Get documents about "SOCA ALERT
Document Sample
NOT PROTECTIVELY MARKED
SOCA ALERT
Alert A0A319N
National Future Fraud Assessment
This Amber Alert is issued by the Industry Exchange and Alerts Branch
of the Serious Organised Crime Agency (SOCA). It is based on
assessed intelligence and warns of dangers and threats from serious
organised criminality. It is devised with the aim of bringing about
preventative or remedial action. We recommend you use this Alert to
complement existing knowledge and support ongoing improvements to
your business processes and procedures.
This Alert is marked NOT PROTECTIVELY MARKED. 1
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
July 2010
National Future Fraud Assessment
Overview
The National Fraud Authority, working with public and private sector partners, has
developed a Horizon Scanning document covering the key future fraud threats over the
next three to five years. This Not Protectively Marked version of the assessment
examines a wide range of issues, from social to technological, and provides a high
level view of what trends might emerge as far as 2015.
What we would like you to do
On behalf of the National Fraud Authority and Working Group members, please use
this document to raise awareness of these potential fraud threats to your business. It
may also help inform your risk management or provide the basis for future talking
points concerning your business’ fraud prevention strategy.
The Alerts process is the way in which SOCA provides information to the private
sector. To help us to improve this service, we would welcome any feedback you have
on both the Alert itself and the information provided to you. Please email all feedback to
alerts@soca.x.gsi.gov.uk and include the reference AA319AA in the subject line.
This Alert is marked NOT PROTECTIVELY MARKED. 2
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
HORIZON SCANNING WORKING GROUP
MEMBERS
This Alert is marked NOT PROTECTIVELY MARKED. 3
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
CONTENTS
1 Introduction............................................................................................. 5
2 Assessment Base ................................................................................... 5
3 Executive Summary................................................................................. 7
4 What is Horizon Scanning ........................................................................ 9
5 Key Themes Within Contributory Assessments ........................................ 10
5.1 The Evolution of Technology ................................................................................. 10
5.1.1 Development of Malware ....................................................................................... 10
5.1.2 Development of Cloud Computing........................................................................ 11
5.1.3 Increased Reliance on Developing Technology ................................................. 12
5.1.4 Chip & PIN Technology .......................................................................................... 12
5.1.5 Growth of Pre-Payment (Pre-Paid) Cards ........................................................... 13
5.1.6 Increase in Online Businesses .............................................................................. 13
5.1.7 The Emergence of Virtual Worlds......................................................................... 14
5.1.8 Convergence in Relation to Devices .................................................................... 15
5.1.9 Convergence in Relation to Social Engineering ................................................. 16
5.1.10 Technical Challenges in Establishing Identity .................................................... 16
5.2 Criminality and Modus Operandi .......................................................................... 18
5.2.1 Evolution of Fraud Business Models .................................................................... 18
5.2.2 Increased use of Employees with Key Knowledge or Data Access ................ 18
5.2.3 Fraud as a Facilitator for Other Criminality ......................................................... 19
5.2.4 Increased Diversity and Reach of Social Engineering Techniques................. 19
5.2.5 Increased Use of Legitimate Business Services to Facilitate Fraud ............... 20
5.2.6 Vulnerability of the Third Sector ............................................................................ 20
5.3 The Victims of Fraud............................................................................................... 21
5.3.1 Vulnerable Individuals ............................................................................................ 21
5.3.2 Organisations ........................................................................................................... 21
5.4 Increased Globalisation of Fraud .......................................................................... 22
5.5 Key Events ............................................................................................................... 22
5.6 Legislation, Regulation and Processes................................................................ 23
5.6.1 Increased UK Regulation ....................................................................................... 23
5.6.2 Fraud against public sector revenue .................................................................... 23
5.6.3 Environmental Protection ....................................................................................... 24
5.6.4 Impact of Consumer / Data Protection Legislation on Fraud ........................... 24
5.6.5 Changes to the Machinery of Government in Response to Fraud .................. 25
5.7 The State of the Economy ..................................................................................... 26
5.7.1 Economic Growth and Diversification .................................................................. 26
5.7.2 A Stagnant or Declining Economy ........................................................................ 26
6 Annexe A: Contributors .......................................................................... 28
7 Annexe B: Outline of Methodology .......................................................... 29
This Alert is marked NOT PROTECTIVELY MARKED. 4
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
1 INTRODUCTION
This assessment has been produced by the Horizon Scanning Working Group 1
(HSWG), drawn from the member organisations of the Serious Organised Crime (SOC)
Fraud Programmes, to examine the key future fraud threats that are likely to impact
public, private and third sector organisations within the next 3 to 5 years. The
assessment sets out to answer “What are the key future fraud threats (and
enablers of fraud) likely to impact on my organisation and business sector 3 to 5
years in the future?”
This assessment has been written for the members of SOC Fraud Programme Boards
and readers within the wider counter fraud community (where deemed appropriate).
The issues raised in this assessment does not create or replace Government policy but
are intended to inform debate and decision making by senior policy and deployment
managers.
This assessment has identified a number of potential future fraud threats that, in the
opinion of the HSWG merit further consideration by the counter fraud community.
These are detailed in section 5 below. In each case the nature of the change is
identified, how the change may be exploited by fraudsters and action that might be
taken to remove or mitigate the threat. It should be noted that:
- The assessment is based on material that has been made available by the
contributing organisations of the HSWG (see Annexe A).
- It is highly likely that extended research and wider participation in this programme
would identify additional issues and areas of concern to the counter fraud
community.
- Many of the issues identified within this report potentially merit a dedicated body
of research or a fraud workstream, requiring multi agency action in their own
right.
In addition to producing the first national future fraud assessment, the HSWG have
demonstrated the capability to deliver a programme of forward looking analysis to
support the counter fraud community develop proactive and preventative policies.
Guide to Probabilistic Language
Although future events are not guaranteed, the following probabilistic language has
been used to convey the likely occurrence of an event.
Highly Likely Indicates the most probable outcome, e.g. it is highly likely
reliance on technology will continue increasing.
Likely Indicates a probable alternative or secondary outcome, e.g. It is
likely technical devices will increasingly be used for dual
purposes by multiple people.
Possible Indicates a possible but less likely outcome, e.g. it is possible
that chip & PIN security technology will be compromised within
the next 10 years.
1
Refer to Annexe A for HSWG contributors
This Alert is marked NOT PROTECTIVELY MARKED. 5
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
2 ASSESSMENT BASE
This assessment uses established analytical strategic futures and horizon scanning
techniques combining information and assessments provided by contributing
organisations across the public, private and third sector. Through workshops and
contributory assessments a wide and representative assessment of fraud threats have
been identified and captured. 17 organisations of the 29 invited to participate were able
to provide contributory assessments. It has not been possible to incorporate all issues
or eventualities and at this stage of knowledge we are not able to provide quantified
impact that would give meaningful priority to the threats identified. The National Future
Fraud Assessment nevertheless integrates the body of future fraud knowledge into a
single consolidated assessment for the first time.
The intelligence cut-off date for this assessment was 31 March 2010.
This Alert is marked NOT PROTECTIVELY MARKED. 6
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
3 EXECUTIVE SUMMARY
This report provides the first national assessment of potential future fraud threats. Its
purpose is to raise awareness of plausible developments which could emerge relating
to fraud methodologies and enablers over the next three to five years.
This report does not predict the future; instead it seeks to pre-empt risks which could
arise from a range of different future conditions. By considering these, this report aims
to strengthen the counter fraud community’s ability to develop more resilient plans to
mitigate potential emerging risks.
This report does not attempt to replace established strategy and policy development
processes. It seeks to inform debate, consideration of priorities and decision making.
To this end the following aspects of the assessment are drawn to your attention:
Technological developments will make fraud increasingly international and multi-
jurisdictional. Global expansion of the high speed internet infrastructure will see key
developing regions expand into new information technology economies. These regions
will be rapidly exploited by criminal networks to facilitate international fraud. It is highly
likely that the most significant future threats to the UK will originate outside UK
jurisdiction. Fraudsters operating across multiple, often disjointed, layers of jurisdiction
will be the most significant challenge to both national and international counter fraud
communities. Gaps in information sharing and lack of coordination by business and
public sector will be exploited between and within jurisdictions.
Technological and economic drivers will lead to significant changes in business
systems and the formats of payment which could be exploited by fraudsters. The
redundancy of payment-by-cheque in the UK will speed transactions and reduce costs
but will also increase the risk of fraud to those less able to adjust. It is highly likely that
fraudsters will exploit ordinary user’s lack of knowledge of the full capabilities,
implications and risks of online and payments technology both before and during the
transitionary phases between the old and the new.
