Fighting Fraud: How far we've come (Part I)

Two weeks ago UK Home Secretary Jack Straw launched the National Crime Squad's new National Hi-Tech Crime Unit in a blaze of publicity at London's Science Museum.

The aim of the new unit, according to its boss, Detective Superintendent Len Hynds, is to give the police the skill needed to deal with cybercrime.

On exactly the same day silicon.com launched its Fighting Fraud campaign. A more low-key affair with a simple aim - to bolster public confidence in ecommerce by exposing the fraudsters, who according to one survey leave such an impression on internet users that 95 per cent expect to become victims of online fraud.

To combat this perception, silicon.com just stated the obvious, namely that a UK version of the hugely successful Internet Fraud Complaints Center in the US should be set up.

The reasons for our campaign are as simple as its aim.

For one thing, the police are not that interested in internet fraud. Talk at the Science Museum launch was all about the recent decision to install black boxes at ISPs so the police can monitor emails. Much was made of money laundering and how the police should deal with high-tech drug dealing.

It was all high-profile stuff. When Straw was asked what this means to the man on the street he was temporarily lost for words. It was some minutes later and after much whispering that the Home Secretary announced that the police would organise all of the UK's computer crime units so they could report all computer crime centrally.

It's not something the officers working in the new state of the art crime squad may want to hear. The simple truth is that the police want to prosecute criminals and, under-resourced as they are, do not have the time or need the headache of collating crime statistics.

On the same day, Kevin Sartain, a silicon.com reader, tried to report that he had been contacted, via the web, by the Nigerian 419 fraud group.

He told us: "Their response astounded me. They were not interested at all, saying basically it's not worth their while."

For other groups there is even less incentive to report crime to the police.

According to Chris Potter, a partner dealing with ebusiness security for PricewaterhouseCoopers, around 20 to 25 per cent of online transactions are fraudulent.

Of those, around half involve frauds relating to adult sites and are crimes unlikely to be reported to the police, although still a statistic worth recording.

The present lack of a UK fraud reporting centre means that many are writing off to experience losses caused by auction site fraud or associated crime. Meanwhile, those stung in an investment fraud seldom report it to the police, scared of being seen as stupid or because they may have to disclose where the money came from, according to John Merrett of the International Chamber of Commerce's Cybercrime Unit.

The view of the police from the computing industry is not much more encouraging. Efforts to monitor email are causing deep concern to both business and the public, and the growth of the private computer security industry is proof of the level of distrust that exists between the police and both the computing and financial industries.

What's the answer?

An independent computer crime reporting centre makes sense for the industry and it makes sense for the police. It would free them of the chore of collecting the data, while leaving them free to analyse it.

As in the US model, it would pass onto the police and relevant authorities the offences that concern them and hold the rest of the data to aid understanding. Such a centre would also be in a position to swap data easily with other crime recording sites around the globe, without the need for the ponderous bureaucracy common to similar police initiatives.

To paraphrase Tony Blair: if you want to be tough on crime then you have to be tough on the reporting of crime.