Event summary: Lunchtime Briefing on Tackling Cyber Enabled Fraud, with Adrian Searle of the NECC
On 1 March 2023, techUK hosted a lunchtime briefing at the techUK offices with Adrian Searle, Director of the National Economic Crime Centre. The following is a summary of the discussion, which was held under Chatham House Rule.
Defining Cyber-enabled Fraud
One of the earliest and most important topics discussed was what constitutes cyber-enabled crime generally and fraud specifically.
The name ‘cyber-enabled’ was outlined as suggesting some kind of security breach in order to enable the fraud to occur. Terms such as ‘digitally-enabled fraud’ may provide more clarity in identifying what role digital technology plays in a particular crime.
Similarly, certain technologies were identified as being able to play multiple roles in a case of fraud. Cryptocurrency may be used by fraudsters to launder money, but may also be used as the hook to get victims to buy into a scam.
Reasons such as these were cited to highlight the need for a ‘kill chain’ for fraud, akin to the kill chain that exist for cybercrime. There would be value in looking for commonalities both between the fraud kill chain and the cybercrime kill chain and between various types of fraud, to identify places where crime can be stopped.
Collaboration between the NECC, Government and the tech sector
Collaboration was outlined as a crucial way forward for the NECC. This includes both collaboration with the tech sector and the NECC’s equivalents overseas. Without this, it will be impossible to fulfil the Home Office’s three pillars of security: empowering the public, preparing firms to be cybersecure, and working with industry to make technologies resistant to fraud.
Collaboration with industry was cited as a crucial way to identify the various stages on the fraud kill chain and target strategic points to prevent crime. The need for a more proactive approach from the ICO was taken alongside the need for industry to be proactive in dealing with threats. Collaboration was noted as essential for ensuring industry, the regulator and law enforcement know where to target preventative measures.
This joint work also involves the greater sharing of data, such as between police forces. This can prevent repeated investigations and ‘lesson-learning’, which allows advancements in fraud to be responded to more quickly. It was highlighted that ‘sucker lists’ of those likely to fall for scams, often those who have fallen for them before, were often used by fraudsters, and that data sharing could allow better protection of those vulnerable to crime.
With the NECC’s work together with the Home Office and the Public Sector Fraud Authority, collaboration between Law Enforcement and government was appreciated, alongside the need for greater industry collaboration.
Similarly, the ability to use the expertise of the sector was seen as crucial for keeping up with both the latest threats and for combatting these threats. Two examples cited were the usage of ‘digital DNA’ by banks to spot cases where people had been persuaded to withdraw money by fraudsters, and the need to keep up with the potential of generative AI for both fraudulent applications and identifying fraud.
The publication of the upcoming Cybersecurity Strategy will outline what further work the Government will do to combat cyber-enabled fraud, including how legislation may change to enable more effective data sharing.
While not able to help those who don’t want to be helped, the development of the tech sector’s capabilities to identify and combat cyber-enabled fraud will continue to protect potential victims.
techUK, as the tech trade association, is willing to facilitate further work between techUK members and the NECC to tackle cyber-enabled fraud, including hosting sessions in future. This can involve developing the fraud kill chain.
In light of the tech sector’s growing role in combatting online fraud, techUK is setting up an internal Fraud Working Group. To find out more about our work in this policy space or for members interested in joining the group, please get in touch with [email protected] and [email protected]