CTSI Blogs and Opinions
The scams emergency, and how we can all start fighting back
Simon Miller, Director of Policy and Communications at Stop Scams UK
You are sitting comfortably in your living room, when you suddenly receive a flurry of notifications from your bank. Thousands of pounds are inexplicably being transferred out of your savings, into several bank accounts you’ve never seen before. Your heart rate speeds up as it dawns on you. The person who just called from your bank’s fraud department, on a number that matched the one printed on the back of your card, who sent you security codes from an email address with your banks name in it, and directed you to enter your internet banking password into a website identical to the one you use everyday, was a scammer.
You might think that you would never fall for something like this. Perhaps you are of the generation that grew up digitally literate from the age of 10, or perhaps you work in the cyber security industry and are confident you know all the tricks of the trade. However, having exploded during the pandemic, scamming has become an industrialised business. Scammers utilise cutting edge technological and tools that can manipulate anyone and everyone, from your grandma to the IT person at work.
The sad proof is in the sad pudding. According to recent research from the ONS Crime Survey for England and Wales, fraud is now the most commonly experienced crime in the UK, costing the economy roughly £137 billion each year, while boasting some of the lowest prosecution rates to boot. By any metrics, the UK is in a scams emergency, that is doing irreparable damage to public trust in our financial services, and threatening the very foundations of our economy.
So how did it get this bad? From the outside, the meteoric rise in scams has left many feeling like government, industry and regulators are asleep at the wheel. While we all want to attribute blame, the truth is far more complex. Financial services firms stop a mammoth amount of fraud every year (1.4 billion in 2021). But competition and privacy law mean that wider anti-fraud efforts have historically been siloed, restricted to individual firms or sectors. Scammers on the other hand, hop freely between platforms, mobile networks and bank accounts, knowing that the lack of coordination between the services they abuse leaves their criminal trail of breadcrumbs undiscovered. Put simply, scams are evolving at a rate existing systems can’t keep up with.
A trusted space
Stop Scams UK was set up by businesses from across the telecoms, tech and banking sectors, who recognised a new approach was needed. Stop Scams UK offers a trusted space, where organisations built to compete with each other, can create solutions together. For the first time, firms from across three sectors brought their pieces of the puzzle to the table, building a fuller picture of the scams landscape, and finally started seeing what the scammers see. This group now includes 20 of the largest banks, tech companies and telcos in the UK, including Google, Meta, Lloyds, HSBC, BT and Three.
Since our launch we have been busy, launching a number of collaborative initiatives that are already helping turn the tide against the scammers. In late 2021 we launched 159, a short code phone service that connects consumers safely and securely with their bank should they receive an unexpected or suspicious call about a financial matter. If you have ever received a call from a scammer pretending to be from your bank, you will know that pressure is one of the most important weapons in their arsenal. They might pretend to be from the fraud department and make you feel like you are about to lose everything unless you give them access to your account. In the heat of all this, you are unlikely to think about hanging up and calling the long number on the back of your bank card, which in some cases the scammers have spoofed, so will be calling you from anyway. As a short code number 159 can never be spoofed, and provides a simple and memorable route back to safety if you are caught in the hot whips of panic. Over 275,000 calls have now been made to 159, and our hope is that it will soon be made a ‘type a’ number like 111 or 999.
We have also launched an ambitious program on data sharing. The rationale for data sharing is remarkably simple. To successfully follow the scammers’ trail of breadcrumbs, firms need to share information with each other. However, the same firms fiercely guard sensitive data for very good reasons, such as protecting their customers privacy and making sure they are complying with regulation and the law.
Last October we commissioned a report from the Royal United Services Institute, to drill down into the specific barriers to data sharing experienced across our membership, and suggest ways in which firms could safely and securely share data with one another to detect, identify and prevent fraud. Stop Scams UK is now building on RUSI’s recommendations to create a programme of work that unblocks cultural barriers to data sharing, by establishing pilots and building cross-sector knowledge and insight. We have now set off on a multi-phase programme to deliver cross-sector data sharing initiatives, that will enable data to flow faster and more efficiently across sectors. The scammers got out of the gate fast, but through enabling, leading, and delivering collaboration across industries we are catching up.
However, we know that completely eliminating scams is unrealistic. People will always commit crime, and no matter how robust our defences, scammers will always find ways to coerce others into giving them money. That’s why as well building technical solutions, we want to give you the tools to feel more in control when you receive a suspicious phone call. So the next time you pick up the phone to someone who walks and talks like your bank, take that breath, stop… hang up… and call 159.