Document Sample
SOCA ALERT Powered By Docstoc
					                            NOT PROTECTIVELY MARKED


Alert A0A319N

National Future Fraud Assessment

This Amber Alert is issued by the Industry Exchange and Alerts Branch
of the Serious Organised Crime Agency (SOCA).           It is based on
assessed intelligence and warns of dangers and threats from serious
organised criminality.   It is devised with the aim of bringing about
preventative or remedial action. We recommend you use this Alert to
complement existing knowledge and support ongoing improvements to
your business processes and procedures. 

                  This Alert is marked NOT PROTECTIVELY MARKED.                         1
            Please comply with the handling instructions at the end of this document.
                        NOT PROTECTIVELY MARKED

                                                                              July 2010

National Future Fraud Assessment

The National Fraud Authority, working with public and private sector partners, has
developed a Horizon Scanning document covering the key future fraud threats over the
next three to five years. This Not Protectively Marked version of the assessment
examines a wide range of issues, from social to technological, and provides a high
level view of what trends might emerge as far as 2015.

What we would like you to do

On behalf of the National Fraud Authority and Working Group members, please use
this document to raise awareness of these potential fraud threats to your business. It
may also help inform your risk management or provide the basis for future talking
points concerning your business’ fraud prevention strategy.

The Alerts process is the way in which SOCA provides information to the private
sector. To help us to improve this service, we would welcome any feedback you have
on both the Alert itself and the information provided to you. Please email all feedback to and include the reference AA319AA in the subject line.

             This Alert is marked NOT PROTECTIVELY MARKED.                              2
       Please comply with the handling instructions at the end of this document.


       This Alert is marked NOT PROTECTIVELY MARKED.                         3
 Please comply with the handling instructions at the end of this document.
                                   NOT PROTECTIVELY MARKED


1        Introduction............................................................................................. 5
2        Assessment Base ................................................................................... 5
3        Executive Summary................................................................................. 7
4        What is Horizon Scanning ........................................................................ 9
5        Key Themes Within Contributory Assessments ........................................ 10
5.1      The Evolution of Technology ................................................................................. 10
5.1.1    Development of Malware ....................................................................................... 10
5.1.2    Development of Cloud Computing........................................................................ 11
5.1.3    Increased Reliance on Developing Technology ................................................. 12
5.1.4    Chip & PIN Technology .......................................................................................... 12
5.1.5    Growth of Pre-Payment (Pre-Paid) Cards ........................................................... 13
5.1.6    Increase in Online Businesses .............................................................................. 13
5.1.7    The Emergence of Virtual Worlds......................................................................... 14
5.1.8    Convergence in Relation to Devices .................................................................... 15
5.1.9    Convergence in Relation to Social Engineering ................................................. 16
5.1.10   Technical Challenges in Establishing Identity .................................................... 16
5.2      Criminality and Modus Operandi .......................................................................... 18
5.2.1    Evolution of Fraud Business Models .................................................................... 18
5.2.2    Increased use of Employees with Key Knowledge or Data Access ................ 18
5.2.3    Fraud as a Facilitator for Other Criminality ......................................................... 19
5.2.4    Increased Diversity and Reach of Social Engineering Techniques................. 19
5.2.5    Increased Use of Legitimate Business Services to Facilitate Fraud ............... 20
5.2.6    Vulnerability of the Third Sector ............................................................................ 20
5.3      The Victims of Fraud............................................................................................... 21
5.3.1    Vulnerable Individuals ............................................................................................ 21
5.3.2    Organisations ........................................................................................................... 21
5.4      Increased Globalisation of Fraud .......................................................................... 22
5.5      Key Events ............................................................................................................... 22
5.6      Legislation, Regulation and Processes................................................................ 23
5.6.1    Increased UK Regulation ....................................................................................... 23
5.6.2    Fraud against public sector revenue .................................................................... 23
5.6.3    Environmental Protection ....................................................................................... 24
5.6.4    Impact of Consumer / Data Protection Legislation on Fraud ........................... 24
5.6.5    Changes to the Machinery of Government in Response to Fraud .................. 25
5.7      The State of the Economy ..................................................................................... 26
5.7.1    Economic Growth and Diversification .................................................................. 26
5.7.2    A Stagnant or Declining Economy ........................................................................ 26
6        Annexe A: Contributors .......................................................................... 28
7        Annexe B: Outline of Methodology .......................................................... 29

                 This Alert is marked NOT PROTECTIVELY MARKED.                                                                4
           Please comply with the handling instructions at the end of this document.
                                   NOT PROTECTIVELY MARKED

     This assessment has been produced by the Horizon Scanning Working Group 1
     (HSWG), drawn from the member organisations of the Serious Organised Crime (SOC)
     Fraud Programmes, to examine the key future fraud threats that are likely to impact
     public, private and third sector organisations within the next 3 to 5 years. The
     assessment sets out to answer “What are the key future fraud threats (and
     enablers of fraud) likely to impact on my organisation and business sector 3 to 5
     years in the future?”

     This assessment has been written for the members of SOC Fraud Programme Boards
     and readers within the wider counter fraud community (where deemed appropriate).
     The issues raised in this assessment does not create or replace Government policy but
     are intended to inform debate and decision making by senior policy and deployment

     This assessment has identified a number of potential future fraud threats that, in the
     opinion of the HSWG merit further consideration by the counter fraud community.
     These are detailed in section 5 below. In each case the nature of the change is
     identified, how the change may be exploited by fraudsters and action that might be
     taken to remove or mitigate the threat. It should be noted that:

         -     The assessment is based on material that has been made available by the
               contributing organisations of the HSWG (see Annexe A).
         -     It is highly likely that extended research and wider participation in this programme
               would identify additional issues and areas of concern to the counter fraud
         -     Many of the issues identified within this report potentially merit a dedicated body
               of research or a fraud workstream, requiring multi agency action in their own

     In addition to producing the first national future fraud assessment, the HSWG have
     demonstrated the capability to deliver a programme of forward looking analysis to
     support the counter fraud community develop proactive and preventative policies.

     Guide to Probabilistic Language
     Although future events are not guaranteed, the following probabilistic language has
     been used to convey the likely occurrence of an event.

             Highly Likely       Indicates the most probable outcome, e.g. it is highly likely
                                 reliance on technology will continue increasing.
             Likely              Indicates a probable alternative or secondary outcome, e.g. It is
                                 likely technical devices will increasingly be used for dual
                                 purposes by multiple people.
             Possible            Indicates a possible but less likely outcome, e.g. it is possible
                                 that chip & PIN security technology will be compromised within
                                 the next 10 years.

         Refer to Annexe A for HSWG contributors
                      This Alert is marked NOT PROTECTIVELY MARKED.                              5
                Please comply with the handling instructions at the end of this document.
                             NOT PROTECTIVELY MARKED

     This assessment uses established analytical strategic futures and horizon scanning
     techniques combining information and assessments provided by contributing
     organisations across the public, private and third sector. Through workshops and
     contributory assessments a wide and representative assessment of fraud threats have
     been identified and captured. 17 organisations of the 29 invited to participate were able
     to provide contributory assessments. It has not been possible to incorporate all issues
     or eventualities and at this stage of knowledge we are not able to provide quantified
     impact that would give meaningful priority to the threats identified. The National Future
     Fraud Assessment nevertheless integrates the body of future fraud knowledge into a
     single consolidated assessment for the first time.

     The intelligence cut-off date for this assessment was 31 March 2010.

                  This Alert is marked NOT PROTECTIVELY MARKED.                             6
            Please comply with the handling instructions at the end of this document.
                              NOT PROTECTIVELY MARKED

     This report provides the first national assessment of potential future fraud threats. Its
     purpose is to raise awareness of plausible developments which could emerge relating
     to fraud methodologies and enablers over the next three to five years.

     This report does not predict the future; instead it seeks to pre-empt risks which could
     arise from a range of different future conditions. By considering these, this report aims
     to strengthen the counter fraud community’s ability to develop more resilient plans to
     mitigate potential emerging risks.

     This report does not attempt to replace established strategy and policy development
     processes. It seeks to inform debate, consideration of priorities and decision making.
     To this end the following aspects of the assessment are drawn to your attention:

     Technological developments will make fraud increasingly international and multi-
     jurisdictional. Global expansion of the high speed internet infrastructure will see key
     developing regions expand into new information technology economies. These regions
     will be rapidly exploited by criminal networks to facilitate international fraud. It is highly
     likely that the most significant future threats to the UK will originate outside UK
     jurisdiction. Fraudsters operating across multiple, often disjointed, layers of jurisdiction
     will be the most significant challenge to both national and international counter fraud
     communities. Gaps in information sharing and lack of coordination by business and
     public sector will be exploited between and within jurisdictions.

     Technological and economic drivers will lead to significant changes in business
     systems and the formats of payment which could be exploited by fraudsters. The
     redundancy of payment-by-cheque in the UK will speed transactions and reduce costs
     but will also increase the risk of fraud to those less able to adjust. It is highly likely that
     fraudsters will exploit ordinary user’s lack of knowledge of the full capabilities,
     implications and risks of online and payments technology both before and during the
     transitionary phases between the old and the new.

