Preventative spend: research 2018

3. Scale and Scope of Scams

3.1 Previous Research

To highlight the difficulty in estimating the total cost of scams to the Scottish economy we would highlight a range of published headline research:

• Annual Fraud Indicator Report 2017
  • £190 billion^[4] UK across all sectors (business/ charity/public/ individuals) of which around £7 billion relates to individuals
• Home Office 2016
  • £10 billion lost to UK individuals 2016;
• National Fraud and Cybercrime Centre
  • UK fraud and cybercrime costs £11 billion;
• Scottish Business Resilience Centre
  • fraud and cybercrime cost Scotland £384 million in 2016;
• IT Governance:
  • cost to UK business in 2016 of fraud and scams: £29 billion;
• Insurance Fraud Bureau:
  • costs of insurance fraud in 2016 - £3 billion;
• KPMG:
  • value of fraud reported to court system: £1.1 billion;
• Financial Fraud Action UK:
  • Financial fraud losses across UK issued debit and credit, remote banking and cheques totalled £768.8 million in 2016. This affected almost 2 million individuals;
• Age UK
  • in Scotland over 400,000 people believe they have been targeted by scammers with 70% not reporting it to an official channel;
• trueCall
  • estimate that the average amount lost by each older vulnerable person to telephone scams each year is £313, and that the social care cost attributable to scams for each older vulnerable person each year is £623l
• Money Advice Service
  • recent research suggests that there could be as many as eight scam calls every second – the equivalent of 250 million calls per year. 3.5 million Britons have fallen victim to telephone fraud since 2010;
• Ofcom
  • 8 billion unsolicited calls are made each year which are illegal in terms of privacy laws. Of these some use spoof numbers to give a false assurance of people's identities which subsequently turn out to be scams;
• The Pensions Regulator
  • published a figure in 2014 of £500 million being lost based on cases where action was taken;
  • Individuals reported nearly £19 million in suspected pension liberation fraud between April 2015 and March 2016 – this was twice as much as for the same period in 2014-15, and it may be that the actual amount of pension fraud is considerably higher due to cases that go unreported;
• Xafinity Pensions Consulting
  • in the financial year 2015-16, there were 30,000 'defined contribution' scheme transfers. This represented £1 billion of assets. Xafinity Pensions Consulting estimates suggest that fraudsters could be behind as many as one in 10 pension transfer requests.

It can therefore be seen that the "true cost" of fraud or scams will vary significantly depending on definitions and what is being counted, data sets being used and the method of data collection.

We would also highlight a health warning as it is not possible to know how robust the data is or the sources used to arrive at these estimates or the assumptions used in their calculation.

For example:

• different data sets include different types of definitions (e.g. only cyber);
• some data includes individual and business and public while others do not;
• the data is based on that reported to the organisation publishing the data;
• there are different levels of geographical coverage;
• it is not always clear which groups are included (individuals, businesses etc)

While there is no single accepted source of data, the Annual Fraud Indicator report is probably the most consistent and time series based data which has been published since 2012. This data show that fraud level in terms of individuals peaked in 2016 at £15 billion and dropped back to £7 billion in 2017.

The research report highlights that detected or reported examples of fraud do not represent the total cost of fraud, because much remains undetected. If we assume that Scotland has a similar pattern of reported fraud^[5] to the UK this would suggest a total reported fraud impacting on individuals of £560 million in 2016.

But note, this does not include fraud against business, public sector or charities and is only based on that which is reported.

Therefore the total figure for all fraud/ scams in Scotland is likely to be in the many billions.

See over for excerpt from Annual Fraud Report.

3.2 Crime Survey Data

This section presents comparable crime survey data gathered in Scotland and England and Wales, alongside recorded (and reported) crime statistics, to try and gauge the potential scale and scope of reported fraud in Scotland.

Firstly, the Scottish Crime and Justice Survey is a large-scale social survey which asks people about their experiences and perceptions of crime. The survey was previously undertaken with a sample of 12,000 adults every two years, including for the most recent release (2014/15). Future releases, including for the 2016/17 survey, will be based on an annual sample of 6,000 respondents.

The 2014/15 survey asked the following questions related to fraud:

• whether respondents have had their bank cards/details used to withdraw/spend cash without their permission over the previous 12 months, and the extent to which they are worried this could happen; and
• whether respondents have had their personal details used without their permission in order to commit fraud over the previous 12 months, and the extent to which they are worried this could happen.

Experience of Fraud

Figure 3.1 shows the percentage of respondents reporting they have been a victim of each type of crime within the previous year, broken down by age.

The results indicate that those aged between 25 and 59 are most prone to this type of crime. There is no substantial variation when the results are disaggregated by gender, disability status, or if living in a rural or urban area.

