Report Fraud: Action on fraud data

We’ve spoken to thousands of authorised push payment fraud (APPF) victims since we launched in 2021. We’ve come to realise one key issue. Fraud data in the UK doesn’t reflect the reality that victims face.

This is due to a combination of different factors, and there isn’t a silver bullet for fixing the data problem. Like a lot of things in the Financial Crime world, it’s complex. But a new approach may be needed to incentivise victims to Report Fraud.

There are two starting places, however, to look at when considering fraud data. Looking at each of these sources will never tell the whole picture. We’ve tried to explain why below.

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cybercrime, run by the City of London Police. When someone has been the victim of fraud, it is always sensible to ensure that the crime is reported through the website. Action Fraud works on a triage system, so the more people who report a type of crime, or a specific entity, the more likely law enforcement are to follow up.

But Action Fraud has well recognised issues, with some now referring to it as Inaction Fraud. Common criticisms are that the reporting system is difficult to navigate, which isn’t great for vulnerable fraud victims. And there’s little-to-no follow up after a crime is reported. It appears to drop into a black hole of nothingness. Finally, whilst many financial institutions do tell people to report to Action Fraud, it’s not a requirement in many cases, meaning that if someone does successfully recover money through their bank, or just gives up, there’s no reason to report the fraud. It therefore never appears in the data.

UK Finance

UK Finance is the Financial Services industry lobbying group. They represent banks and other financial institutions around the UK. They produce an annual, (and half-yearly), fraud report, where they describe the volumes of fraud they’ve seen through the last year. That sounds great, right?

However, banks’ incentives aren’t directly aligned with fraud victims, and banks don’t report fraud data just because a customer reports fraud. They will only report some types of fraud, and a notable exception is when losses are not technically directly from the banks’ accounts, for example, crypto transfer fraud, where a victim pays into their own wallet first, before moving money to a fraudster.

UK Finance only represents its members, and there are some notable exceptions. For example, Revolut is not a member, (as of writing at least), but is a large cause of complaints for fraud to the Financial Ombudsman Service. As they’re not a member, no fraud through Revolut is included in their data.

Finally, banks will report what they are happy to categorise as fraud. Due to new Payment Systems Regulator (PSR) regulations, it’s possible for a bank to become liable for the losses a customer incurs. As a result, we regularly see banks categorising fraud as ‘civil disputes’ or ‘failed investments’ in order to avoid incurring liability. Of course, if they don’t count it as fraud, they also don’t count it in their data.