Fraud will increasingly exploit our growing economic and social dependence on
electronic business and online entertainment. Malicious software (malware) will
continue to match and exceed technical security and anti-viral measures as a result of
the competitive escalation between hackers and the IT security community. The use of
more virulent malware will be exacerbated by increasingly sophisticated coordinated
electronic attacks that combine both denial of service and fraudulent attacks on
government services and technical infrastructures, including international business
systems.
Cloud computing services are highly likely to rapidly expand with government and
business sectors contracting out their IT needs to shared-service suppliers. This will
be driven by competitive advantage (and declining public funds) and the need for
increased capacity for IT infrastructure and data storage at reduced costs. The risks
inherent in losing local and national control of corporate data and storage outside of
national jurisdiction will need to be carefully mitigated by encryption of data and the
establishment of more secure ‘private’ clouds. The ‘return on investment’ for
successful penetration of shared financial services or public sector clouds is likely to
attract the interest of state level actors and their proxies to carry out fraudulent attacks
on the UK within the next 3 to 5 years. In particular, the benefit for breaking the
encryption of tax and benefit details held within an integrated ‘eGovernment’ cloud
could make this the UK’s top hacking target for fraud. These threats will drive the need
for better joint working across the counter fraud community and a more regulated
approach within particularly sensitive business areas e.g. banking and Government.
This Alert is marked NOT PROTECTIVELY MARKED. 7
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
Device convergence will see more user originated functionality and services being
made available though mobile devices (combining phone, internet, GPS and other
functions). These devices will increasingly be used for online banking and money
transfers, and eventually for contactless payments. The threat of malware on handheld
devices is seen as potential threat and may have been significantly underestimated by
their previous limited use in enabling fraud. Current trends towards device
convergence and a move to mobile banking and other financial services will rapidly
increase Smartphone exploitation by fraudsters for financial gain.
The evolution of fraud ‘business models’ will increase as new and lucrative fraud
methodologies are rapidly exploited and spread through an industrialised and ‘virtual’
international fraud community. Saturation of established fraud methodologies will drive
the entrepreneurs of the fraud community to quickly exploit new and emerging social
and technical opportunities for fraud. This exploitation will tend to follow the patterns of
normal business development models including: proof of concept and product testing,
followed by rapid exploitation and expansion through specialised division of labour and
ultimately franchising the methodologies to new entrants.
Economic stresses will increase the risk of fraud through individuals occupying key
positions of knowledge, data access and professional trust. Personnel in business
sectors previously considered being in secure and stable employment (such as
bankers, financial advisors, property specialists, lawyers and associated public sector
specialists) are likely to be more vulnerable to corruption by crime groups. The number
of individuals engaged in fraud is likely to increase as a result of the continuing impact
of economic difficulties combined with the additional opportunities and niches emerging
in new and flexible fraud methods.
Fraud will continue to be driven by profit, with criminals seeking the maximum return for
the least effort or risk and fully exploiting opportunities. The type and nature of victims
will evolve with new and developing fraud methodologies. Fraudsters will continue to
exploit lack of awareness of fraud, lack of due diligence and any systemic or design
weaknesses. They will increasingly use social engineering techniques and deception
to defraud and obtain information that can be exploited for fraud. Third sector
organisations in particular will be increasingly vulnerable to fraud and exploitation both
from a UK and international perspective.
Economic challenges to reduce overheads and costs in all organisations will remain
and it is highly likely that the resources available to prevent fraud will be adversely
impacted by being reduced within public and business communities. The post election
political environment will see greater pressure for prioritisation and rationalisation of
spending on counter fraud activities. These cuts are likely to be linked to changes in
the machinery of Government that will require greater emphasis on prioritised and
intelligence led direction of resources, and a smarter business and Government
approach.
This Alert is marked NOT PROTECTIVELY MARKED. 8
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
4 WHAT IS HORIZON SCANNING
“Horizon scanning is the systematic examination of potential threats, opportunities and
likely future developments which are at the margins of current thinking and planning.
Horizon scanning may explore novel and unexpected issues, as well as persistent
problems or trends. Overall, horizon scanning is intended to improve the robustness of
policies and evidence base 2 ”.
Strategic futures analysis was developed in World War II and became popular in the
business world in the 1960s, when methods that attempted to predict a single future
were incorrect and often led to unexpected surprises. Futures techniques consider
ranges of possible, plausible futures so that planning can be put in place to adapt to,
and minimise the impact of, various conditions. Horizon Scanning is one such process
used to identify potential futures other techniques include scenario planning, visioning,
reverse engineering and wind tunnelling.
Horizon scanning does not aim to forecast or predict the future but follows an analytical
methodology in order to inform and help decision makers to plan effectively against the
most likely threats in the future.
Horizon scanning as a capability for the development of strategic planning has been
recognised and adopted by the committee of Permanent Secretaries and is being
adopted extensively across Government departments. The community of practitioners
within Government are led and supported by a dedicated national Horizon Scanning
Centre based in the department of Business Innovation and Skills and the Cabinet
Office Horizon Scanning Unit.
2
DEFRA 2002
This Alert is marked NOT PROTECTIVELY MARKED. 9
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
5 KEY THEMES WITHIN CONTRIBUTORY ASSESSMENTS
5.1 THE EVOLUTION OF TECHNOLOGY
5.1.1 DEVELOPMENT OF MALWARE
Malware, short for malicious software, are programs designed to infiltrate a computer
system without the owner's informed consent. The expressio! is a general term used by
computer professionals to mean a variety of forms of hostile, intrusive, or ‘annoying’
software or program code. The term "computer virus" is sometimes used as a catch-all
phrase to include all types of malware, including true viruses.
Malware is highly likely to continue growing in frequency and effectiveness in the
next three to five years.
A new malware component is released every 1.5 seconds and, despite the availability
of anti-viral software, these compromise thousands of systems in the UK every day. In
a large number of instances this malware will be used to capture personal information
from the infected computers to enable fraud. This will facilitate ID theft of those
targeted, and also compromise payment card details and internet banking logons.
These attacks will enable fraudsters to carry out transactions with the victim’s card and
take over their bank account.
It is highly likely that the availability and sophistication of malware will expand over the
next three to five years. This will involve more sophisticated types of malware, such as
a polymorphic virus which have code that automatically changes and evolves once
installed on an infected device, preventing recognition by mainstream anti-malware
software. Growing consumer demand to download a wide variety of applications, for
personal and business use, provides fraudsters with many different channels to insert
malware disguised by legitimate applications. Fraudsters will seek to gain unauthorised
access to personal information or direct links into online services. It is highly likely that
3
malware will increasingly target mobile devices and Smartphones . Fraudsters will
exploit the increasing sophistication of computer based services and dependence on IT
systems. This will be exploited using a number of techniques, for example:
Anonymous attacks: It is highly likely that technical developments in anonymity
routers and other software designed to hide the origin of malware will make it more
difficult for law enforcement to track and take action following successful attacks.
Blended attacks: Combines successful infiltration of malware, such as a Trojan,
onto a legitimate website and sends an email, targeted at the victim to appear
legitimate, which contains an embedded link to an infected website (also victim to
the attack). This email avoids traditional anti-virus systems and when the victim
opens the link, it downloads malware which can bypass traditional web filters.
4
Man in the browser attacks : Web browser vulnerabilities allow hackers to control
the information between the sender and receiver. Trojan viruses such as ZEUS are
currently being used this way to defraud ‘secure’ online banking.
Compound or complementary attacks will be increasingly used against large financial
institutions and Government departments. International Distributive Denial of Service
(DDoS) 5 attacks are likely to increasingly be targeted at western institutions. Whilst
these disruptive attacks will continue to be motivated by political or corporate rivalry,
they will increasingly be used by fraudsters as a form of ‘distraction burglary’.
Fraudsters, under cover of a DDoS attack, will launch complementary acquisitive
malware attacks, exploiting the fact that IT security systems and staff are distracted
3
See also Section 5.1.8
4
Linked to ‘man in the middle’ and ‘man in the PC’ attacks: Exploiting weaknesses allowing fraudulent
extraction of information and the take over of vulnerable systems (Bots) to disrupt and defraud.
5
When thousands of computers infected with malware are herded together to attack the websites and
systems of a target business in order to disrupt and shut down their ability to operate.
This Alert is marked NOT PROTECTIVELY MARKED. 10
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
with the ‘main attack’. Although currently confined to the Russian sphere and the
Middle East, this is likely to spread to richer targets in the West and become a very
significant threat in the next three to five years.
The complexity of these attacks will grow in the next three to five years rapidly adapting
to potential technical, systemic and social counter measures.
5.1.2 DEVELOPMENT OF CLOUD COMPUTING
Cloud computing is a term used to describe a set of IT services and infrastructure that
are provided to a customer over a network on a leased basis, creating the ability to
adjust the size and level of service as they require. Cloud services are usually
delivered by a third party provider who owns the infrastructure. It offers organisations
considerable benefits in terms of being able to scale up or down their IT services, such
as applications, platform or infrastructure, on demand. Services are leased and
therefore customers do not incur capital costs of IT resources and equipment as they
would in traditional IT service models. In cloud computing IT operations are
outsourced to the cloud; the risk is not. Accountability for customer and business
sensitive data resides with the cloud customer who may not have the same levels of
control that existed within a single jurisdiction / treaty area.