     Fraud will increasingly exploit our growing economic and social dependence on
     electronic business and online entertainment. Malicious software (malware) will
     continue to match and exceed technical security and anti-viral measures as a result of
     the competitive escalation between hackers and the IT security community. The use of
     more virulent malware will be exacerbated by increasingly sophisticated coordinated
     electronic attacks that combine both denial of service and fraudulent attacks on
     government services and technical infrastructures, including international business

     Cloud computing services are highly likely to rapidly expand with government and
     business sectors contracting out their IT needs to shared-service suppliers. This will
     be driven by competitive advantage (and declining public funds) and the need for
     increased capacity for IT infrastructure and data storage at reduced costs. The risks
     inherent in losing local and national control of corporate data and storage outside of
     national jurisdiction will need to be carefully mitigated by encryption of data and the
     establishment of more secure ‘private’ clouds. The ‘return on investment’ for
     successful penetration of shared financial services or public sector clouds is likely to
     attract the interest of state level actors and their proxies to carry out fraudulent attacks
     on the UK within the next 3 to 5 years. In particular, the benefit for breaking the
     encryption of tax and benefit details held within an integrated ‘eGovernment’ cloud
     could make this the UK’s top hacking target for fraud. These threats will drive the need
     for better joint working across the counter fraud community and a more regulated
     approach within particularly sensitive business areas e.g. banking and Government.

                  This Alert is marked NOT PROTECTIVELY MARKED.                                   7
            Please comply with the handling instructions at the end of this document.
                        NOT PROTECTIVELY MARKED

Device convergence will see more user originated functionality and services being
made available though mobile devices (combining phone, internet, GPS and other
functions). These devices will increasingly be used for online banking and money
transfers, and eventually for contactless payments. The threat of malware on handheld
devices is seen as potential threat and may have been significantly underestimated by
their previous limited use in enabling fraud.         Current trends towards device
convergence and a move to mobile banking and other financial services will rapidly
increase Smartphone exploitation by fraudsters for financial gain.

The evolution of fraud ‘business models’ will increase as new and lucrative fraud
methodologies are rapidly exploited and spread through an industrialised and ‘virtual’
international fraud community. Saturation of established fraud methodologies will drive
the entrepreneurs of the fraud community to quickly exploit new and emerging social
and technical opportunities for fraud. This exploitation will tend to follow the patterns of
normal business development models including: proof of concept and product testing,
followed by rapid exploitation and expansion through specialised division of labour and
ultimately franchising the methodologies to new entrants.

Economic stresses will increase the risk of fraud through individuals occupying key
positions of knowledge, data access and professional trust. Personnel in business
sectors previously considered being in secure and stable employment (such as
bankers, financial advisors, property specialists, lawyers and associated public sector
specialists) are likely to be more vulnerable to corruption by crime groups. The number
of individuals engaged in fraud is likely to increase as a result of the continuing impact
of economic difficulties combined with the additional opportunities and niches emerging
in new and flexible fraud methods.

Fraud will continue to be driven by profit, with criminals seeking the maximum return for
the least effort or risk and fully exploiting opportunities. The type and nature of victims
will evolve with new and developing fraud methodologies. Fraudsters will continue to
exploit lack of awareness of fraud, lack of due diligence and any systemic or design
weaknesses. They will increasingly use social engineering techniques and deception
to defraud and obtain information that can be exploited for fraud. Third sector
organisations in particular will be increasingly vulnerable to fraud and exploitation both
from a UK and international perspective.

Economic challenges to reduce overheads and costs in all organisations will remain
and it is highly likely that the resources available to prevent fraud will be adversely
impacted by being reduced within public and business communities. The post election
political environment will see greater pressure for prioritisation and rationalisation of
spending on counter fraud activities. These cuts are likely to be linked to changes in
the machinery of Government that will require greater emphasis on prioritised and
intelligence led direction of resources, and a smarter business and Government

             This Alert is marked NOT PROTECTIVELY MARKED.                                8
       Please comply with the handling instructions at the end of this document.
                              NOT PROTECTIVELY MARKED

     “Horizon scanning is the systematic examination of potential threats, opportunities and
     likely future developments which are at the margins of current thinking and planning.
     Horizon scanning may explore novel and unexpected issues, as well as persistent
     problems or trends. Overall, horizon scanning is intended to improve the robustness of
     policies and evidence base 2 ”.

     Strategic futures analysis was developed in World War II and became popular in the
     business world in the 1960s, when methods that attempted to predict a single future
     were incorrect and often led to unexpected surprises. Futures techniques consider
     ranges of possible, plausible futures so that planning can be put in place to adapt to,
     and minimise the impact of, various conditions. Horizon Scanning is one such process
     used to identify potential futures other techniques include scenario planning, visioning,
     reverse engineering and wind tunnelling.

     Horizon scanning does not aim to forecast or predict the future but follows an analytical
     methodology in order to inform and help decision makers to plan effectively against the
     most likely threats in the future.

     Horizon scanning as a capability for the development of strategic planning has been
     recognised and adopted by the committee of Permanent Secretaries and is being
     adopted extensively across Government departments. The community of practitioners
     within Government are led and supported by a dedicated national Horizon Scanning
     Centre based in the department of Business Innovation and Skills and the Cabinet
     Office Horizon Scanning Unit.

         DEFRA 2002
                    This Alert is marked NOT PROTECTIVELY MARKED.                           9
              Please comply with the handling instructions at the end of this document.
                                   NOT PROTECTIVELY MARKED



        Malware, short for malicious software, are programs designed to infiltrate a computer
        system without the owner's informed consent. The expressio! is a general term used by
        computer professionals to mean a variety of forms of hostile, intrusive, or ‘annoying’
        software or program code. The term "computer virus" is sometimes used as a catch-all
        phrase to include all types of malware, including true viruses.

        Malware is highly likely to continue growing in frequency and effectiveness in the
        next three to five years.
        A new malware component is released every 1.5 seconds and, despite the availability
        of anti-viral software, these compromise thousands of systems in the UK every day. In
        a large number of instances this malware will be used to capture personal information
        from the infected computers to enable fraud. This will facilitate ID theft of those
        targeted, and also compromise payment card details and internet banking logons.
        These attacks will enable fraudsters to carry out transactions with the victim’s card and
        take over their bank account.

        It is highly likely that the availability and sophistication of malware will expand over the
        next three to five years. This will involve more sophisticated types of malware, such as
        a polymorphic virus which have code that automatically changes and evolves once
        installed on an infected device, preventing recognition by mainstream anti-malware
        software. Growing consumer demand to download a wide variety of applications, for
        personal and business use, provides fraudsters with many different channels to insert
        malware disguised by legitimate applications. Fraudsters will seek to gain unauthorised
        access to personal information or direct links into online services. It is highly likely that
        malware will increasingly target mobile devices and Smartphones . Fraudsters will
        exploit the increasing sophistication of computer based services and dependence on IT
        systems. This will be exploited using a number of techniques, for example:

            Anonymous attacks: It is highly likely that technical developments in anonymity
            routers and other software designed to hide the origin of malware will make it more
            difficult for law enforcement to track and take action following successful attacks.

            Blended attacks: Combines successful infiltration of malware, such as a Trojan,
            onto a legitimate website and sends an email, targeted at the victim to appear
            legitimate, which contains an embedded link to an infected website (also victim to
            the attack). This email avoids traditional anti-virus systems and when the victim
            opens the link, it downloads malware which can bypass traditional web filters.
            Man in the browser attacks : Web browser vulnerabilities allow hackers to control
            the information between the sender and receiver. Trojan viruses such as ZEUS are
            currently being used this way to defraud ‘secure’ online banking.

        Compound or complementary attacks will be increasingly used against large financial
        institutions and Government departments. International Distributive Denial of Service
        (DDoS) 5 attacks are likely to increasingly be targeted at western institutions. Whilst
        these disruptive attacks will continue to be motivated by political or corporate rivalry,
        they will increasingly be used by fraudsters as a form of ‘distraction burglary’.
        Fraudsters, under cover of a DDoS attack, will launch complementary acquisitive
        malware attacks, exploiting the fact that IT security systems and staff are distracted
          See also Section 5.1.8
          Linked to ‘man in the middle’ and ‘man in the PC’ attacks: Exploiting weaknesses allowing fraudulent
        extraction of information and the take over of vulnerable systems (Bots) to disrupt and defraud.
          When thousands of computers infected with malware are herded together to attack the websites and
        systems of a target business in order to disrupt and shut down their ability to operate.
                      This Alert is marked NOT PROTECTIVELY MARKED.                                        10
                Please comply with the handling instructions at the end of this document.
                                       NOT PROTECTIVELY MARKED

        with the ‘main attack’. Although currently confined to the Russian sphere and the
        Middle East, this is likely to spread to richer targets in the West and become a very
        significant threat in the next three to five years.

        The complexity of these attacks will grow in the next three to five years rapidly adapting
        to potential technical, systemic and social counter measures.