By region, the lowest proportion of respondents reporting they have been victims of theft using bank/card details is in Argyll and West Dunbartonshire (3.2%), with the highest in Edinburgh and Lanarkshire (both 5.8%).

Source: SCJS 2014/15

The results show those in higher socio-economic groups are more likely to be victims of this type of crime.

Source: SCJS 2014/15

Fear of Fraud

When asked about the extent to which they fear they may have their identity stolen, women are slightly more worried more men, while those in older age groups are more likely to be worried than younger age groups.

graph showing extent of worry about identity being stolen, by age and gender

Source: SCJS 2014/15

Similarly, women and those in older age groups are more likely to be worried that someone will use their credit or bank details to obtain money, goods or services.

Source: SCJS 2014/15

England and Wales

Since 2015, more detailed information related to fraud and cyber-crime has been collected for England and Wales both by police forces, who have a requirement to flag crimes as 'cyber-crime' where appropriate, and in questions posed in the Crime Survey for England and Wales. As shown in Table 3.1, 5% of respondents reported they have been a victim of bank/credit account fraud, the same proportion as the Scottish survey (Figure 3.1). This is by far the most common type of fraud, with half of it carried out online.

It would be reasonable to assume that – at a high level – the findings of the England and Wales survey will broadly apply to Scotland in terms of the prevalence of different types of fraud and its characteristics.

Table 3.1: Fraud and cyber-crime – England and Wales

	% which is cyber crime	Rate per 1,000 adults	With loss, not or partially reimbursed	With loss, fully reimbursed	Without loss
Fraud
Bank and credit account fraud	49%	51.5 (5%)	5.0	35.9	10.6
Consumer and retail fraud	81%	16.1 (2%)	5.7	4.2	6.2
All other fraud	-	2.2 (2%)	1.0	0.03	1.2
Computer Misuse
Computer virus	97%	20.7 (2%)	5.2	0.1	15.4
Unauthorised access to personal information (including hacking)		11.7 (1%)	-	-	-

Source: Crime Survey of England & Wales, year ending September 2017
Note: Cyber-crime represents cases where the internet or any type of online activity was related to any aspect of the offence

Nearly two fifths of fraud (39%) did not result in a financial loss, while 37% of incidents involved a loss of up to £249.

Table 3.2: Financial loss suffered by victims of fraud

Amount lost	%
No financial loss	38.8%
Less than £20	5.6%
£20 - £49	8.7%
£50 - £99	11.0%
£100 - £249	12.2%
£250 - £499	9.4%
£500 - £999	5.9%
£1,000 - £2,499	4.9%
£2,500 - £4,999	1.8%
£5,000 - £9,999	0.9%
£10,000 - £19,999	0.8%
£20,000 - £39,999	0.2%

N=1,211. Includes all fraud incurring a financial loss, regardless of later reimbursement. Excludes computer misuse.
Source: Crime Survey of England & Wales, year ending September 2016

The proportion of fraud and computer misuse incidents that the police or Action Fraud were made aware of is low, at 13.7%. The proportion of computer virus incidents reported to the police is particularly low, at 1.9%, while computer misuse that involves unauthorised access to personal information (including hacking) is higher, at 14.7%.

Source: Crime Survey of England & Wales, year ending September 2016

The most common reasons for not reporting were a lack of awareness of Action Fraud (66%), victims thinking the incident would be reported by another authority (10%) and victims thinking the incident was too trivial or not worth reporting (8%). The cases brought to the attention of the police/Action Fraud are therefore likely to be those where the financial loss or emotional impact on the victim is greater.^[6]

Over the year to September 2017, 663,000 fraud offences and 22,000 computer misuse crimes are recorded in crime statistics for England and Wales, based on data compiled from Action Fraud (who collect from local police forces), Cifas and UK Finance (with the potential for some double or triple counting but the impact of this is felt to be negligible).

However, the Crime Survey data provides a better indication of the volume of fraud offences as it covers those incidents not reported to the authorities. This therefore gives a much higher number, with an estimated 3.24m cases of fraud and 1.5m of computer misuse. This means that fraud accounts for 44% of all crime, as estimated using the survey (but just 5.5% of crime reported to the police).

Source: Crime Survey of England & Wales, year ending September 2017

Recorded Crime in Scotland

Fraud data collected by the authorities in Scotland currently lacks the same detail as south of the border. The annual number of crimes of fraud has fluctuated slightly over the last decade, within the range of 6,900 to 9,000. However, with overall crime having fallen, the proportion made up by fraud has been on an upward trend, to 3.3% of all crime in 2016-17. By comparison, the 273,000 incidents reported to Action Fraud represent 5.5% of recorded crime in England and Wales.