It is highly likely that developments in data storage will continue to advance,
leading public and private organisations to shift to cloud computing technology.
It is also highly likely cloud computing will challenge our ability to protect data
and take action against those fraudulently using it.
Developments in data storage, both in terms of capacity and method, have changed
dramatically in the past five years. Cloud computing is the next generation of data
storage that is already employed by the private sector. Currently there is a lack of
accepted cloud computing standards at a national, EU and worldwide level. There are
wide ranging legal and regulatory issues in cloud computing covering: rights to data,
possible security loopholes, outsourcing and subcontracting. In particular, national
laws and regulations governing interception and disclosure of data in jurisdictions in
which data is stored, or transmitted across, needs to be clarified and brought in line
with existing international and EU regulations.
The large number of third parties involved in a data ‘cloud’, and its geographical
dispersion, means that risk assessment and assurance activities are likely to be more
complex, time consuming and costly. There are also a number of IT data recovery
risks associated with hosting data in multi-tenanted centres, including the corruption of
customer data, overloading of computing resources and incorporating disparate IT
disaster recovery requirements.
Public and private organisations and individuals are potentially exposed to fraud
through their use, directly or indirectly, of cloud storage. For example, banks
traditionally maintain close control over their IT and are currently reluctant to use cloud
computing, due to concerns about security, regulatory compliance, data transfer,
reliability and inter-operability. However, the growth in cloud computing over the next
three to five years is highly likely to drive the commercial sector to this IT solution for
reasons of competitive advantage and cost savings. This could result in bank
customer data increasingly being held by third parties who use cloud computing, with
or without the knowledge of the bank, creating a potential greater risk of data
6
compromise .
Cloud computing will, however, allow organisations access to greater levels of storage
and increase connecting capability between datasets due to a central storage area. As
a positive outcome, this would allow for greater data matching and verification
opportunities across the sector to detect and prevent fraud.
6
Cloud computing is already used by third party organisations of banks
This Alert is marked NOT PROTECTIVELY MARKED. 11
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
5.1.3 INCREASED RELIANCE ON DEVELOPING TECHNOLOGY
It is highly likely as our reliance on developing technology increases that users
will remain unaware of the full risks associated with data transfer via unsecured
wireless networks and in public spaces such as: stations, on trains or in cafes
and pubs.
Increasing use and reliance on technology to provide more private and public services
online, and Government encouragement to use them 7 , will increase individuals and
organisations’ exposure to fraud. Consumers will suffer more targeted phishing
attacks, especially against vulnerable groups and inexperienced internet users who are
highly likely to be encouraged to use online services. Many new users will not have the
knowledge to protect themselves, or an awareness of the increasingly sophisticated
means by which fraudsters try to obtain details from their victims. From an
organisation point of view: although access to public services and data via the internet
will increase efficiency and minimised costs, it brings with it an increased threat to the
security of business and Government data assets through online hacking and other
similar data attacks.
The increasingly mobile lifestyle and the numerous locations where consumers’ access
websites are highly likely to create increased opportunities for fraud. It is likely
consumers level of security awareness, whilst operating via mobile hotspots, may not
match the increased risks. Thus they could potentially access suspect websites and
download malware onto their device, e.g. passing the time on a journey, distracted in a
café or whilst playing games. There is also an increasing threat that interception of
data can take place in these hotspots via unsecured wireless networks.
Given current consumer preferences to obtain the latest technology and the
increasingly competitive environment, it is highly likely that a number of new products
will become available without robust security checking. Newly released products
regularly have security issues or program problems requiring subsequent upgrades.
This further highlights an opportunity for fraudsters to exploit and compromise these
devices and programmes.
5.1.4 CHIP AND PIN TECHNOLOGY
Chip & PIN technology successfully reduced the level of ‘point of sale’ fraud and,
despite the shift to ‘cardholder not present’ fraud continues to be the standard of
secure payment worldwide. Although unlikely in the timeframe analysed for this
report, it is possible this technology will eventually be compromised.
Use of the EMV 8 based chip card security technology known, as ‘Chip & PIN’ in the UK
will continue to grow globally as the international standard for secure card payment in
the next three to five years. Commercial imperative will continue to drive ‘format
evolution’ 9 ; in the context of consumer payment transactions this is leading to the
withdrawal of cheques which will see an increase the number of users and transactions
by plastic card.
Although there is no evidence of compromise 10 to the core protocol of Chip & PIN
transactions, the card industry has been monitoring the availability of technology and
knowledge required to carry out attacks to clone chip cards. There have been clone
attacks carried out in France in 2007 and from work carried out within the card
payments industry it is understood that the current Static Data Authentication (SDA)
EMV cards can be compromised relatively easily and plausible clones produced for use
in some transaction environments 11 .
7
Digital Britain initiatives.
8
EuroPay, MasterCard, Visa
9
All consumer technology media, platforms and formats are in constant evolution – redundant systems are
no longer supported by the business community requiring customers to ‘upgrade’ eg video to DVD; analogue
to digital TV.
10
Whilst it is probable that it will be compromised at some point this is unlikely within the next 3 to 5 years
[Comment from The UK Cards Association and British Bankers Association]
11
To date there is little evidence of the capability being in the hands of criminals but we do have limited
evidence from internet chat rooms that there is interest in EMV card cloning.
This Alert is marked NOT PROTECTIVELY MARKED. 12
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
Knowledge 12 of the vulnerability and the relative ease with which plausible clones can
be developed suggests that it is likely that a fraudulent capability could exist within
three to five years. The scale of the threat is likely to be determined by relative cost
and return on investment considerations by potential fraudsters.
In response to the threat, the UK card industry is enhancing the security features of its
cards by introducing Dynamic Data Authentication (DDA) cards (which are currently
extremely difficult to clone). The roll out of these cards will take up to three years so a
residual vulnerability will exist which needs to be monitored.
5.1.5 GROWTH OF PRE-PAYMENT (PRE-PAID) CARDS
In the next three to five years it is likely that enhanced risk assessment
procedures for credit cards and a more regulated approach to credit lending, will
lead to an increase in the use of pre-payment cards.
Pre-payment cards were introduced to facilitate consumers managing their finances
and ensure that they do not overspend on credit. They also enable consumers who fail
to meet the criteria for conventional banking to use this form of payment. However,
they also present fraudsters with an opportunity to launder money and to transfer the
proceeds of crime overseas.
As these cards present no financial risk to the card issuer, they are easy to obtain and
applications do not attract high levels of application risk scrutiny. This makes them
convenient and easy to obtain by fraudsters. Money can be transferred onto these
cards from any account and potentially, spent anonymously anywhere in the world. In
addition, prepaid card issuers are not necessarily UK-based financial institutions
Some of the pre-payment cards available do not have the latest security technology
installed, such as Chip & PIN, thus they are more susceptible to known frauds, both
within the UK and overseas.
5.1.6 INCREASE IN ONLINE BUSINESS
Consumers will become more exposed and dependent on technology, as the
services and products provided by businesses and Government are made
available online in order to reduce cost, remain competitive and retain market
share.
Access to products and services will continue to shift away from traditional in-store
shopping to online outlets. Increased delivery of Government services and functions
online will take place through the further development of online Government. This will
increase consumer’s potential exposure to fraud, especially in relation to financial
services or where financial transactions take place.
There is a particular risk within the third sector which attracts a high perception of trust
and as a result, the public may not be as vigilant with their details on charity-related
websites and response to related emails.
In an attempt to remain competitive by moving business to the online environment
whilst reducing costs, some organisations take risks by not using technical specialists
to design, set up and manage their online business. This exposes organisations to
fraudulent attacks due to the lack of protection their site offers them, their website and
their customers. In addition business and public sector organisations seeking to
reduce costs may reduce expenditure on the development or deployment of technology
and security, potentially exposing them to fraud either through malicious attacks by
hackers or corrupt employees not being monitored via robust due diligence checks.
Over the past five years the banking sector has rapidly developed, in terms of the
availability and use of online services. In the next three to five years the risk of
exposure to fraud will continue and is likely to increase when combining consumer
demand for instant access to financial services (such as a Smartphone application to
12
Google search on Chip & PIN fraud brings back 2.5 million hits
This Alert is marked NOT PROTECTIVELY MARKED. 13
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
set up a direct debit, transfer funds or launch other banking services) with unsecure
mobile and/or wireless devices.
Other sectors which require financial transactions may not be as fraud aware and
responsive as the banking sector, relying on others to spot fraudulent behaviour.