        Cloud computing is a term used to describe a set of IT services and infrastructure that
        are provided to a customer over a network on a leased basis, creating the ability to
        adjust the size and level of service as they require. Cloud services are usually
        delivered by a third party provider who owns the infrastructure. It offers organisations
        considerable benefits in terms of being able to scale up or down their IT services, such
        as applications, platform or infrastructure, on demand. Services are leased and
        therefore customers do not incur capital costs of IT resources and equipment as they
        would in traditional IT service models. In cloud computing IT operations are
        outsourced to the cloud; the risk is not. Accountability for customer and business
        sensitive data resides with the cloud customer who may not have the same levels of
        control that existed within a single jurisdiction / treaty area.

        It is highly likely that developments in data storage will continue to advance,
        leading public and private organisations to shift to cloud computing technology.
        It is also highly likely cloud computing will challenge our ability to protect data
        and take action against those fraudulently using it.
        Developments in data storage, both in terms of capacity and method, have changed
        dramatically in the past five years. Cloud computing is the next generation of data
        storage that is already employed by the private sector. Currently there is a lack of
        accepted cloud computing standards at a national, EU and worldwide level. There are
        wide ranging legal and regulatory issues in cloud computing covering: rights to data,
        possible security loopholes, outsourcing and subcontracting. In particular, national
        laws and regulations governing interception and disclosure of data in jurisdictions in
        which data is stored, or transmitted across, needs to be clarified and brought in line
        with existing international and EU regulations.

        The large number of third parties involved in a data ‘cloud’, and its geographical
        dispersion, means that risk assessment and assurance activities are likely to be more
        complex, time consuming and costly. There are also a number of IT data recovery
        risks associated with hosting data in multi-tenanted centres, including the corruption of
        customer data, overloading of computing resources and incorporating disparate IT
        disaster recovery requirements.

        Public and private organisations and individuals are potentially exposed to fraud
        through their use, directly or indirectly, of cloud storage. For example, banks
        traditionally maintain close control over their IT and are currently reluctant to use cloud
        computing, due to concerns about security, regulatory compliance, data transfer,
        reliability and inter-operability. However, the growth in cloud computing over the next
        three to five years is highly likely to drive the commercial sector to this IT solution for
        reasons of competitive advantage and cost savings. This could result in bank
        customer data increasingly being held by third parties who use cloud computing, with
        or without the knowledge of the bank, creating a potential greater risk of data
        compromise .

        Cloud computing will, however, allow organisations access to greater levels of storage
        and increase connecting capability between datasets due to a central storage area. As
        a positive outcome, this would allow for greater data matching and verification
        opportunities across the sector to detect and prevent fraud.

            Cloud computing is already used by third party organisations of banks
                         This Alert is marked NOT PROTECTIVELY MARKED.                          11
                   Please comply with the handling instructions at the end of this document.
                                      NOT PROTECTIVELY MARKED

        It is highly likely as our reliance on developing technology increases that users
        will remain unaware of the full risks associated with data transfer via unsecured
        wireless networks and in public spaces such as: stations, on trains or in cafes
        and pubs.
        Increasing use and reliance on technology to provide more private and public services
        online, and Government encouragement to use them 7 , will increase individuals and
        organisations’ exposure to fraud. Consumers will suffer more targeted phishing
        attacks, especially against vulnerable groups and inexperienced internet users who are
        highly likely to be encouraged to use online services. Many new users will not have the
        knowledge to protect themselves, or an awareness of the increasingly sophisticated
        means by which fraudsters try to obtain details from their victims. From an
        organisation point of view: although access to public services and data via the internet
        will increase efficiency and minimised costs, it brings with it an increased threat to the
        security of business and Government data assets through online hacking and other
        similar data attacks.

        The increasingly mobile lifestyle and the numerous locations where consumers’ access
        websites are highly likely to create increased opportunities for fraud. It is likely
        consumers level of security awareness, whilst operating via mobile hotspots, may not
        match the increased risks. Thus they could potentially access suspect websites and
        download malware onto their device, e.g. passing the time on a journey, distracted in a
        café or whilst playing games. There is also an increasing threat that interception of
        data can take place in these hotspots via unsecured wireless networks.

        Given current consumer preferences to obtain the latest technology and the
        increasingly competitive environment, it is highly likely that a number of new products
        will become available without robust security checking. Newly released products
        regularly have security issues or program problems requiring subsequent upgrades.
        This further highlights an opportunity for fraudsters to exploit and compromise these
        devices and programmes.

        Chip & PIN technology successfully reduced the level of ‘point of sale’ fraud and,
        despite the shift to ‘cardholder not present’ fraud continues to be the standard of
        secure payment worldwide. Although unlikely in the timeframe analysed for this
        report, it is possible this technology will eventually be compromised.
        Use of the EMV 8 based chip card security technology known, as ‘Chip & PIN’ in the UK
        will continue to grow globally as the international standard for secure card payment in
        the next three to five years. Commercial imperative will continue to drive ‘format
        evolution’ 9 ; in the context of consumer payment transactions this is leading to the
        withdrawal of cheques which will see an increase the number of users and transactions
        by plastic card.

        Although there is no evidence of compromise 10 to the core protocol of Chip & PIN
        transactions, the card industry has been monitoring the availability of technology and
        knowledge required to carry out attacks to clone chip cards. There have been clone
        attacks carried out in France in 2007 and from work carried out within the card
        payments industry it is understood that the current Static Data Authentication (SDA)
        EMV cards can be compromised relatively easily and plausible clones produced for use
        in some transaction environments 11 .

           Digital Britain initiatives.
          EuroPay, MasterCard, Visa
           All consumer technology media, platforms and formats are in constant evolution – redundant systems are
        no longer supported by the business community requiring customers to ‘upgrade’ eg video to DVD; analogue
        to digital TV.
            Whilst it is probable that it will be compromised at some point this is unlikely within the next 3 to 5 years
        [Comment from The UK Cards Association and British Bankers Association]
            To date there is little evidence of the capability being in the hands of criminals but we do have limited
        evidence from internet chat rooms that there is interest in EMV card cloning.
                       This Alert is marked NOT PROTECTIVELY MARKED.                                                 12
                 Please comply with the handling instructions at the end of this document.
                                        NOT PROTECTIVELY MARKED

        Knowledge 12 of the vulnerability and the relative ease with which plausible clones can
        be developed suggests that it is likely that a fraudulent capability could exist within
        three to five years. The scale of the threat is likely to be determined by relative cost
        and return on investment considerations by potential fraudsters.

        In response to the threat, the UK card industry is enhancing the security features of its
        cards by introducing Dynamic Data Authentication (DDA) cards (which are currently
        extremely difficult to clone). The roll out of these cards will take up to three years so a
        residual vulnerability will exist which needs to be monitored.

        In the next three to five years it is likely that enhanced risk assessment
        procedures for credit cards and a more regulated approach to credit lending, will
        lead to an increase in the use of pre-payment cards.
        Pre-payment cards were introduced to facilitate consumers managing their finances
        and ensure that they do not overspend on credit. They also enable consumers who fail
        to meet the criteria for conventional banking to use this form of payment. However,
        they also present fraudsters with an opportunity to launder money and to transfer the
        proceeds of crime overseas.

        As these cards present no financial risk to the card issuer, they are easy to obtain and
        applications do not attract high levels of application risk scrutiny. This makes them
        convenient and easy to obtain by fraudsters. Money can be transferred onto these
        cards from any account and potentially, spent anonymously anywhere in the world. In
        addition, prepaid card issuers are not necessarily UK-based financial institutions

        Some of the pre-payment cards available do not have the latest security technology
        installed, such as Chip & PIN, thus they are more susceptible to known frauds, both
        within the UK and overseas.

        Consumers will become more exposed and dependent on technology, as the
        services and products provided by businesses and Government are made
        available online in order to reduce cost, remain competitive and retain market
        Access to products and services will continue to shift away from traditional in-store
        shopping to online outlets. Increased delivery of Government services and functions
        online will take place through the further development of online Government. This will
        increase consumer’s potential exposure to fraud, especially in relation to financial
        services or where financial transactions take place.

        There is a particular risk within the third sector which attracts a high perception of trust
        and as a result, the public may not be as vigilant with their details on charity-related
        websites and response to related emails.

        In an attempt to remain competitive by moving business to the online environment
        whilst reducing costs, some organisations take risks by not using technical specialists
        to design, set up and manage their online business. This exposes organisations to
        fraudulent attacks due to the lack of protection their site offers them, their website and
        their customers. In addition business and public sector organisations seeking to
        reduce costs may reduce expenditure on the development or deployment of technology
        and security, potentially exposing them to fraud either through malicious attacks by
        hackers or corrupt employees not being monitored via robust due diligence checks.

        Over the past five years the banking sector has rapidly developed, in terms of the
        availability and use of online services. In the next three to five years the risk of
        exposure to fraud will continue and is likely to increase when combining consumer
        demand for instant access to financial services (such as a Smartphone application to

             Google search on Chip & PIN fraud brings back 2.5 million hits
                         This Alert is marked NOT PROTECTIVELY MARKED.                           13
                   Please comply with the handling instructions at the end of this document.
                                       NOT PROTECTIVELY MARKED

        set up a direct debit, transfer funds or launch other banking services) with unsecure
        mobile and/or wireless devices.