Source: Scottish Government, Recorded Crime in Scotland 2016-17

The clear up rate for fraud has fallen dramatically over the last decade, from 74% in 2007-8 to 40% in 2016-17. Over the same period, the overall clear up rate for crime stayed fairly even, at around 50%.

The clear up rate for fraud has fallen despite the number of incidents recorded being lower than a decade ago (albeit a higher percentage of all recorded crime). This could indicate that either less resources are being devoted to solving fraud or that cases of fraud have become more difficult to solve.

Source: Scottish Government, Recorded Crime in Scotland 2016-17

Crimes under the Computer Misuse Act in Scotland are recorded under vandalism, with 30 in 2016/17, less than 1% of the total in this category.

What is perhaps surprising is the much lower level of fraud reported to the police in Scotland – around 8,000 incidents compared to the 273,000 in England and Wales that were recorded by Action Fraud, who do so on behalf of local forces. This means Scotland accounts for 2.8% of all fraud reported to the police in Scotland, England and Wales, despite having around 8.5% of the population.

However, Action Fraud proactively ask to be made aware of phishing and malware campaigns even where money has not been lost or personal details exposed, with a dedicated email, online chat platform and helpline number for this purpose, as well as an online form to complete if you have been a victim of a crime.^[7]

In comparison, Police Scotland advise scam victims to go through their standard reporting approaches of dialling 101 or emailing the normal Police Scotland contact address, unless it is an emergency.^[8]

The tailored approach to seeking reports of fraud/scams in England and Wales may account for the higher number of incidents recorded.

Even with this higher number, however, evidence shows that only a fraction of fraud – 18% of incidents in the year to September 2017 – is reported to the police. It is therefore clear that the vast majority of fraud incidents in Scotland will not feature in recorded crime statistics.

3.3 Cifas Fraud Statistics

Cifas is a not-for-profit fraud prevention membership organisation, which facilitates data sharing among its 400 members to reduce instances of fraud and financial crime. As mentioned, incidents recorded by Cifas are used in official crime statistics for England and Wales, alongside police data.

Cifas maps by region the confirmed fraud cases loaded to its database, split into six categories of fraud:

• Asset conversion: The unlawful sale of an asset subject to a credit agreement – for example, a car bought on finance and sold on before it has been paid off;
• Application fraud: When an application for a product or service is made with material falsehoods, often using false supporting documents;
• False insurance claims: False insurance claims occur when an insurance claim, or supporting documentation, contains material falsehoods;
• Facility takeover fraud: When a fraudster abuses personal data to hijack an existing account or product – for example, a bank account or phone contract;
• Identity fraud: When a fraudster abuses personal data to impersonate an innocent party, or creates a fictitious identity, to open a new account or product; and
• Misuse of facility fraud: The misuse of an account, policy or product – for example, allowing criminal funds to pass through your account or paying in an altered cheque.

Of these, facility takeover fraud and identity fraud are of most relevance to this study. The data indicates a low proportion of each occurring in Scotland. However, it is immediately clear that the number of fraud incidents being recorded on the Cifas database is double the police figure.

Table 3.4: Cifas Fraud Statistics – Scotland

	2015	2016	% of UK total in Scotland (2016)
Asset conversion	37	53	14%
Application fraud	4,777	2,804	9%
False insurance claim	29	28	6%
Facility takeover	724	940	4%
Identity fraud	5,463	5,827	3%
Misuse of facility	6,036	7,008	7%
Total	17,066	16,660	5%

Source: Cifas National Fraud Statistics

3.4 Trading Standards Scotland

Trading Standards Scotland (TSS) is the national team for trading standards in Scotland, funded by the UK Government and overseen by COSLA. TSS coordinates cross boundary activity between trading standards departments within each local authority and offers specialist support to them.

TSS have supplied data for scams reported to them and logged in their database over the last few years. A breakdown of the 2,411 scams logged in 2016 and 2017 is shown below. When bogus services (45%) is broken down further, the most common specified were bogus computer services (10%), approaches from those purporting to represent a government agency (4%) and accident injury lawyers (2%).

N=2,411. Source: Trading Standards Scotland.

TSS then undertook a more detailed analysis of scams logged in the final quarter of 2017. Of these, it was deduced that just under half (47%) would be more appropriate for the police to deal with.

This is particularly the case where complaints are purely financial and likely to fall under fraud e.g. phishing scams or payment for goods/services which are never delivered or provided.

Other sources

Other estimates on the scale and characteristics of fraud have been sourced, including:

• 91% of cyber-attacks start with a phishing email and 30% of phishing emails are opened (BDO, Private View on Cyber, 2017);
• the average age of mail scam victims is 74, and over half of people aged 65+ believe they have been a target of a scam (Age UK, Fraud Briefing, 2016).