Shopping websites are prone to fraud but plastic card protocols have been developed
to limit exposure for those with minimal fraud experience. Reckless or collusive
behaviour remains a risk and shopping websites may depend on banks to spot suspect
transactions rather than implement robust security checks within their ordering
systems. This creates an entry point for exploiting and removes possible additional
checks to assist in fraud prevention work. Online retail in the UK will experience a
compound annual growth rate of 10% over the next five years, to reach a value of
13
€40bn (£36bn) by 2015 .
It is highly likely the number of fraudulent online businesses and services will
mirror the growth of legitimate online business.
The increase in the number of legitimate businesses, including Government
organisations, going online will provide an opportunity for fraudsters to make fraudulent
offers through the unauthorised use of legitimate organisations’ identities (e.g. bogus
‘account compromise’ warning emails). In addition to this fraudsters may also operate
under deceptively similar business/URL names (e.g. Micosoft instead of Microsoft) to
commit fraud directly or to obtain personal information.
It is highly likely there will be a continuing decline in consumer demand for
physical media (i.e. DVD, CDs) as the market moves online and more products
are downloaded.
Consumer demand is moving to the Internet as the main source for media content
(such as films, television and music), reducing the demand for physical media, such as
DVDs. Whilst there is likely to remain a demand for physical media for the foreseeable
future, the emphasis for enforcement of copyright law will move from physical
duplication and point of sale locations to the online environment.
Consumer demand is moving towards high definition content and fraudsters will seek to
source and supply counterfeit versions of these products. The risk of targeted attacks
against high definition sources (such as legitimate video streaming and film download
services, and delivery lorries containing high definition Blu-ray discs) will increase. The
demand for this content will allow fraudsters to charge a higher price for their wares,
with little increase in costs, which will increase their potential criminal gain and make
this area of fraud more attractive.
Recent film counterfeiting investigations have shown associations to serious organised
crime groups with potential links into other serious criminality, which highlights the
potential high level of profits this area of fraud attracts and use of it to fund other
criminality.
5.1.7 THE EMERGENCE OF VIRTUAL WORLDS
A virtual world is a type of online community that often takes the form of a computer-
based simulated environment, through which users can interact with one another and
use and create objects. Virtual worlds are designed for its users to inhabit and interact
within. The term has become synonymous with interactive 3-D virtual environments 14 ,
where users take the form of avatars visible to others graphically.
It is highly likely there will be an increasing use of virtual world environments,
both for leisure and business purposes within the next 3 to 5 years.
The virtual world is increasing in sophistication and its widening appeal to all
generations across business and gaming environments. There is a risk that the level of
security awareness by individuals can be lower and unguarded in a “game world”.
13
Forrester Research
14
Second Life and World of Warcraft are leading examples of virtual world environments/platforms.
This Alert is marked NOT PROTECTIVELY MARKED. 14
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
Users are more willing to trust people in a game situation and are prepared to hand
over money, personal details or follow website links with fraudulent outcomes.
The gaming world is expanding into a ‘real world’ simulation with the incorporation of e-
cash, which is convertible to ‘hard currency’, to buy and sell virtual commodities. This
e-cash is purchased at a rate of exchange 15 that when favourable, provides an
opportunity for fraudsters to launder proceeds of crime through simulation games at
potentially better rates than in the standard market, and with less risk of detection. The
decrease in the use of sterling and move into e-cash by fraudsters will also benefit
those who find it difficult to deposit large amounts of money into their bank accounts
without risk of notifying authorities.
The growth of online activities (social-networking sites, on-line shopping and games)
on virtual platforms and transferable online currencies, add complexities for jurisdiction,
law enforcement and recovery of assets. These sites also provide additional social
engineering opportunities for fraudsters to exploit.
Expansion and technical development of the Internet into Web 2.0 during the next three
to five years, and Web 3.0 in around five years time, will create significant changes in
the way we obtain, manage, integrate and use information, much of which is
unobtainable under the current web structures. Plans are in place to develop Web 3.0
‘the semantic web’, which will read and assess content to enable sites to interact with
other sites and to build profiles or avatars. The powerful marketing and research
capability will create increased opportunities for fraudulent activities through gaining
detailed knowledge of individuals and their online history identity through theft for use
16
in spear phishing . This is likely to create a threat to anyone with extensive online
history, vulnerable to semantic cross referencing of profile information, regardless of
current levels of personal information and online identity management.
Fraudsters are increasingly likely to use the virtual world to communicate with each
other. The development of online criminal forums, social networking sites and virtual
worlds, plus cheap mobile telephony and computer-to-computer connections will be
used by fraudsters to communicate to each other. However, concentration of criminal
activity on such sites will create an opportunity for greater surveillance by law
enforcement and the intelligence community.
5.1.8 CONVERGENCE IN RELATION TO DEVICES
It is highly likely device convergence via Smartphones and other mobile
personal devices, combined with overriding market demand for these products
over the next three to five years, will make these devices a critical target to
enable fraud.
The demand for, and supply of, products that provide all-in-one technology, such as
Smartphones, is rapidly increasing. These devices with converged communications,
internet, and GPS functionality also provide rapid connectivity to a vast array of online
services, particularly banking services, covering both personal and business needs. It
is possible that this will include contactless payments in the next three to five years.
It is highly likely the introduction of GPS technology in devices used for social
profiling and information gathering will be exploited by fraudsters.
The increased availability of mobile personal devices such as Smartphones that allow
the collection of GPS data on customers will be a valuable information source for the
business community. It is likely that its commercial value will see this data being
harvested by service providers and used to enhance current loyalty card data profiling.
This information will also be targeted by fraudsters to enhance their social engineering
based attacks, by incorporating location fraudulent approaches can be made more
believable.
15
£1 = 443 Linden Dollars (moneyslex.com)
16
The use of social engineering techniques to target specific audiences with phishing emails, containing
more relevant information and potentially more convincing details to deceive victims.
This Alert is marked NOT PROTECTIVELY MARKED. 15
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
It is likely consumer demand for contactless technology payments combined
with device convergence and the growth in malware capability will be exploited
by fraudsters.
Over the next three to five years handsets will be developed to enable their use as a
method of contactless technology payment, storing virtual cash and other ‘swipeable’
services via the introduction of applications. Industry sources predict ‘explosive growth’
of Smartphone malware within this timeframe as fraudsters cultivate new generations
of malware targeted to exploit the vulnerabilities of handheld Smartphone platforms.
This could result in the loss of both money and valuable data.
5.1.9 CONVERGENCE IN RELATION TO SOCIAL ENGINEERING
It is likely that single information-communication-technology (ICT) devices 17 will
be used for both personal and business use over the next three to five years, and
these devices will be used by more than one individual.
It is likely that fraudsters will increasingly exploit the growing use of the Internet to
obtain personal details through social networking sites. With younger and older users
having access to the internet, ICT devices are increasingly being used by everyone for
a wide range of activities, such as personal banking, remote working, research,
shopping, correspondence and games. This environment can result in users not being
fully aware of potential exposure to malware or suspect websites when carrying out
activities that involve financial transactions or revealing personal information that could
be used in phishing attacks. In addition it is increasingly common for ICT devices to be
connected online continuously, allowing malware to operate for many hours unnoticed
once the device has been compromised.
5.1.10 TECHNICAL CHALLENGES IN ESTABLISHING IDENTITY
It is highly likely identity documentation will become increasingly more
sophisticated making the opportunity for forgery, alterations and misuse much
harder. In addition ‘Know Your Customer’ (KYC) risk assessments are likely to
be enhanced in line with tighter regulations and due diligence combine to reduce
the opportunities for fraud and the enablers of fraud, such as money laundering.
Government backed forms of identity verification, including those issued by other
countries, although not a legal requirement will increasingly become a necessity for
everyday transactions, especially where financial risk is involved. This will increase the
value of successful attacks by fraudsters on issuing departments of Government
backed forms of ID.
Whilst passports and other travel documents are becomingly increasingly sophisticated
and thus more robust against fraud, fraudsters will continue to seek to exploit any
weaknesses. We are likely to see a shift away from counterfeit or altered documents
towards fraudulently obtained identity documents to perpetrate fraud. With the shift
towards fraudulently obtained documents, it is likely the supporting documents for
applications will be increasingly forged or altered. Other forms of documentation,
particularly those accepted by industry as identity, will be forged or fraudulently
obtained (e.g. driving licenses, birth certificates and National Insurance numbers).
Over the next three to five years commercial pressure may reduce the number of
commonly acceptable forms of ID used in commercial transactions. Non-secure hard
copy forms (birth certificates, utility bills and wage slips) will be less accepted as proof
of identity. Personal information as proof of identity (such as mother’s maiden name,
primary school) will become increasingly unreliable following trawling of data from
social networking sites, data farming other online sources.