        Other sectors which require financial transactions may not be as fraud aware and
        responsive as the banking sector, relying on others to spot fraudulent behaviour.
        Shopping websites are prone to fraud but plastic card protocols have been developed
        to limit exposure for those with minimal fraud experience. Reckless or collusive
        behaviour remains a risk and shopping websites may depend on banks to spot suspect
        transactions rather than implement robust security checks within their ordering
        systems. This creates an entry point for exploiting and removes possible additional
        checks to assist in fraud prevention work. Online retail in the UK will experience a
        compound annual growth rate of 10% over the next five years, to reach a value of
        €40bn (£36bn) by 2015 .

        It is highly likely the number of fraudulent online businesses and services will
        mirror the growth of legitimate online business.
        The increase in the number of legitimate businesses, including Government
        organisations, going online will provide an opportunity for fraudsters to make fraudulent
        offers through the unauthorised use of legitimate organisations’ identities (e.g. bogus
        ‘account compromise’ warning emails). In addition to this fraudsters may also operate
        under deceptively similar business/URL names (e.g. Micosoft instead of Microsoft) to
        commit fraud directly or to obtain personal information.

        It is highly likely there will be a continuing decline in consumer demand for
        physical media (i.e. DVD, CDs) as the market moves online and more products
        are downloaded.
        Consumer demand is moving to the Internet as the main source for media content
        (such as films, television and music), reducing the demand for physical media, such as
        DVDs. Whilst there is likely to remain a demand for physical media for the foreseeable
        future, the emphasis for enforcement of copyright law will move from physical
        duplication and point of sale locations to the online environment.

        Consumer demand is moving towards high definition content and fraudsters will seek to
        source and supply counterfeit versions of these products. The risk of targeted attacks
        against high definition sources (such as legitimate video streaming and film download
        services, and delivery lorries containing high definition Blu-ray discs) will increase. The
        demand for this content will allow fraudsters to charge a higher price for their wares,
        with little increase in costs, which will increase their potential criminal gain and make
        this area of fraud more attractive.

        Recent film counterfeiting investigations have shown associations to serious organised
        crime groups with potential links into other serious criminality, which highlights the
        potential high level of profits this area of fraud attracts and use of it to fund other

        A virtual world is a type of online community that often takes the form of a computer-
        based simulated environment, through which users can interact with one another and
        use and create objects. Virtual worlds are designed for its users to inhabit and interact
        within. The term has become synonymous with interactive 3-D virtual environments 14 ,
        where users take the form of avatars visible to others graphically.

        It is highly likely there will be an increasing use of virtual world environments,
        both for leisure and business purposes within the next 3 to 5 years.
        The virtual world is increasing in sophistication and its widening appeal to all
        generations across business and gaming environments. There is a risk that the level of
        security awareness by individuals can be lower and unguarded in a “game world”.

             Forrester Research
             Second Life and World of Warcraft are leading examples of virtual world environments/platforms.
                         This Alert is marked NOT PROTECTIVELY MARKED.                                         14
                   Please comply with the handling instructions at the end of this document.
                                    NOT PROTECTIVELY MARKED

        Users are more willing to trust people in a game situation and are prepared to hand
        over money, personal details or follow website links with fraudulent outcomes.

        The gaming world is expanding into a ‘real world’ simulation with the incorporation of e-
        cash, which is convertible to ‘hard currency’, to buy and sell virtual commodities. This
        e-cash is purchased at a rate of exchange 15 that when favourable, provides an
        opportunity for fraudsters to launder proceeds of crime through simulation games at
        potentially better rates than in the standard market, and with less risk of detection. The
        decrease in the use of sterling and move into e-cash by fraudsters will also benefit
        those who find it difficult to deposit large amounts of money into their bank accounts
        without risk of notifying authorities.

        The growth of online activities (social-networking sites, on-line shopping and games)
        on virtual platforms and transferable online currencies, add complexities for jurisdiction,
        law enforcement and recovery of assets. These sites also provide additional social
        engineering opportunities for fraudsters to exploit.

        Expansion and technical development of the Internet into Web 2.0 during the next three
        to five years, and Web 3.0 in around five years time, will create significant changes in
        the way we obtain, manage, integrate and use information, much of which is
        unobtainable under the current web structures. Plans are in place to develop Web 3.0
        ‘the semantic web’, which will read and assess content to enable sites to interact with
        other sites and to build profiles or avatars. The powerful marketing and research
        capability will create increased opportunities for fraudulent activities through gaining
        detailed knowledge of individuals and their online history identity through theft for use
        in spear phishing . This is likely to create a threat to anyone with extensive online
        history, vulnerable to semantic cross referencing of profile information, regardless of
        current levels of personal information and online identity management.

        Fraudsters are increasingly likely to use the virtual world to communicate with each
        other. The development of online criminal forums, social networking sites and virtual
        worlds, plus cheap mobile telephony and computer-to-computer connections will be
        used by fraudsters to communicate to each other. However, concentration of criminal
        activity on such sites will create an opportunity for greater surveillance by law
        enforcement and the intelligence community.

        It is highly likely device convergence via Smartphones and other mobile
        personal devices, combined with overriding market demand for these products
        over the next three to five years, will make these devices a critical target to
        enable fraud.
        The demand for, and supply of, products that provide all-in-one technology, such as
        Smartphones, is rapidly increasing. These devices with converged communications,
        internet, and GPS functionality also provide rapid connectivity to a vast array of online
        services, particularly banking services, covering both personal and business needs. It
        is possible that this will include contactless payments in the next three to five years.

        It is highly likely the introduction of GPS technology in devices used for social
        profiling and information gathering will be exploited by fraudsters.
        The increased availability of mobile personal devices such as Smartphones that allow
        the collection of GPS data on customers will be a valuable information source for the
        business community. It is likely that its commercial value will see this data being
        harvested by service providers and used to enhance current loyalty card data profiling.
        This information will also be targeted by fraudsters to enhance their social engineering
        based attacks, by incorporating location fraudulent approaches can be made more

         £1 = 443 Linden Dollars (
          The use of social engineering techniques to target specific audiences with phishing emails, containing
        more relevant information and potentially more convincing details to deceive victims.
                      This Alert is marked NOT PROTECTIVELY MARKED.                                          15
                Please comply with the handling instructions at the end of this document.
                                     NOT PROTECTIVELY MARKED

        It is likely consumer demand for contactless technology payments combined
        with device convergence and the growth in malware capability will be exploited
        by fraudsters.
        Over the next three to five years handsets will be developed to enable their use as a
        method of contactless technology payment, storing virtual cash and other ‘swipeable’
        services via the introduction of applications. Industry sources predict ‘explosive growth’
        of Smartphone malware within this timeframe as fraudsters cultivate new generations
        of malware targeted to exploit the vulnerabilities of handheld Smartphone platforms.
        This could result in the loss of both money and valuable data.

        It is likely that single information-communication-technology (ICT) devices 17 will
        be used for both personal and business use over the next three to five years, and
        these devices will be used by more than one individual.
        It is likely that fraudsters will increasingly exploit the growing use of the Internet to
        obtain personal details through social networking sites. With younger and older users
        having access to the internet, ICT devices are increasingly being used by everyone for
        a wide range of activities, such as personal banking, remote working, research,
        shopping, correspondence and games. This environment can result in users not being
        fully aware of potential exposure to malware or suspect websites when carrying out
        activities that involve financial transactions or revealing personal information that could
        be used in phishing attacks. In addition it is increasingly common for ICT devices to be
        connected online continuously, allowing malware to operate for many hours unnoticed
        once the device has been compromised.

        It is highly likely identity documentation will become increasingly more
        sophisticated making the opportunity for forgery, alterations and misuse much
        harder. In addition ‘Know Your Customer’ (KYC) risk assessments are likely to
        be enhanced in line with tighter regulations and due diligence combine to reduce
        the opportunities for fraud and the enablers of fraud, such as money laundering.
        Government backed forms of identity verification, including those issued by other
        countries, although not a legal requirement will increasingly become a necessity for
        everyday transactions, especially where financial risk is involved. This will increase the
        value of successful attacks by fraudsters on issuing departments of Government
        backed forms of ID.

        Whilst passports and other travel documents are becomingly increasingly sophisticated
        and thus more robust against fraud, fraudsters will continue to seek to exploit any
        weaknesses. We are likely to see a shift away from counterfeit or altered documents
        towards fraudulently obtained identity documents to perpetrate fraud. With the shift
        towards fraudulently obtained documents, it is likely the supporting documents for
        applications will be increasingly forged or altered. Other forms of documentation,
        particularly those accepted by industry as identity, will be forged or fraudulently
        obtained (e.g. driving licenses, birth certificates and National Insurance numbers).

        Over the next three to five years commercial pressure may reduce the number of
        commonly acceptable forms of ID used in commercial transactions. Non-secure hard
        copy forms (birth certificates, utility bills and wage slips) will be less accepted as proof
        of identity. Personal information as proof of identity (such as mother’s maiden name,
        primary school) will become increasingly unreliable following trawling of data from
        social networking sites, data farming other online sources.

