This article was originally published in Fraud Intelligence Magazine in March 2024.
Scammers leave their footprint across the various infrastructure channels that are necessary to perpetrate their scheme. So, how can we piece together information about their trail, to stop fraudsters in their tracks?
The fraud prevention jigsaw
By Mark Tierney, CEO Stop Scams
Imagine the scene.
It’s another rainy evening and after exhausting your options on Netflix, it’s finally time to bring out that jigsaw puzzle you’ve been meaning to crack on with. After convincing the rest of the family to put down their devices and drag themselves to the table, you divide the puzzle pieces up so that everyone can get involved.
Each of you begins to lay your pieces out and starts to get a picture of what you’re putting together. Fighting scams is a similar challenge. Each person holds different pieces. The problem is that you’re not all sitting around the same table. Without effective data-sharing, the full picture of who knows what about what has happened in a scam and who holds which pieces of the puzzle is almost impossible to ascertain.
Fraud accounts for nearly 40 per cent of all crime in the United Kingdom and is responsible for inflicting a financial and emotional toll on the public. While scammers come up with new and devious ways to reach their goals, businesses are often unable to see the whole picture, left looking for the jigsaw pieces they don’t own. But what if there was a way we could change all this?
As fraudsters lead their victim across the different channels in search of payment, they leave a footprint
At Stop Scams UK, we work with members from the banking, technology and telecommunications sectors, which allows us to enjoy an observatory-like position when it comes to assessing the power of data-sharing. For a scam to be successful, it will touch on at least two, if not each of the banking, technology and telecoms sectors. As fraudsters lead their victim across the different channels in search of payment, they leave a footprint.
‘Whack-a-mole’ approach
The problem is that a bank might only be able to see the toes, the tech company might have a heel print and the telecoms entity the shoe size. Stopping scams at source requires accurate and up-to-date information about which scams are targeting consumers.
Fraud is a cross-platform problem and only by sharing intelligence can we provide a better picture of what is really going on. What we have tried to do through our ambitious programme of pilots is allow our members to share information with each other across the boundaries of their respective sectors. This has helped us, and our members, learn what works and what is required to share data more effectively across industries and potentially with law enforcement. This cross-sector collaborative process has given us a better understanding of the systems and tools that can be employed to prevent scams.
Support for data-sharing has gained traction in recent years. The UK Government Fraud Strategy published last year [2023] identified data-sharing as a key tool in the fight against fraud, with the House of Lords Fraud Act 2006 and Digital Fraud Committee calling it “a critical component of the counter-fraud effort [which]… must proactively be encouraged by regulators and legislation”. On the surface, the idea of sharing data to thwart scammers and protect consumers appears obvious.
By using a collaborative approach across sectors, we can harness data to gain insight into the way scammers operate and exploit consumers. We can also move away from what often seems like a ‘whack-a-mole’ approach, shutting down problems as they arise, to a systematic one that traces and blocks harm at source. For example, banks have told us they would like to share email addresses of known money mules with technology firms and social media platforms to help them better understand mule behaviour and networks. This, in turn, could lead to the real source of this problem: mule herders.
Stop Scams UK worked with the Royal United Services Institute (RUSI), in 2022, to understand our members’ views on how data-sharing might help. They told us that industry should first focus on prevention: sharing data that helps to prevent a fraud or scam happening in the first place. This will disrupt the criminals’ business model. This data may be a flag or signal that indicates that a specific fraud is likely to take place, such as criminals intending to use an account for a mule payment; or, at a broader level, data that might indicate a consumer vulnerability, such as a privacy breach. This would allow organisations to ensure processes are put in place to try to prevent an individual from being scammed. We will initially build a flow of data-sharing by exchanging discrete data points, so that trust and confidence can be built up between organisations and sectors – trust in each other, as well as confidence in the impact.