The business community are likely to develop identity solutions such as the emergence
of an 'electronic ID document' for the banking sector. This is likely to emerge from one
of the credit reference agencies (who already offer a partial form of this) This will be
supported by procedural measures, with businesses investing in stronger application
fraud vetting at point of application across both retail and commercial banking, to
17
Such as laptops, mobile phones and PDAs
This Alert is marked NOT PROTECTIVELY MARKED. 16
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
ensure a minimum group standard is achieved. Electronic ID credentials will
increasingly be used to authenticate transactions (with the erosion of the effectiveness
of traditional "static" ID questions). With the advent and proliferation of Smartphones
the banking industry confirms an increase in demand for and use of internet banking,
which will drive the requirement for secure methods of financial and non-financial
transaction authentication. Some banks have invested in, and issued to customers, the
EMV cap reading devices. But other banks are considering more ‘consumer friendly’
methods, tailored to the specific channel, such as mobile phones which are likely to be
introduced within the next three to five years.
More sophisticated identity documents for transactions will increase the pressure on
fraudsters to create more convincing false identities. This escalation is likely increase
18
the need for a biometric component in two or even three factor authentications .
Current biometric attributes are likely to feature as a growing requirement for an
increasing number of lower level transactions towards the end of the three to five year
period. The use of DNA for biometric identification sits beyond this time period.
Despite the provision of security measures in any system, verification will still be reliant
on human input within the timeframe of this report. Therefore, human error, negligence
and socially engineered compromise will remain a significant vulnerability.
18
What the user knows (PIN code); what the user has (the ID document); what the user is (their unique
biometric attributes)
This Alert is marked NOT PROTECTIVELY MARKED. 17
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
5.2 CRIMINALITY AND MODUS OPERANDI
5.2.1 EVOLUTION OF FRAUD BUSINESS MODELS
Fraudsters will adopt established business models and best practice to
industrialise fraud using the internet and other facilitators of global ecommerce.
Over the next three to five years fraud will mirror an increasingly industrialised and
globalised business model, with the ‘stages of production’ distributed, aspects will be
specialised and geographically separated, others will be mass produced. Open market
brokerage of fraudulently acquired credit and bank details will expand and diversify.
Fraud entrepreneurs will utilise both criminal and online networks to operate fraud on a
commercial scale exploiting specialists and the division of labour. It is highly likely that
the internet will become the dominant method for fraudsters to buy and sell
compromised personal and payment information. New fraudsters will not need to
possess all the skills or knowledge to facilitate a fraud (or even form crime groups that
cover all those skill sets), as they will be able to buy or sell the ‘components’ needed to
facilitate fraud via online forums. This will include purchasing code to infect computers
with malware, the sale and purchase of compromised data, as well as fraud instruction
manuals and ‘online training’.
Over the next three to five years the following are likely to increasingly feature and
grow in prominence:
It is likely that the division of labour already used in fraud networks will grow in
complexity. Allowing significant numbers of freelance technical specialists working
online harvesting and then selling data to those committing fraud, without directly
exploiting it themselves.
Changes to the structure of organised crime will continue to evolve away from
19
physical and hierarchical organisations to communities of transient virtual criminal
networks. These will operate by specific transactions, accumulating reputations to
develop trust in a form of ‘cloud crime’.
Fraud information brokerage sites 20 will increasingly provide high levels of return for
timely, high quality data (e.g. live credit card details direct from a secure bank
database), that can be auctioned in packets to maximise profit. In turn, the return
on investment calculation for targeting commercial and Government held bulk data
will rapidly grow. Although extremely desirable to fraudsters, bulk data remains the
hardest to acquire, requiring significant acquisition investment (and risk) with limited
means of realising its value.
Fraud kits will be supplied to an expanded work force of part time entrepreneurial
professionals (e.g. for credit card harvesting) who will use online trading sites to sell
on information exploitable for fraud (a ‘Fraud eBay’). Malware and fraud data
brokerage forums will hide behind increasingly sophisticated technical counter
surveillance and ‘legitimate’ corporate fronts.
Use of internet based communications systems (secure Skype) will be fully utilised
to avoid conventional law enforcement surveillance.
21
The quality of counterfeit goods will increase with growth in ‘offline‘production .
This will be particularly apparent where there is a high return on investment which
often sits with safety critical consumables such as pharmaceuticals.
5.2.2 INCREASED USE OF EMPLOYEES WITH KEY KNOWLEDGE OR DATA
ACCESS
It is likely increasing numbers of individuals with key knowledge or access to
data will be attracted to the financial reward of fraud and targeted by criminals.
The significant impact of the economic downturn combined with the industrialisation of
fraud methodologies on employees in a number of business areas with key skills 22 , will
lead to an increase in professionally qualified or technically skilled people engaging in
fraudulent activity.
19
Traditionally used when trading in physical commodities and contraband, such as drugs and prostitution.
20
Such as the former “Darkmarket” fraud trading site.
21
Factory managers producing legitimate goods supplying off record to black and grey markets.
22
e.g. public sector specialists, bankers, financial advisors, property specialists and lawyers
This Alert is marked NOT PROTECTIVELY MARKED. 18
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
Any decrease in legitimate employment opportunities across many areas of private and
public sector work will be exploited by fraudsters, who will utilise the IT and process
skills of corruptible professionals. Individuals who would not otherwise contemplate
criminal activity will be enticed through social engineered ‘consultancy opportunities’
with the veneer of legitimacy and detachment from direct contact with victims (such as
providing knowledge of financial / banking / IT system weaknesses for bogus ‘security
management’ businesses). The professionalisation of fraud is likely to manifest in a
number of ways over the next three to five years including:
Professional skills will increasingly be provided to enable fraud through consultancy
services via ‘front’ management companies.
Those with technical IT and financial skills will be able to undertake ‘packaged
fraud’ work on part time / working from home basis.
Fraud methodologies will continue to adapt to the social preferences of new
generations of fraudsters. Currently online compromised information exchanges
appeal to the generation Y ‘online gaming’ fraudster through the acquisition of
levels and tokens (in addition to cash) in exchange for fraudulent trades.
5.2.3 FRAUD AS A FACILITATOR FOR OTHER CRIMINALITY
It is likely organised crime groups will increasingly use fraud to finance and
facilitate other criminal activities.
Changes in fraud methodologies are lowering the barriers to entry for established
organised criminal groups, who are increasingly engaging in fraudulent activity as part
of their portfolio of crime.
Established organised crime groups are likely to become more involved in fraud,
attracted to the low risks and high potential for profit. Organised crime groups involved
in high level criminality, have been identified as major players in the production and
distribution of counterfeit films within the UK. Counterfeit DVDs are a growing area of
fraud, as pressure on consumer’s budgets persuades individuals to buy lower priced,
poor quality counterfeit discs. The increasing criminal involvement in the trade has
seen groups target public locations, such as public houses and shopping centres, to
sell their product, increasing the visibility of the issue. Counterfeit media is just one
area of fraud that is linked to organised criminality. Better sharing of information on
those involved in fraud may reveal more links to serious criminality highlighting the
importance of enhanced fraud intelligence and case development work to gain an
accurate assessment of the level of risk.
5.2.4 INCREASED DIVERSITY AND REACH OF SOCIAL ENGINEERING
TECHNIQUES
A wide and expanding range of social engineering techniques will be developed
and deployed, involving on-line, phone and face to face channels. These
techniques will increasingly enable fraud, as deceptive approaches become
more sophisticated and convincing to the victim.
In the next three to five years phishing emails and similar approaches through other
media will continue. As individuals become more aware of these threats, fraudsters will
increasingly use social engineering techniques to deceive their potential victim, e.g.
spear phishing. It is likely that fraudsters will continue to use social networking to their
advantage, misleading people into revealing their personal details through online sites.
Criminal groups are highly likely to establish websites, such as dating sites, for the
express purpose of collecting personal information. Technology enhancements will
allow fraudsters to employ social engineering techniques easily and thus able to target
their scams to specific audience sectors.
It is likely that companies will increasingly become victims of targeted phishing emails,
for example via procurement emails. By compromising one user in an organisation, a
fraudster will obtain information that will allow spear phishing against other employees
or business partners. Organisations that hold data on customer identity alongside
lifestyle choices, e.g. shopping patterns, loyalty cards usage, music preference or
holiday choices, will be valuable targets. This data will be sought to enhance
This Alert is marked NOT PROTECTIVELY MARKED. 19
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
fraudulent attacks on their customers in spear phishing attacks. Organisations will be
particularly vulnerable to:
Social engineering of software developers, increase in sabotage for gain in the face
of redundancy.
Targeting of staff in Government and financial services with access to sensitive
systems and information 23 .
5.2.5 INCREASED USE OF LEGITIMATE BUSINESS SERVICES TO
FACILITATE FRAUD
It is highly likely a number of business services offered by legitimate
organisations to support the growth in mobile working, will be used as enablers
of fraud.