        The business community are likely to develop identity solutions such as the emergence
        of an 'electronic ID document' for the banking sector. This is likely to emerge from one
        of the credit reference agencies (who already offer a partial form of this) This will be
        supported by procedural measures, with businesses investing in stronger application
        fraud vetting at point of application across both retail and commercial banking, to

             Such as laptops, mobile phones and PDAs
                         This Alert is marked NOT PROTECTIVELY MARKED.                           16
                   Please comply with the handling instructions at the end of this document.
                           NOT PROTECTIVELY MARKED

ensure a minimum group standard is achieved. Electronic ID credentials will
increasingly be used to authenticate transactions (with the erosion of the effectiveness
of traditional "static" ID questions). With the advent and proliferation of Smartphones
the banking industry confirms an increase in demand for and use of internet banking,
which will drive the requirement for secure methods of financial and non-financial
transaction authentication. Some banks have invested in, and issued to customers, the
EMV cap reading devices. But other banks are considering more ‘consumer friendly’
methods, tailored to the specific channel, such as mobile phones which are likely to be
introduced within the next three to five years.

More sophisticated identity documents for transactions will increase the pressure on
fraudsters to create more convincing false identities. This escalation is likely increase
the need for a biometric component in two or even three factor authentications .
Current biometric attributes are likely to feature as a growing requirement for an
increasing number of lower level transactions towards the end of the three to five year
period. The use of DNA for biometric identification sits beyond this time period.

Despite the provision of security measures in any system, verification will still be reliant
on human input within the timeframe of this report. Therefore, human error, negligence
and socially engineered compromise will remain a significant vulnerability.

   What the user knows (PIN code); what the user has (the ID document); what the user is (their unique
biometric attributes)
              This Alert is marked NOT PROTECTIVELY MARKED.                                        17
        Please comply with the handling instructions at the end of this document.
                                     NOT PROTECTIVELY MARKED


        Fraudsters will adopt established business models and best practice to
        industrialise fraud using the internet and other facilitators of global ecommerce.
        Over the next three to five years fraud will mirror an increasingly industrialised and
        globalised business model, with the ‘stages of production’ distributed, aspects will be
        specialised and geographically separated, others will be mass produced. Open market
        brokerage of fraudulently acquired credit and bank details will expand and diversify.

        Fraud entrepreneurs will utilise both criminal and online networks to operate fraud on a
        commercial scale exploiting specialists and the division of labour. It is highly likely that
        the internet will become the dominant method for fraudsters to buy and sell
        compromised personal and payment information. New fraudsters will not need to
        possess all the skills or knowledge to facilitate a fraud (or even form crime groups that
        cover all those skill sets), as they will be able to buy or sell the ‘components’ needed to
        facilitate fraud via online forums. This will include purchasing code to infect computers
        with malware, the sale and purchase of compromised data, as well as fraud instruction
        manuals and ‘online training’.

        Over the next three to five years the following are likely to increasingly feature and
        grow in prominence:
           It is likely that the division of labour already used in fraud networks will grow in
           complexity. Allowing significant numbers of freelance technical specialists working
           online harvesting and then selling data to those committing fraud, without directly
           exploiting it themselves.
           Changes to the structure of organised crime will continue to evolve away from
           physical and hierarchical organisations to communities of transient virtual criminal
           networks. These will operate by specific transactions, accumulating reputations to
           develop trust in a form of ‘cloud crime’.
           Fraud information brokerage sites 20 will increasingly provide high levels of return for
           timely, high quality data (e.g. live credit card details direct from a secure bank
           database), that can be auctioned in packets to maximise profit. In turn, the return
           on investment calculation for targeting commercial and Government held bulk data
           will rapidly grow. Although extremely desirable to fraudsters, bulk data remains the
           hardest to acquire, requiring significant acquisition investment (and risk) with limited
           means of realising its value.
           Fraud kits will be supplied to an expanded work force of part time entrepreneurial
           professionals (e.g. for credit card harvesting) who will use online trading sites to sell
           on information exploitable for fraud (a ‘Fraud eBay’). Malware and fraud data
           brokerage forums will hide behind increasingly sophisticated technical counter
           surveillance and ‘legitimate’ corporate fronts.
           Use of internet based communications systems (secure Skype) will be fully utilised
           to avoid conventional law enforcement surveillance.
           The quality of counterfeit goods will increase with growth in ‘offline‘production .
           This will be particularly apparent where there is a high return on investment which
           often sits with safety critical consumables such as pharmaceuticals.

        It is likely increasing numbers of individuals with key knowledge or access to
        data will be attracted to the financial reward of fraud and targeted by criminals.
        The significant impact of the economic downturn combined with the industrialisation of
        fraud methodologies on employees in a number of business areas with key skills 22 , will
        lead to an increase in professionally qualified or technically skilled people engaging in
        fraudulent activity.
           Traditionally used when trading in physical commodities and contraband, such as drugs and prostitution.
           Such as the former “Darkmarket” fraud trading site.
           Factory managers producing legitimate goods supplying off record to black and grey markets.
           e.g. public sector specialists, bankers, financial advisors, property specialists and lawyers
                       This Alert is marked NOT PROTECTIVELY MARKED.                                             18
                 Please comply with the handling instructions at the end of this document.
                                 NOT PROTECTIVELY MARKED

        Any decrease in legitimate employment opportunities across many areas of private and
        public sector work will be exploited by fraudsters, who will utilise the IT and process
        skills of corruptible professionals. Individuals who would not otherwise contemplate
        criminal activity will be enticed through social engineered ‘consultancy opportunities’
        with the veneer of legitimacy and detachment from direct contact with victims (such as
        providing knowledge of financial / banking / IT system weaknesses for bogus ‘security
        management’ businesses). The professionalisation of fraud is likely to manifest in a
        number of ways over the next three to five years including:

            Professional skills will increasingly be provided to enable fraud through consultancy
            services via ‘front’ management companies.
            Those with technical IT and financial skills will be able to undertake ‘packaged
            fraud’ work on part time / working from home basis.
            Fraud methodologies will continue to adapt to the social preferences of new
            generations of fraudsters. Currently online compromised information exchanges
            appeal to the generation Y ‘online gaming’ fraudster through the acquisition of
            levels and tokens (in addition to cash) in exchange for fraudulent trades.

        It is likely organised crime groups will increasingly use fraud to finance and
        facilitate other criminal activities.
        Changes in fraud methodologies are lowering the barriers to entry for established
        organised criminal groups, who are increasingly engaging in fraudulent activity as part
        of their portfolio of crime.

        Established organised crime groups are likely to become more involved in fraud,
        attracted to the low risks and high potential for profit. Organised crime groups involved
        in high level criminality, have been identified as major players in the production and
        distribution of counterfeit films within the UK. Counterfeit DVDs are a growing area of
        fraud, as pressure on consumer’s budgets persuades individuals to buy lower priced,
        poor quality counterfeit discs. The increasing criminal involvement in the trade has
        seen groups target public locations, such as public houses and shopping centres, to
        sell their product, increasing the visibility of the issue. Counterfeit media is just one
        area of fraud that is linked to organised criminality. Better sharing of information on
        those involved in fraud may reveal more links to serious criminality highlighting the
        importance of enhanced fraud intelligence and case development work to gain an
        accurate assessment of the level of risk.

         A wide and expanding range of social engineering techniques will be developed
         and deployed, involving on-line, phone and face to face channels. These
         techniques will increasingly enable fraud, as deceptive approaches become
         more sophisticated and convincing to the victim.
        In the next three to five years phishing emails and similar approaches through other
        media will continue. As individuals become more aware of these threats, fraudsters will
        increasingly use social engineering techniques to deceive their potential victim, e.g.
        spear phishing. It is likely that fraudsters will continue to use social networking to their
        advantage, misleading people into revealing their personal details through online sites.
        Criminal groups are highly likely to establish websites, such as dating sites, for the
        express purpose of collecting personal information. Technology enhancements will
        allow fraudsters to employ social engineering techniques easily and thus able to target
        their scams to specific audience sectors.

        It is likely that companies will increasingly become victims of targeted phishing emails,
        for example via procurement emails. By compromising one user in an organisation, a
        fraudster will obtain information that will allow spear phishing against other employees
        or business partners. Organisations that hold data on customer identity alongside
        lifestyle choices, e.g. shopping patterns, loyalty cards usage, music preference or
        holiday choices, will be valuable targets. This data will be sought to enhance
                      This Alert is marked NOT PROTECTIVELY MARKED.                              19
                Please comply with the handling instructions at the end of this document.
                                    NOT PROTECTIVELY MARKED

        fraudulent attacks on their customers in spear phishing attacks. Organisations will be
        particularly vulnerable to:
            Social engineering of software developers, increase in sabotage for gain in the face
            of redundancy.
            Targeting of staff in Government and financial services with access to sensitive
            systems and information 23 .