Small-scale initiatives lead to big ones: they provide insight and learning to allow scaling-up. We are undertaking these pilot exercises in a programmatic way, helping set up processes that can be built on over time. One way we have realised this has been through our Scam Intelligence pilot – a collaborative project that could prevent millions of pounds from falling into the hands of fraudsters.
In the summer of 2023, we began conversations with scammers by responding to suspected scam text messages that had been shared with us by our telco members. From here our members were able to identify phone numbers and bank accounts used for scams – allowing them to investigate and take appropriate action. The results were highly compelling – with thousands of new and actionable pieces of intelligence delivered from the small-scale pilot alone. We’re now working to scale and automate the initiative, setting it up for a long-term and sustainable future.
FIRE
Another example is a project that Meta is championing through Stop Scams UK, called FIRE (Fraud Intelligence Reciprocal Exchange). Meta is trialling this initiative uniquely in the UK. Working alongside fellow Stop Scams UK members, Meta is testing a new approach to exchanging actionable information about fraud and scams. This will be a game-changer, enabling reporting of fraudulent activity both to platforms and to banks, and in helping protect consumers.
So, if data-sharing can stop scams at source, give us a better understanding of scam tactics employed by criminals, and help law enforcement in their battle against criminals, why has it taken so long to get off the ground?
One of the largest concerns for businesses is data protection and legal risk. Complex guidelines and processes around privacy law have made it difficult for companies to develop processes for sharing data for the purpose of stopping fraud. Our research indicates that risk of regulatory intervention, and a real or perceived lack of clarity on what is allowed under the law, stifles initiative. This murkiness could be cleared up if the Government provided increased legal certainty. The new Data Protection and Digital Information Bill could set out more clearly how personal data may be shared for the purposes of detecting, investigating and prevention of fraud.
In addition, the Information Commissioner’s Office (ICO) could offer new regulatory guidance. Such a move would enable companies that are cautious to be more confident in their ability to share data, while making appropriate provisions to protect privacy. Other concerns include the cost of setting up such data-sharing systems and processes to act on new intelligence, while businesses are also understandably cautious over how their data may be used by competitors or even sold on.
But initiatives around the world and outside the sphere of banking illustrate how shared databases can prove successful. Examples include those set up to tackle Child Sexual Abuse Material (CSAM) through the United States National Centre of Missing and Exploited Children (NCMEC) and the Global Internet Forum to Counter Terrorism (GFICT), which monitors information promoting terrorism online. Such collaborative efforts show what can be achieved when government, industry, civil society and regulators come together, and all put information into and draw it from a central pot.
Data-sharing is likely to be a central focus of efforts to draw stakeholders closer together to fight fraud on an international basis. In March 2024, fulfilling a key pledge from 2023’s Fraud Strategy, the UK Government invited representatives from law enforcement, government, industry and civil society to a Global Fraud Summit at London’s Lancaster House. Our members will take insights from that meeting forward. Collectively we need to set out what has to happen internationally.
At Stop Scams UK, banking, telecoms and tech firms are working together on tangible collaborations to stop scams; and the impact is becoming ever clearer
How can the collaboration already underway in pockets around the world, including in the United Kingdom by Stop Scams UK members, be better aligned for even greater impact in the fight against scams?
We are taking steps to enable the three different sectors to share data and enhance their chances of tackling fraud. But we need to do much more to understand just what data is held by whom and have the ambition to move from small-scale pilots to a position where we are exchanging large numbers of data points in real-time, 24 hours, globally, to supercharge prevention efforts and protect consumers and businesses around the world. News articles may give the public the impression of the banking and tech sectors being at loggerheads. We believe otherwise: at Stop Scams UK, banking, telecoms and tech firms are working together on tangible collaborations to stop scams; and the impact is becoming ever clearer.
As we scale up our projects in tandem with our members and working with both government and regulators, collaboration is crucial. It’s only by joining together that we can really begin to piece the jigsaw together and protect the public.