Services such as postal redirection and PO boxes, telephone redirection, office service
providers and name changing have been used by fraudsters to enable fraud. These
services are crucial to legitimate business and the emphasis for fraud detection and
prevention lies with robust systems and procedures.
It is highly likely that organisations offering business support products and
services that provide ‘virtual’ businesses with a detached physical presence will
increase, with the growth of online business in the next three to five years.
These products and services necessary for legitimate virtual businesses will also be
utilised by fraudsters to conceal their physical location and/or identity. The threats will
be fundamentally the same as those used by non-virtual fraudsters (see above).
5.2.6 VULNERABILITY OF THE THIRD SECTOR
The third sector is targeted for fraud, both from external attacks and internally
from bogus charity organisations. Charities operate internationally and work
across borders. Due to their trusted position they can legitimately gather, store
and move money and commodities quickly.
Whilst other sectors may experience more regulation over the next three to five years
the third sector needs to continue to operate in a relatively open framework to get aid to
hard-to-reach places. It is likely that general economic difficulties will increase the
dependence on the work of charities making them increasingly vulnerable to fraudulent
targeting by bogus victims, and that this will include sophisticated criminal attacks by
organised criminal groups. It is also likely that fraudsters will increasingly seek to
establish bogus charities to exploit the sectors lower enforcement profile.
As cheques are phased out donations by SMS text and online payments will become
more common. The third sector will continue to accept cash collections and this will
continue to be exploited. Growth in other payment methods to the third sector will be
quickly exploited by fraudsters.
23
See also Section 5.3
This Alert is marked NOT PROTECTIVELY MARKED. 20
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
5.3 THE VICTIMS OF FRAUD
5.3.1 VULNERABLE INDIVIDUALS
It is highly likely victims of fraud will continue to be diverse, in relation to age,
background, ethnicity and education: however the most vulnerable groups will
be particularly targeted and exploited by fraudsters.
The focus of fraudulent attacks on vulnerable people is well known and will continue.
There are many reasons why an individual may be considered vulnerable, such as a
lack of skill or understanding of technical risks, the methods of fraudsters and social
distractions (including exploitable domestic crisis). Cultural and generational habits can
make certain groups susceptible to particular types of fraud, e.g. the younger
generation are less suspicious of the Internet.
Vulnerabilities are likely to follow change, e.g. cheques will start to be withdrawn from
general use within the next three to five years forcing their current users to use
alternative methods of payment. Although the withdrawal of cheques will see an end to
frauds such as cheque washing, it is likely habitual users of cheques will be less aware
of the risks in alternative payment methods or retail channels, and fall victim to being
targeted and deceived into buying products from fraudsters seeking to take advantage
of their lack of knowledge.
UK based individuals will continue to be vulnerable to fraud from overseas, potentially
falling outside UK jurisdiction for enforcement action and recovery of assets.
Fraudsters have used social engineering profile techniques to target individuals
seeking to move overseas. By offering and charging for fictitious services to assist the
individual, such as banking, utility or accommodation services. This type of fraud is
also used against those looking for a second home overseas or holiday services.
It is highly likely new groups of victims could emerge from technical
developments and economic change. Their vulnerabilities will be rapidly
identified, targeted and exploited by fraudsters.
The recent economic crisis led to significant corporate downsizing in affected sectors.
This presented fraudsters with new categories of victim, particularly amongst skilled
professionals. Fraudsters will adapt their targeting techniques accordingly to exploit
the vulnerabilities of these groups, such as manipulating the desire to maintain their
lifestyle, offering of bogus job opportunities or exploiting their knowledge of systems
and software weaknesses.
5.3.2 ORGANISATIONS
Changes to business models and strategies over the next three to five years, are
likely to increase both private and public organisations exposure to fraud.
Companies are victims of fraud and, similar to individuals, are currently facing financial,
resource and business changes that may affect their internal processes and levels of
due diligence. It is highly likely following increased press coverage of security
breaches, organisations will receive a significant number of bogus fraud claims, e.g.
fraud victim fraud. This is likely to follow a similar profile to insurance frauds, such as
staged car accidents scams, and other threats within the sector.
Current initiatives to place more public services online could expose Government
datasets to fraudulent attack, either through hacking or malware techniques. Schemes
that provide cost and resource efficiencies within the public sector should be supported
but only made available after rigorous testing. Continually ensuring systems and
processes are risk assessed for attempts to obtain data for the use in fraud.
In the next three to five years, changes in the structure of businesses will result in a
reduction in headcount with loss of expertise, possible outsourcing of key business
areas and the reduction in capability of robust internal audits, are likely to expose
organisations to fraud.
This Alert is marked NOT PROTECTIVELY MARKED. 21
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
5.4 INCREASED GLOBALISATION OF FRAUD
Economic globalisation will continue to expand over the next three to five years
with transnational integration of businesses with key new economies extending
their global economic influence. Much of this will be driven by new
communications infrastructure: particularly the global expansion of high speed
internet.
Globalisation will increasingly enable fraudsters to operate within the UK from an
overseas base. The rapid growth of IT service sectors and high speed internet
infrastructures will increase the involvement of BRIC 24 countries in the economy of the
UK. Their limited regulatory and counter fraud enforcement capabilities are unlikely to
develop to match their growth in technical capability. This ‘permissive environment’ for
fraud will be extremely attractive for international fraud; in particular less regulated
countries will become host locations for fraudsters avoiding the jurisdiction of target
countries. These ‘outsourced’ frauds will present a number of challenges particularly in
relation to: jurisdiction conflicts, different legislative frameworks and data sharing
barriers. Any unresolved challenges could be exploited by international fraud, such as
cross border property scams, mortgage and overseas land banking.
Growth and greater UK dependency on virtual systems for business and consumer
transactions will increase the value and vulnerability to the use of economic attacks,
particularly fiscal fraud, on the UK by state actors and their proxy’s.
It is likely that DDoS attacks will increasingly feature in international business in the
next three to five years, with fraud being used as a tool to undermine rival brands
through reputational damage. There are a number of places these attacks can
originate from. They currently feature very strongly within Eastern Europe and the
former Soviet Union as a tool in corporate rivalry, including attacks on Western and
Middle Eastern banks operating within the region. Future threats are likely to involve
compound actions, such as DDoS attacks on Government and business infrastructure,
25
which exploit vulnerabilities and are coordinated with fraudulent attacks .
Rapid economic growth in the Asia Pacific region will increase its vulnerability and
capacity for transnational fraud. UK business will be increasingly dependent on IT
services based in key Asia Pacific countries. It is likely that facilitation of fraud against
UK interests will increase with increased business dependence. This development
may also lead to a reverse flow of fraud facilitation (from UK and the West against
victims in the region).
Global expansion of high speed Internet into the developing world, combined with
technology skipping (going straight to wireless, missing out the infrastructure cost of
cabling) will provide a significant capability boost to established local organised crime
groups. Locations in the developing world are likely to be utilised by international
criminal cartels exploiting lower levels of regulation and law enforcement capability.
24
Brazil, Russia, India, China are identified collectively in the body of strategic future’s analysis as emerging
economic superpowers.
25
Directly though complementary follow up electronic attacks or through social exploitation of victims for
example through front companies offering post crisis technical support or by attaching malware to legitimate
technical support sites
This Alert is marked NOT PROTECTIVELY MARKED. 22
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
5.5 KEY EVENTS
It is highly likely that pandemics or other disasters will occur in the next three to
five years, and fraudsters will seek to exploit public fear and crisis support for
victims.
Natural and humanitarian disasters are highly likely to occur within the next three to five
years and provide opportunities for fraudsters to commit crime. Over the past few
years the UK has experienced several high level warnings of pandemics, e.g. bird and
swine flu. Potentially there will be similar situations in the future which fraudsters will
exploit by offering pharmaceuticals, either counterfeit or non existent, to sell and
capitalise on public fear.
Fraudulent charities linked to major disasters will not only capture the initial payment
but card details can be used to commit further on-line fraud with the advantage of
access to security codes and passwords.
Fraudsters will also seek to exploit compassion for victims of natural or other global
disasters, e.g. via the charity sector. This could be achieved by creating bogus
charities that target the UK for donations, which could be organised and run from
26
anywhere in the world .
It is highly likely fraudsters will use future sporting and cultural events taking
place around the world to perpetrate fraud.
Major sporting and cultural events have been used by fraudsters to perpetrate fraud,
e.g. at the Beijing Olympics. Fraudsters are highly likely to employ established
techniques, such as advance fee, scam ticketing and employment fraud, to commit
their offences. With the UK due to host the 2012 Olympics, the Rugby World Cup
scheduled to be in the UK in 2015 and potentially the Football World Cup in 2018,
frauds using key events are highly likely to remain a significant threat to the UK for the
coming years. These key events bring a large number of foreign tourists into the UK.