5.2.5          INCREASED USE OF                LEGITIMATE       BUSINESS        SERVICES       TO
               FACILITATE FRAUD
        It is highly likely a number of business services offered by legitimate
        organisations to support the growth in mobile working, will be used as enablers
        of fraud.
        Services such as postal redirection and PO boxes, telephone redirection, office service
        providers and name changing have been used by fraudsters to enable fraud. These
        services are crucial to legitimate business and the emphasis for fraud detection and
        prevention lies with robust systems and procedures.

        It is highly likely that organisations offering business support products and
        services that provide ‘virtual’ businesses with a detached physical presence will
        increase, with the growth of online business in the next three to five years.
        These products and services necessary for legitimate virtual businesses will also be
        utilised by fraudsters to conceal their physical location and/or identity. The threats will
        be fundamentally the same as those used by non-virtual fraudsters (see above).

        The third sector is targeted for fraud, both from external attacks and internally
        from bogus charity organisations. Charities operate internationally and work
        across borders. Due to their trusted position they can legitimately gather, store
        and move money and commodities quickly.
        Whilst other sectors may experience more regulation over the next three to five years
        the third sector needs to continue to operate in a relatively open framework to get aid to
        hard-to-reach places. It is likely that general economic difficulties will increase the
        dependence on the work of charities making them increasingly vulnerable to fraudulent
        targeting by bogus victims, and that this will include sophisticated criminal attacks by
        organised criminal groups. It is also likely that fraudsters will increasingly seek to
        establish bogus charities to exploit the sectors lower enforcement profile.

        As cheques are phased out donations by SMS text and online payments will become
        more common. The third sector will continue to accept cash collections and this will
        continue to be exploited. Growth in other payment methods to the third sector will be
        quickly exploited by fraudsters.

             See also Section 5.3
                         This Alert is marked NOT PROTECTIVELY MARKED.                          20
                   Please comply with the handling instructions at the end of this document.
                                NOT PROTECTIVELY MARKED


         It is highly likely victims of fraud will continue to be diverse, in relation to age,
         background, ethnicity and education: however the most vulnerable groups will
         be particularly targeted and exploited by fraudsters.
        The focus of fraudulent attacks on vulnerable people is well known and will continue.
        There are many reasons why an individual may be considered vulnerable, such as a
        lack of skill or understanding of technical risks, the methods of fraudsters and social
        distractions (including exploitable domestic crisis). Cultural and generational habits can
        make certain groups susceptible to particular types of fraud, e.g. the younger
        generation are less suspicious of the Internet.

        Vulnerabilities are likely to follow change, e.g. cheques will start to be withdrawn from
        general use within the next three to five years forcing their current users to use
        alternative methods of payment. Although the withdrawal of cheques will see an end to
        frauds such as cheque washing, it is likely habitual users of cheques will be less aware
        of the risks in alternative payment methods or retail channels, and fall victim to being
        targeted and deceived into buying products from fraudsters seeking to take advantage
        of their lack of knowledge.

        UK based individuals will continue to be vulnerable to fraud from overseas, potentially
        falling outside UK jurisdiction for enforcement action and recovery of assets.
        Fraudsters have used social engineering profile techniques to target individuals
        seeking to move overseas. By offering and charging for fictitious services to assist the
        individual, such as banking, utility or accommodation services. This type of fraud is
        also used against those looking for a second home overseas or holiday services.

        It is highly likely new groups of victims could emerge from technical
        developments and economic change. Their vulnerabilities will be rapidly
        identified, targeted and exploited by fraudsters.
        The recent economic crisis led to significant corporate downsizing in affected sectors.
        This presented fraudsters with new categories of victim, particularly amongst skilled
        professionals. Fraudsters will adapt their targeting techniques accordingly to exploit
        the vulnerabilities of these groups, such as manipulating the desire to maintain their
        lifestyle, offering of bogus job opportunities or exploiting their knowledge of systems
        and software weaknesses.

        Changes to business models and strategies over the next three to five years, are
        likely to increase both private and public organisations exposure to fraud.
        Companies are victims of fraud and, similar to individuals, are currently facing financial,
        resource and business changes that may affect their internal processes and levels of
        due diligence. It is highly likely following increased press coverage of security
        breaches, organisations will receive a significant number of bogus fraud claims, e.g.
        fraud victim fraud. This is likely to follow a similar profile to insurance frauds, such as
        staged car accidents scams, and other threats within the sector.

        Current initiatives to place more public services online could expose Government
        datasets to fraudulent attack, either through hacking or malware techniques. Schemes
        that provide cost and resource efficiencies within the public sector should be supported
        but only made available after rigorous testing. Continually ensuring systems and
        processes are risk assessed for attempts to obtain data for the use in fraud.

        In the next three to five years, changes in the structure of businesses will result in a
        reduction in headcount with loss of expertise, possible outsourcing of key business
        areas and the reduction in capability of robust internal audits, are likely to expose
        organisations to fraud.

                     This Alert is marked NOT PROTECTIVELY MARKED.                              21
               Please comply with the handling instructions at the end of this document.
                                    NOT PROTECTIVELY MARKED

      Economic globalisation will continue to expand over the next three to five years
      with transnational integration of businesses with key new economies extending
      their global economic influence.             Much of this will be driven by new
      communications infrastructure: particularly the global expansion of high speed
      Globalisation will increasingly enable fraudsters to operate within the UK from an
      overseas base. The rapid growth of IT service sectors and high speed internet
      infrastructures will increase the involvement of BRIC 24 countries in the economy of the
      UK. Their limited regulatory and counter fraud enforcement capabilities are unlikely to
      develop to match their growth in technical capability. This ‘permissive environment’ for
      fraud will be extremely attractive for international fraud; in particular less regulated
      countries will become host locations for fraudsters avoiding the jurisdiction of target
      countries. These ‘outsourced’ frauds will present a number of challenges particularly in
      relation to: jurisdiction conflicts, different legislative frameworks and data sharing
      barriers. Any unresolved challenges could be exploited by international fraud, such as
      cross border property scams, mortgage and overseas land banking.

      Growth and greater UK dependency on virtual systems for business and consumer
      transactions will increase the value and vulnerability to the use of economic attacks,
      particularly fiscal fraud, on the UK by state actors and their proxy’s.

      It is likely that DDoS attacks will increasingly feature in international business in the
      next three to five years, with fraud being used as a tool to undermine rival brands
      through reputational damage. There are a number of places these attacks can
      originate from. They currently feature very strongly within Eastern Europe and the
      former Soviet Union as a tool in corporate rivalry, including attacks on Western and
      Middle Eastern banks operating within the region. Future threats are likely to involve
      compound actions, such as DDoS attacks on Government and business infrastructure,
      which exploit vulnerabilities and are coordinated with fraudulent attacks .

      Rapid economic growth in the Asia Pacific region will increase its vulnerability and
      capacity for transnational fraud. UK business will be increasingly dependent on IT
      services based in key Asia Pacific countries. It is likely that facilitation of fraud against
      UK interests will increase with increased business dependence. This development
      may also lead to a reverse flow of fraud facilitation (from UK and the West against
      victims in the region).

      Global expansion of high speed Internet into the developing world, combined with
      technology skipping (going straight to wireless, missing out the infrastructure cost of
      cabling) will provide a significant capability boost to established local organised crime
      groups. Locations in the developing world are likely to be utilised by international
      criminal cartels exploiting lower levels of regulation and law enforcement capability.

         Brazil, Russia, India, China are identified collectively in the body of strategic future’s analysis as emerging
      economic superpowers.
         Directly though complementary follow up electronic attacks or through social exploitation of victims for
      example through front companies offering post crisis technical support or by attaching malware to legitimate
      technical support sites
                     This Alert is marked NOT PROTECTIVELY MARKED.                                                  22
               Please comply with the handling instructions at the end of this document.
                                    NOT PROTECTIVELY MARKED

      It is highly likely that pandemics or other disasters will occur in the next three to
      five years, and fraudsters will seek to exploit public fear and crisis support for
      Natural and humanitarian disasters are highly likely to occur within the next three to five
      years and provide opportunities for fraudsters to commit crime. Over the past few
      years the UK has experienced several high level warnings of pandemics, e.g. bird and
      swine flu. Potentially there will be similar situations in the future which fraudsters will
      exploit by offering pharmaceuticals, either counterfeit or non existent, to sell and
      capitalise on public fear.

      Fraudulent charities linked to major disasters will not only capture the initial payment
      but card details can be used to commit further on-line fraud with the advantage of
      access to security codes and passwords.

      Fraudsters will also seek to exploit compassion for victims of natural or other global
      disasters, e.g. via the charity sector. This could be achieved by creating bogus
      charities that target the UK for donations, which could be organised and run from
      anywhere in the world .

