law – the second after the first was lost when the parliamentary session ended on April 29th. Another two years could easily pass before these plans become laws in the virtual world. The elephant in the room could have had two calves during this time. And it’s the size of a mastodon.
It was supposed to be called online damage accounting, but the government was visibly tired of activists pointing out all of the online damage being left out. So it was transformed into the draft Online Security Act. But there is little security for adults or children from thieves.
Search the 59,553 words on the bill and you won’t find any “scam” or “money” or “steal” or “scam”. The only mention of the word “financial” – outside of the “fiscal year” – is only to exclude “financial impact” from the definition of content that is harmful to adults or children and causes them “adverse physical or psychological effects”.
This means that the consequences of losing your savings or in-game balances online are not “harmful” to you under this bill and therefore companies are under no obligation to protect you from them.
The Department of Digital, Culture, Media and Sports confirmed that the bill does not mention fraud or other specific criminal offenses. They are laid down in ordinances that are less subject to parliamentary scrutiny and can only be enacted after the final bill has been passed.
The DCMS also informed me that these clauses should deal with legal activities and not apply to illegal activities such as fraud. But the people behind numerous mini bond scams generally deny wrongdoing. Some have been arrested, fewer have been charged. Almost all of them were legal at the moment.
Criminals pay to take pole position in the race for customers so their ads are on top of the search. Google takes money for every click
I’ve written in FT Money about runaway scams in which thieves use psychological warfare to convince victims to participate in stealing their own money. UK Finance’s Fraud the Facts 2021 report found nearly 150,000 people lost £ 479 million using this technique. The first key to these crimes is social media and search engine ads. They attract people with promises of the best cash isas or investments that pay high returns. Criminals pay to take pole position in the race for customers so their ads are on top of the search. Google takes money for every click. And the more a company pays per click, the higher the search results. Customers who click are told they just need to fill in a few details to receive the Wealthy Keys brochure.
This data is the new gold. The streets of criminal harbors are paved with it – the information they need to make a phone call and offer “investments” in art, property, wine or whiskey. Or offer the security of companies that appear to be real but are in fact clones of real companies impersonating their style and name, stealing their Financial Conduct Authority registration number, and transferring money through lightly regulated payment institutions using the payee’s name to not confirm. If this bait isn’t taken, the thieves will call back using a fake number in a full-blown impersonation scam, using the data collected to reveal the brand they know so well from their bank or HM Revenue & Customs or the police. Then they rob them.
The mastodon-sized loophole in the bill is a mention of the scrutiny of these ads. Online businesses don’t need to check if a business is regulated or genuine before accepting the cash-per-click offer. The now-busted mini-bond firm London Capital & Finance reportedly spent £ 20m on Google ads, attracting many of the 11,625 investors who gave it £ 276m.
During the draft bill’s long lifespan, the government has been told several times by fraud experts that it needs to include controls on ads. They demanded that search engine and social media companies ensure that these ads are from real companies that have been verified against the Financial Conduct Authority’s registry for regulated companies.
The DCMS told the FT this week, “We will shortly consider whether tighter regulation of online advertising is also needed.”
Any regulation would be stricter than the current lack of controls. It would be difficult to force companies to turn off revenue from ads that were found to be part of a scam. It would be harder to punish them ten times as much. It might be difficult enough to hold directors criminally responsible for fraud committed from advertisements for which they accepted money to prevent it from happening.
The draft law now begins at least 12 weeks after the so-called “preliminary legislative examination” by the selection committee for culture, media and sport of the lower house. It will be 2022 before laws are passed, and it could be 2023 before they go into effect, enough time for criminals to find a way around them. One thing I’ve learned from years of reporting on scams is that the criminals are faster and smarter than the ones trying to stop them. With a gestation period of four years, they do not face much challenge.
Paul Lewis presents ‘Money Box’ on BBC Radio 4, which airs shortly after 12 noon on Saturdays, and has been a freelance financial journalist since 1987. Twitter: @paullewismoney