This is likely to increase fraud on foreign payment cards, particularly those not Chip &
PIN enabled. These key sporting and cultural events do not have to be located within
the UK for someone based here to fall victim to an event related fraud.
It is also likely fraudsters will utilise the construction industry to perpetrate fraud where
large sums of money and high volumes of work are being carried out, such as
procurement or contract frauds. This is a particular area of risk if due diligence checks
are not carried out into the quality of commodities being supplied. In times of cost
pressures businesses may seek cheaper sourced products that may expose them to
obtaining counterfeit product within the infrastructure for UK major project works.
26
See also Section 5.2.6
This Alert is marked NOT PROTECTIVELY MARKED. 23
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
5.6 LEGISLATION, REGULATION AND PROCESSES
5.6.1 INCREASED UK REGULATION
It is likely that there will be an increase in the amount of regulation of the
financial services industry, with an emphasis on responsible lending and greater
due diligence. Greater regulation may also impact upon data protection
legislation and have implications for the amount and type of data sharing that is
permissible.
It is likely that increased scrutiny and regulation of financial services and the
establishment of dedicated agencies, will make the UK a more hostile place for
fraudsters. This may lead to them diverting their efforts overseas. However in parallel,
increased scrutiny and regulation of mainstream financial services may create an
opportunity for growth in unauthorised lending (not only at the door step but by front
firms offering extortionate loans) and applying fraudulent practices. A decrease in the
amount of data sharing, however, may result in making certain sectors of the UK
economy more viable targets. This is likely to have the greatest impact on public
sector, which is the UK’s largest victim of fraud and its enforcement and preventative
capabilities are critically dependent on information led deployment.
5.6.2 FRAUD AGAINST PUBLIC SECTOR REVENUE
There are many types of tax, duty and benefits systems within the UK. These are
subject to significant levels of loss by criminals utilising a number of methodologies and
enablers of fraud. HMRC, DWP and other government departments have teams
working to identify, disrupt, prosecute and reduce fraud. For example, HMRC has a
dedicated horizon scanning capability providing a broad range of strategic futures
assessments to support this.
It is highly likely that UK tax and duty revenues will continue to be subject to
sustained and serious criminal attacks in the next three to five years.
Amongst other types of fiscal fraud, it is highly likely that the relatively high cost of UK
excise goods coupled with pressures on household budgets, will maintain and increase
the incentive for fraudsters to engage in the distribution and supply of non UK duty paid
products (such as alcohol and tobacco). These will be obtained via established
smuggling methods, through the abuse of EU travel limits, and increasing quantities of
counterfeit products (smuggled from abroad or produced in the UK)
This type of fraudulent activity already accounts for a significant loss to public funds. It
is highly likely that the propensity to consume smuggled or other 'untaxed' excise
goods will increase in the face of general financial hardships coupled with high or
escalating costs of legitimate UK duty paid goods. In addition to the direct cost to the
exchequer, this will increase the funds available to serious organised criminal groups
and, in the case of counterfeit goods increase the level of public harm caused
through the consumption of potentially dangerous unregulated products.
The relative burden of taxation is likely to play a role in the absolute level of fraud in all
countries, and the UK is no exception. Differing taxation burdens within countries are
also likely to influence cross border fraud. The financial pressure of economic
downturn would be likely to increase fraudulent attacks and a growth in the hidden
economy including: a greater level of suppressed sales, evasion, the mis-declaration of
goods to avoid import taxes and an increase in the number of false claims for tax and
social security benefits. All these actions would have a direct impact on the level
of public funds.
5.6.3 ENVIRONMENTAL PROTECTION
It is highly likely that further legislation will be introduced in the next three to five
years that provides financial rewards and penalties for organisations
environmental conduct.
There will be significant financial incentives to implement environmental legislation that
rewards organisations that meet set standards and limits. This will increase existing
This Alert is marked NOT PROTECTIVELY MARKED. 24
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
tradable assets (such as Carbon Credits) and may create new ones, which will create
opportunities for fraudulent exploitation, particularly against the Government in the
context of repayments fraud. This is a large risk area that the UK Government has
previous experience of, e.g. the initial use of carbon credits as a commodity in MTIC 27
fraud.
5.6.4 IMPACT OF CONSUMER / DATA PROTECTION LEGISLATION ON
FRAUD
Consumer and data protection legislation may create additional challenges for
counter fraud activity in both public and private sectors.
Implementation of new consumer and data protection regulation particularly at EU and
international levels could increase the cost to business to maintain the integrity of
secure systems, share information on potential fraud and provide a cost effective /
competitive service. Business concerns on the Payment Services Directive suggest
that organisations affected will not have sufficient time to investigate and determine if
discrepancies are deliberate or accidental. Should fraud then be evidenced the
organisation will be required to recover funds already repaid, which is much more
difficult to recoup.
The adverse impact of legislation at an international level has similar repercussions;
the introduction of the Single European Payments Area (SEPA) initiative for the EU
financial infrastructure created a zone within which euro electronic transactions are
considered domestic. The SEPA was designed to improve the efficiency of cross
border payments and create a single domestic market for the euro to operate within.
The requirement of banks to expedite payments under SEPA results in fast moving
transactions with limited opportunity to identify and interdict fraudulent transactions.
The risk is further enhanced when the money is transferred across multiple jurisdictions
and there is a lack of effective data sharing arrangements.
Over the next three to five years, global economic pressures (when combined with
compliance with additional consumer protection requirements) will create cost and
competitive advantage tensions in effected sections of the business community. This
may reduce the effectiveness of voluntary codes intended to improve counter fraud
joint working.
5.6.5 CHANGES TO THE MACHINERY OF GOVERNMENT IN RESPONSE TO
FRAUD
It is highly likely the public sector counter fraud community will undergo
changes in structure and/or remit within the next three to five years.
Fraud perceptions, priority and awareness are under regular review within
Government. British policing is traditionally focused on public order and violent
offences reflecting social perceptions of priority. It is likely that greater public and
media awareness of fraud will increase following Government initiatives (including
Action Fraud) on: the primary effects of fraud (perceptions of quality of life reduced by
increased numbers of victims of fraud), and secondary effects (everyone paying an
increased security premium of cash through insurance premiums, software security,
bank charges). This will impact on considerations of priority across crime types and
law enforcement activity.
Reduced Funding
The future structural environment in which the public sector counter fraud community
operates is unclear, in terms of number and roles of agencies and organisations
working to detect, prevent, investigate and prosecute fraud. It is considered highly
likely that in the next three to five years there will be greater pressure for prioritisation
and rationalisation of public sector spending. This will require greater emphasis on
intelligence led direction of resources and evidence collection of fraud impact. This is
likely to create a challenge for UK law enforcement and regulatory bodies to ensure
that current and emerging areas of fraud do not ‘fall off the radar’ in terms of picture of
risk, impact and measurement.
27
Missing Trader Intra Community fraud (VAT fraud)
This Alert is marked NOT PROTECTIVELY MARKED. 25
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
Integration of Cyber policing
UK law enforcement agencies are currently challenged by the multi jurisdictional
aspects of tackling international fraud (with business trading, registration, records and
data processing often located in different jurisdictions). Significant growth in virtual
transactions and virtual ‘property’ will require cross jurisdictional cooperation between
enforcement and judicial bodies. This may require extensive treaty harmonisation of
offences, information sharing and joint enforcement resourcing to be effective.
This Alert is marked NOT PROTECTIVELY MARKED. 26
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
5.7 THE STATE OF THE ECONOMY
This section presents potential fraud developments based on alternate scenarios for
the economy in the next three to five years.
5.7.1 ECONOMIC GROWTH AND DIVERSIFICATION
The next three to five years is likely to see elements of economic growth,
possibly leading to an economic peak.
As the UK market steadily comes out of the recession it is highly likely there will be an
increase in the instances of fraud that are more prevalent in times of economic growth.
The value of property, commodities and shares will steadily rise and attempts to
perpetrate mortgage and boiler room type frauds will increase.
In addition, banks may be encouraged to support the economic growth through
improved loan and mortgage approval rates making the financial sector more
susceptible to fraud. Although the lending market may take some time to offer similar
deals as previously, and be more tightly monitored, the sector may be encouraged to
increase approval rate levels to help support economic activity. This is likely lead to an
increase in the number of fraudulent applications to obtain finance.
An environment of greater regulation and due diligence within industry will make it
more difficult for fraudsters but potentially shift the direction of attacks onto less
regulated sectors or overseas. However it may also create more work for businesses
and put additional pressure on already disgruntled employees. Stress, frustration and
demoralisation may lead to a greater risk of internal corruption.
It is possible post economic growth and the direction of consumer demand may
see an increase in business diversification within the technology and banking
financial sector.
