UK Banks May Be Underreporting Cyber Fraud

Roughly 80 percent of online crime in the U.K. goes unreported, and only about 4 percent gets an adequate police response –in part because banks would rather close their eyes to the problem, City of London Police Commissioner Adrian Leppard has confirmed.

The gap between the level of cybercrime and effective police work is partly a matter of police training, but “primarily because banks are happy to write off incidents as costs, thereby costing the consumer collectively and funding ongoing cyber-criminality,” Leppard told an audience at the techUK conference for IT vendors, according to Finextra.

That unwillingness to report cybercrimes makes it harder for police and government officials to get an accurate picture of the threat to the national economy — and to get necessary resources for the police, Leppard said, adding that cybercrime’s scale in the U.K. may have surpassed that of illegal drugs.

Leppard’s data came from the City of London Police, the special police force for the 1.1-square-mile area that serves as London’s financial district. That force also leads the U.K.’s national response to economic crime. (The rest of London is under the jurisdiction of the Metropolitan Police Service.)

Last November, University of Cambridge researcher Richard Clayton told a government committee that, according to bank insiders, actual fraud losses at banks are double the numbers publicly reported.

Leppard said that cybercrooks have become increasingly sophisticated, using “spear-phishing” and installing malware, but not always needing those forms of attack because it’s increasingly easy to buy hacking services on anonymous websites, which are often overseas, out of the reach of U.K. law enforcement, Computerworld UK reported.

And while 80 percent of cybercrime goes unreported by banks, only one-fifth of the remaining 20 percent — or about 4 percent — get an adequate law-enforcement response, due to a lack of the necessary skills, he said. For example, while the College of Policing now has learning modules for cyberskills, only 2 percent of U.K. police have taken the training.

Leppard told the techUK audience that the problem calls for a different mindset, in which prevention and victim support get priority and both banks and police accept that prosecution isn’t feasible in many cases, instead of the traditional police approach of fully understanding the problem before dealing with it.

Whether that works or not, U.K. cybercrime victims — and retailers in particular — certainly need help. In January the British Retail Consortium reported that fraud against retailers, including payment card fraud, was up 12 percent from the prior year.