      It is highly likely fraudsters will use future sporting and cultural events taking
      place around the world to perpetrate fraud.
      Major sporting and cultural events have been used by fraudsters to perpetrate fraud,
      e.g. at the Beijing Olympics. Fraudsters are highly likely to employ established
      techniques, such as advance fee, scam ticketing and employment fraud, to commit
      their offences. With the UK due to host the 2012 Olympics, the Rugby World Cup
      scheduled to be in the UK in 2015 and potentially the Football World Cup in 2018,
      frauds using key events are highly likely to remain a significant threat to the UK for the
      coming years. These key events bring a large number of foreign tourists into the UK.
      This is likely to increase fraud on foreign payment cards, particularly those not Chip &
      PIN enabled. These key sporting and cultural events do not have to be located within
      the UK for someone based here to fall victim to an event related fraud.

      It is also likely fraudsters will utilise the construction industry to perpetrate fraud where
      large sums of money and high volumes of work are being carried out, such as
      procurement or contract frauds. This is a particular area of risk if due diligence checks
      are not carried out into the quality of commodities being supplied. In times of cost
      pressures businesses may seek cheaper sourced products that may expose them to
      obtaining counterfeit product within the infrastructure for UK major project works.

           See also Section 5.2.6
                       This Alert is marked NOT PROTECTIVELY MARKED.                            23
                 Please comply with the handling instructions at the end of this document.
                                 NOT PROTECTIVELY MARKED


        It is likely that there will be an increase in the amount of regulation of the
        financial services industry, with an emphasis on responsible lending and greater
        due diligence. Greater regulation may also impact upon data protection
        legislation and have implications for the amount and type of data sharing that is
        It is likely that increased scrutiny and regulation of financial services and the
        establishment of dedicated agencies, will make the UK a more hostile place for
        fraudsters. This may lead to them diverting their efforts overseas. However in parallel,
        increased scrutiny and regulation of mainstream financial services may create an
        opportunity for growth in unauthorised lending (not only at the door step but by front
        firms offering extortionate loans) and applying fraudulent practices. A decrease in the
        amount of data sharing, however, may result in making certain sectors of the UK
        economy more viable targets. This is likely to have the greatest impact on public
        sector, which is the UK’s largest victim of fraud and its enforcement and preventative
        capabilities are critically dependent on information led deployment.

        There are many types of tax, duty and benefits systems within the UK. These are
        subject to significant levels of loss by criminals utilising a number of methodologies and
        enablers of fraud. HMRC, DWP and other government departments have teams
        working to identify, disrupt, prosecute and reduce fraud. For example, HMRC has a
        dedicated horizon scanning capability providing a broad range of strategic futures
        assessments to support this.

        It is highly likely that UK tax and duty revenues will continue to be subject to
        sustained and serious criminal attacks in the next three to five years.
        Amongst other types of fiscal fraud, it is highly likely that the relatively high cost of UK
        excise goods coupled with pressures on household budgets, will maintain and increase
        the incentive for fraudsters to engage in the distribution and supply of non UK duty paid
        products (such as alcohol and tobacco). These will be obtained via established
        smuggling methods, through the abuse of EU travel limits, and increasing quantities of
        counterfeit products (smuggled from abroad or produced in the UK)

        This type of fraudulent activity already accounts for a significant loss to public funds. It
        is highly likely that the propensity to consume smuggled or other 'untaxed' excise
        goods will increase in the face of general financial hardships coupled with high or
        escalating costs of legitimate UK duty paid goods. In addition to the direct cost to the
        exchequer, this will increase the funds available to serious organised criminal groups
        and, in the case of counterfeit goods increase the level of public harm caused
        through the consumption of potentially dangerous unregulated products.

        The relative burden of taxation is likely to play a role in the absolute level of fraud in all
        countries, and the UK is no exception. Differing taxation burdens within countries are
        also likely to influence cross border fraud. The financial pressure of economic
        downturn would be likely to increase fraudulent attacks and a growth in the hidden
        economy including: a greater level of suppressed sales, evasion, the mis-declaration of
        goods to avoid import taxes and an increase in the number of false claims for tax and
        social security benefits. All these actions would have a direct impact on the level
        of public funds.

        It is highly likely that further legislation will be introduced in the next three to five
        years that provides financial rewards and penalties for organisations
        environmental conduct.
        There will be significant financial incentives to implement environmental legislation that
        rewards organisations that meet set standards and limits. This will increase existing

                     This Alert is marked NOT PROTECTIVELY MARKED.                                 24
               Please comply with the handling instructions at the end of this document.
                                       NOT PROTECTIVELY MARKED

        tradable assets (such as Carbon Credits) and may create new ones, which will create
        opportunities for fraudulent exploitation, particularly against the Government in the
        context of repayments fraud. This is a large risk area that the UK Government has
        previous experience of, e.g. the initial use of carbon credits as a commodity in MTIC 27

        Consumer and data protection legislation may create additional challenges for
        counter fraud activity in both public and private sectors.
        Implementation of new consumer and data protection regulation particularly at EU and
        international levels could increase the cost to business to maintain the integrity of
        secure systems, share information on potential fraud and provide a cost effective /
        competitive service. Business concerns on the Payment Services Directive suggest
        that organisations affected will not have sufficient time to investigate and determine if
        discrepancies are deliberate or accidental. Should fraud then be evidenced the
        organisation will be required to recover funds already repaid, which is much more
        difficult to recoup.

        The adverse impact of legislation at an international level has similar repercussions;
        the introduction of the Single European Payments Area (SEPA) initiative for the EU
        financial infrastructure created a zone within which euro electronic transactions are
        considered domestic. The SEPA was designed to improve the efficiency of cross
        border payments and create a single domestic market for the euro to operate within.
        The requirement of banks to expedite payments under SEPA results in fast moving
        transactions with limited opportunity to identify and interdict fraudulent transactions.
        The risk is further enhanced when the money is transferred across multiple jurisdictions
        and there is a lack of effective data sharing arrangements.
        Over the next three to five years, global economic pressures (when combined with
        compliance with additional consumer protection requirements) will create cost and
        competitive advantage tensions in effected sections of the business community. This
        may reduce the effectiveness of voluntary codes intended to improve counter fraud
        joint working.

        It is highly likely the public sector counter fraud community will undergo
        changes in structure and/or remit within the next three to five years.
        Fraud perceptions, priority and awareness are under regular review within
        Government. British policing is traditionally focused on public order and violent
        offences reflecting social perceptions of priority. It is likely that greater public and
        media awareness of fraud will increase following Government initiatives (including
        Action Fraud) on: the primary effects of fraud (perceptions of quality of life reduced by
        increased numbers of victims of fraud), and secondary effects (everyone paying an
        increased security premium of cash through insurance premiums, software security,
        bank charges). This will impact on considerations of priority across crime types and
        law enforcement activity.

        Reduced Funding
        The future structural environment in which the public sector counter fraud community
        operates is unclear, in terms of number and roles of agencies and organisations
        working to detect, prevent, investigate and prosecute fraud. It is considered highly
        likely that in the next three to five years there will be greater pressure for prioritisation
        and rationalisation of public sector spending. This will require greater emphasis on
        intelligence led direction of resources and evidence collection of fraud impact. This is
        likely to create a challenge for UK law enforcement and regulatory bodies to ensure
        that current and emerging areas of fraud do not ‘fall off the radar’ in terms of picture of
        risk, impact and measurement.

             Missing Trader Intra Community fraud (VAT fraud)
                         This Alert is marked NOT PROTECTIVELY MARKED.                            25
                   Please comply with the handling instructions at the end of this document.
                        NOT PROTECTIVELY MARKED

Integration of Cyber policing
UK law enforcement agencies are currently challenged by the multi jurisdictional
aspects of tackling international fraud (with business trading, registration, records and
data processing often located in different jurisdictions). Significant growth in virtual
transactions and virtual ‘property’ will require cross jurisdictional cooperation between
enforcement and judicial bodies. This may require extensive treaty harmonisation of
offences, information sharing and joint enforcement resourcing to be effective.

             This Alert is marked NOT PROTECTIVELY MARKED.                            26
       Please comply with the handling instructions at the end of this document.
                                   NOT PROTECTIVELY MARKED

        This section presents potential fraud developments based on alternate scenarios for
        the economy in the next three to five years.

        The next three to five years is likely to see elements of economic growth,
        possibly leading to an economic peak.
        As the UK market steadily comes out of the recession it is highly likely there will be an
        increase in the instances of fraud that are more prevalent in times of economic growth.
        The value of property, commodities and shares will steadily rise and attempts to
        perpetrate mortgage and boiler room type frauds will increase.

        In addition, banks may be encouraged to support the economic growth through
        improved loan and mortgage approval rates making the financial sector more
        susceptible to fraud. Although the lending market may take some time to offer similar
        deals as previously, and be more tightly monitored, the sector may be encouraged to
        increase approval rate levels to help support economic activity. This is likely lead to an
        increase in the number of fraudulent applications to obtain finance.

        An environment of greater regulation and due diligence within industry will make it
        more difficult for fraudsters but potentially shift the direction of attacks onto less
        regulated sectors or overseas. However it may also create more work for businesses
        and put additional pressure on already disgruntled employees. Stress, frustration and
        demoralisation may lead to a greater risk of internal corruption.