It is possible that organisations will be seeking new business opportunities, to
maximise growth potential and take advantage of sectors previously viewed as difficult
to enter. The banking sector has experienced a drop in consumer trust and with the
current drive for convergence of services this presents an opportunity for business
diversification between technology and banking, e.g. the possible emergence of a
28
banks owned by international telecoms businesses . This diversification will add to
the already fragmented nature of the banking sector with many more small entities
involved, making the regulation of the sector more complex and resource intensive to
maintain and regulate.
The convergence of technology and banking presents a large opportunity to fraudsters
as it combines the two main areas vulnerable to abuse and exploitation.
5.7.2 A STAGNANT OR DECLININIG ECONOMY
Should the UK economy remain stagnant or the job market deteriorates it is
highly likely that there will be increased involvement in fraud by employees, and
former employees, facing greater pressure through increased workloads and
reduced income.
Consumer and business behaviour will depend on their confidence in the economy and
political establishment, which will be steered by the economic conditions experienced.
If the economic recovery is slow or experiences another dip back into recession then
there should be an expectation that public confidence will remain low. If this occurs it is
likely certain categories of fraud will increase, such as insurance fraud, internal
corruption, false statements of business viability, advanced fee fraud and mortgage
fraud at the repossession stage as opposed to application, by opportunist fraudsters
attempting to avoid bankruptcy or further debts.
It is highly likely that Government and Business Sector cuts will mean a reduction in
recruitment, forced retirements, increased redundancies and decreased salaries with
28
Following the example of Tesco and Sainsbury’s diversifying into banking, financial services and
telecommunications
This Alert is marked NOT PROTECTIVELY MARKED. 27
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
greater pressure on remaining staff to undertake larger workloads. Contraction to core
functions could increase the risk of fraud if this includes an overall reduction in
resources to prevent and detect fraud.
Dissatisfied employees will become more susceptible to engaging in fraudulent activity,
at some level. This will be evidenced through increasing levels of internal corruption
and abuse of office, e.g. selling of data or process knowledge or misappropriation of
assets. Fraudulent activity will be enabled through falsifying business and procurement
records, e.g. account and spending abuse, or professionals applying their skills to
assist fraudsters, e.g. with accountancy, legal advice or computing.
Attacks on public sector organisations could increase if consumers are dissatisfied by
low economic growth, poor job prospects and a feeling of loss of self worth. Attacks
may be committed by low level opportunist fraudsters looking to obtain benefits they
are not entitled to, through to much larger scale cyber attacks, designed to bring down
public sector networks.
Without effective intervention against all fraudulent activity, (including lower priority
areas of fraud) may lead to perceptions of socially acceptable levels of crime. Under an
economic environment of reduced levels of wealth this may lead to a shift in attitudes
towards entitlement and a split between the “haves” and the “have-not”. This split in
society benefits the fraudsters twofold; the “have’s” are targets for fraud via their
assets, and the “have-not’s” are vulnerable and may be more susceptible as victims of
scams or facilitating fraud in the hope of financial reward.
This Alert is marked NOT PROTECTIVELY MARKED. 28
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
6 ANNEXE A: CONTRIBUTORS
The NFA would like to thank the following organisations for their contributory Horizon
Scanning assessments
- British Bankers Association
- Building Societies Association
- Charity Commission
- CIFAS
- Dedicated Cheque and Plastic Crime Unit
- Drivers & Vehicles Licensing Authority
- Federation Against Copyright Theft
- Financial Fraud Action UK
- Her Majesty’s Revenue & Customs
- Home Office
- Metropolitan Police Service
- National Fraud Intelligence Bureau – City of London Police
- Serious Fraud Office
- Serious Organised Crime Agency
- Telecommunications UK Fraud Forum
- UK Border Agency
- The UK Cards Association
The NFA would like to thank the additional organisations for their input to the ‘7-
Questions’ exercise
- Association of British Insurers
- Association of Chief Police Officers
- Bank of England
- Companies Investigation Branch
- Department for Work & Pensions
- Finance & Leasing Association
- Insurance Fraud Bureau
- Office of Fair Trading
The NFA would like to thank the following organisations for their assistance and
contribution at the workshop
- Cabinet Office
- Department for Business, Innovation & Skills (Horizon Scanning Centre)
This Alert is marked NOT PROTECTIVELY MARKED. 29
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
7 ANNEXE B: OUTLINE OF METHODOLGY
The Approach
The approach adopted to direct this strategic futures project was as follows:
• Programme Board members were asked to complete a 7-Question survey that
considered past, current and future fraud issues and constraints within their
organisation;
• The survey results were collated and used to help identify what were the specific
concerns and issues to address in the futures assessment;
• This was used, with information obtained from open source research and futures
experts, to highlight the main drivers for change in the fraud arena;
• These drivers where prioritised to create an axis highlighting 4 future scenarios to
29
be used within the workshop structure ;
• The scenarios were presented to the HSWG in a workshop environment. The
purpose of the workshop was to explore current analysis and fraud threats across a
multi-agency prospective set within the 4 futures scenarios to challenge current
understanding of fraud risks. The workshop culminated in a teaming exercise to
develop an understanding of strengthens and weaknesses to fraudsters, law
enforcement and victims in each of the potential futures scenarios;
• The outputs of the workshop stimulated debate and futures thinking to guide the
analysis of individual organisation’s reports;
• The reports provided were collated and analysed to produce a draft consolidated
National Future Fraud Assessment.
• The draft assessment was subject to full peer review by contributing organisations
then submitted to the Programme 16 Board for adoption in final form.
29
Refer to Annexe B for a detailed descrip!ion of the scenarios used
This Alert is marked NOT PROTECTIVELY MARKED. 30
Please comply with the handling instructions at the end of this document.
NOT PROTECTIVELY MARKED
Protecting this document
This is a government document that has been graded as NOT PROTECTIVELY MARKED. There are no specific
requirements for storage or disposal and it can be considered as safe for wide distribution within your organisation.
This can extend to its use for training or awareness programmes for staff. However, unless otherwise specified, this
information is not intended for general public dissemination and should not be included on public facing websites,
external mailing lists, social media or other outlets routinely used by you to deliver information to the public. We
therefore request that you risk manage any onward dissemination in a considered way.
Alert Coloured Roundels
SOCA Alerts are marked with either a Red or Amber Roundel. This is designed to indicate the urgency of the warning.
Red may indicate a more immediate or specific threat, whilst those marked Amber will provide more general
information that may complement existing knowledge.
SOCA Prevention and Alerts
Recognising that the private sector is often the victim of serious organised crime and is engaged in its own efforts to
prevent, deter and frustrate criminal activity, SOCA Prevention and Alerts seeks to forge new relationships with
business and commerce that will be to our mutual benefit – and to the criminal’s cost. By issuing Alerts that warn of
criminal dangers and threats, Prevention and Alerts seeks to arm the private sector with information and advice it can
use to protect itself and the public. For further information about this Alert, please contact SOCA Industry Exchange
and Alerts Branch by email alerts@soca.x.gsi.gov.uk or by telephoning 020 7238 8541. For more information about the
Serious Organised Crime Agency go to www.soca.gov.uk.
Reducing harm – Providing information back to SOCA
We would like to remind you of the provisions contained in Section 34 Serious Organised Crime and Police Act 2005.
These provisions say that any information provided by you to SOCA, in order to assist SOCA to discharge its functions
which include the prevention and detection of crime, will not breach any obligation of confidence which you may owe to
any third party or any other restriction on the disclosure of information. S34 requires that disclosures of personal
information about living individuals by you to SOCA must still comply with the provisions of the Data Protection Act
1998 (DPA), but you may be satisfied that disclosure by you of such personal information to SOCA in order to assist
SOCA to prevent and detect crime is permitted by the DPA. Please, therefore, submit all S34 information to
alerts@soca.x.gsi.gov.uk.
Handling advice – Legal information
This information is supplied by SOCA under Section 33 of the Serious Organised Crime and Police Act 2005. It is
exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other
UK legislation. Except where permitted by any accompanying handling instructions, this information must not be further
disclosed without reference to SOCA in accordance with Section 35(1) of the Serious Organised Crime and Police Act
2005.
This report may contain ‘Sensitive Material’ as defined in the Attorney General’s guidelines for the disclosure of
‘Unused Material’ to the defence. Any sensitive material contained in this report may be subject to the concept of
Public Interest Immunity. No part of this report should be disclosed to the defence without prior consultation with the
originator.
Requests for further disclosure which are not permitted by any handling instructions or handling code must be referred
to the SOCA originator from whom you received this information, save that requests for disclosure to third parties
under the provisions of the Data Protection Act 1998 or the Freedom of Information Act 2000 and equivalent legislation
must be referred to SOCA’s Public Information Compliance Unit by e-mail on picuenquiries@soca.x.gsi.gov.uk.
This Alert is marked NOT PROTECTIVELY MARKED. 31
Please comply with the handling instructions at the end of this document.