        It is possible post economic growth and the direction of consumer demand may
        see an increase in business diversification within the technology and banking
        financial sector.
        It is possible that organisations will be seeking new business opportunities, to
        maximise growth potential and take advantage of sectors previously viewed as difficult
        to enter. The banking sector has experienced a drop in consumer trust and with the
        current drive for convergence of services this presents an opportunity for business
        diversification between technology and banking, e.g. the possible emergence of a
        banks owned by international telecoms businesses . This diversification will add to
        the already fragmented nature of the banking sector with many more small entities
        involved, making the regulation of the sector more complex and resource intensive to
        maintain and regulate.

        The convergence of technology and banking presents a large opportunity to fraudsters
        as it combines the two main areas vulnerable to abuse and exploitation.

        Should the UK economy remain stagnant or the job market deteriorates it is
        highly likely that there will be increased involvement in fraud by employees, and
        former employees, facing greater pressure through increased workloads and
        reduced income.
        Consumer and business behaviour will depend on their confidence in the economy and
        political establishment, which will be steered by the economic conditions experienced.
        If the economic recovery is slow or experiences another dip back into recession then
        there should be an expectation that public confidence will remain low. If this occurs it is
        likely certain categories of fraud will increase, such as insurance fraud, internal
        corruption, false statements of business viability, advanced fee fraud and mortgage
        fraud at the repossession stage as opposed to application, by opportunist fraudsters
        attempting to avoid bankruptcy or further debts.

        It is highly likely that Government and Business Sector cuts will mean a reduction in
        recruitment, forced retirements, increased redundancies and decreased salaries with

            Following the example of Tesco and Sainsbury’s diversifying into banking, financial services and
                      This Alert is marked NOT PROTECTIVELY MARKED.                                      27
                Please comply with the handling instructions at the end of this document.
                        NOT PROTECTIVELY MARKED

greater pressure on remaining staff to undertake larger workloads. Contraction to core
functions could increase the risk of fraud if this includes an overall reduction in
resources to prevent and detect fraud.

Dissatisfied employees will become more susceptible to engaging in fraudulent activity,
at some level. This will be evidenced through increasing levels of internal corruption
and abuse of office, e.g. selling of data or process knowledge or misappropriation of
assets. Fraudulent activity will be enabled through falsifying business and procurement
records, e.g. account and spending abuse, or professionals applying their skills to
assist fraudsters, e.g. with accountancy, legal advice or computing.

Attacks on public sector organisations could increase if consumers are dissatisfied by
low economic growth, poor job prospects and a feeling of loss of self worth. Attacks
may be committed by low level opportunist fraudsters looking to obtain benefits they
are not entitled to, through to much larger scale cyber attacks, designed to bring down
public sector networks.

Without effective intervention against all fraudulent activity, (including lower priority
areas of fraud) may lead to perceptions of socially acceptable levels of crime. Under an
economic environment of reduced levels of wealth this may lead to a shift in attitudes
towards entitlement and a split between the “haves” and the “have-not”. This split in
society benefits the fraudsters twofold; the “have’s” are targets for fraud via their
assets, and the “have-not’s” are vulnerable and may be more susceptible as victims of
scams or facilitating fraud in the hope of financial reward.

             This Alert is marked NOT PROTECTIVELY MARKED.                            28
       Please comply with the handling instructions at the end of this document.
                           NOT PROTECTIVELY MARKED


    The NFA would like to thank the following organisations for their contributory Horizon
    Scanning assessments

     -   British Bankers Association
     -   Building Societies Association
     -   Charity Commission
     -   CIFAS
     -   Dedicated Cheque and Plastic Crime Unit
     -   Drivers & Vehicles Licensing Authority
     -   Federation Against Copyright Theft
     -   Financial Fraud Action UK
     -   Her Majesty’s Revenue & Customs
     -   Home Office
     -   Metropolitan Police Service
     -   National Fraud Intelligence Bureau – City of London Police
     -   Serious Fraud Office
     -   Serious Organised Crime Agency
     -   Telecommunications UK Fraud Forum
     -   UK Border Agency
     -   The UK Cards Association

    The NFA would like to thank the additional organisations for their input to the ‘7-
    Questions’ exercise

     -   Association of British Insurers
     -   Association of Chief Police Officers
     -   Bank of England
     -   Companies Investigation Branch
     -   Department for Work & Pensions
     -   Finance & Leasing Association
     -   Insurance Fraud Bureau
     -   Office of Fair Trading

    The NFA would like to thank the following organisations for their assistance and
    contribution at the workshop

     -   Cabinet Office
     -   Department for Business, Innovation & Skills (Horizon Scanning Centre)

                 This Alert is marked NOT PROTECTIVELY MARKED.                         29
           Please comply with the handling instructions at the end of this document.
                                     NOT PROTECTIVELY MARKED


     The Approach

     The approach adopted to direct this strategic futures project was as follows:

    •       Programme Board members were asked to complete a 7-Question survey that
            considered past, current and future fraud issues and constraints within their

    •       The survey results were collated and used to help identify what were the specific
            concerns and issues to address in the futures assessment;

    •       This was used, with information obtained from open source research and futures
            experts, to highlight the main drivers for change in the fraud arena;

    •       These drivers where prioritised to create an axis highlighting 4 future scenarios to
            be used within the workshop structure ;

    •       The scenarios were presented to the HSWG in a workshop environment. The
            purpose of the workshop was to explore current analysis and fraud threats across a
            multi-agency prospective set within the 4 futures scenarios to challenge current
            understanding of fraud risks. The workshop culminated in a teaming exercise to
            develop an understanding of strengthens and weaknesses to fraudsters, law
            enforcement and victims in each of the potential futures scenarios;

    •       The outputs of the workshop stimulated debate and futures thinking to guide the
            analysis of individual organisation’s reports;

    •       The reports provided were collated and analysed to produce a draft consolidated
            National Future Fraud Assessment.

    •       The draft assessment was subject to full peer review by contributing organisations
            then submitted to the Programme 16 Board for adoption in final form.

          Refer to Annexe B for a detailed descrip!ion of the scenarios used
                      This Alert is marked NOT PROTECTIVELY MARKED.                          30
                Please comply with the handling instructions at the end of this document.
                                        NOT PROTECTIVELY MARKED

Protecting this document

This is a government document that has been graded as NOT PROTECTIVELY MARKED. There are no specific
requirements for storage or disposal and it can be considered as safe for wide distribution within your organisation.
This can extend to its use for training or awareness programmes for staff. However, unless otherwise specified, this
information is not intended for general public dissemination and should not be included on public facing websites,
external mailing lists, social media or other outlets routinely used by you to deliver information to the public. We
therefore request that you risk manage any onward dissemination in a considered way.

Alert Coloured Roundels

SOCA Alerts are marked with either a Red or Amber Roundel. This is designed to indicate the urgency of the warning.
Red may indicate a more immediate or specific threat, whilst those marked Amber will provide more general
information that may complement existing knowledge.

SOCA Prevention and Alerts

Recognising that the private sector is often the victim of serious organised crime and is engaged in its own efforts to
prevent, deter and frustrate criminal activity, SOCA Prevention and Alerts seeks to forge new relationships with
business and commerce that will be to our mutual benefit – and to the criminal’s cost. By issuing Alerts that warn of
criminal dangers and threats, Prevention and Alerts seeks to arm the private sector with information and advice it can
use to protect itself and the public. For further information about this Alert, please contact SOCA Industry Exchange
and Alerts Branch by email or by telephoning 020 7238 8541. For more information about the
Serious Organised Crime Agency go to

Reducing harm – Providing information back to SOCA

We would like to remind you of the provisions contained in Section 34 Serious Organised Crime and Police Act 2005.
These provisions say that any information provided by you to SOCA, in order to assist SOCA to discharge its functions
which include the prevention and detection of crime, will not breach any obligation of confidence which you may owe to
any third party or any other restriction on the disclosure of information. S34 requires that disclosures of personal
information about living individuals by you to SOCA must still comply with the provisions of the Data Protection Act
1998 (DPA), but you may be satisfied that disclosure by you of such personal information to SOCA in order to assist
SOCA to prevent and detect crime is permitted by the DPA. Please, therefore, submit all S34 information to

Handling advice – Legal information

This information is supplied by SOCA under Section 33 of the Serious Organised Crime and Police Act 2005. It is
exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other
UK legislation. Except where permitted by any accompanying handling instructions, this information must not be further
disclosed without reference to SOCA in accordance with Section 35(1) of the Serious Organised Crime and Police Act

This report may contain ‘Sensitive Material’ as defined in the Attorney General’s guidelines for the disclosure of
‘Unused Material’ to the defence. Any sensitive material contained in this report may be subject to the concept of
Public Interest Immunity. No part of this report should be disclosed to the defence without prior consultation with the

Requests for further disclosure which are not permitted by any handling instructions or handling code must be referred
to the SOCA originator from whom you received this information, save that requests for disclosure to third parties
under the provisions of the Data Protection Act 1998 or the Freedom of Information Act 2000 and equivalent legislation
must be referred to SOCA’s Public Information Compliance Unit by e-mail on

                           This Alert is marked NOT PROTECTIVELY MARKED.                                    31
                     Please comply with the handling instructions at the end of this document.

Shared By: