Busting cyber crime: who you gonna call?

Despite new funding, e-crime strategy remains mired in confusion

Critics say new arrangements for reporting e-crime are confusing

Businesses and consumers concerned about e-crime could be forgiven for thinking that issues surrounding the lack of specialist police resources had been resolved by a number of recent initiatives.

In the summer the National Fraud Reporting Centre (NFRC) will go live, to record all instances of electronic and non-electronic fraud so the authorities can build a picture of how serious a problem they are facing.

The centre, with its analytics branch the National Fraud Intelligence Bureau (NFIB) and an investigating force at the City of London Police – the lead force on fraud – will be funded to the tune of £16m by the Treasury, with a further £3m from the Corporation of London.

And the long-awaited £7m Police Central E-crime Unit (PCeU) at the Metropolitan Police, designed to plug the gap left by rolling the National Hi-Tech Crime Unit into the Serious Organised Crime Agency (Soca), is now effectively up and running, with its first arrests announced last week.

“We’re pretty much live at the moment,” detective inspector Charlie McMurdie told Computing. “We got the funding in September and we have industry working with us.”

And Computing revealed last week that the National Audit Office is to undertake an analysis of the efficiency of government policy in tackling e-crime, including an effort to put a figure on the cost of the problem.

But businesses expecting an immediate turnaround in the policing of e-crime may have a while to wait.

The NFRC and the NFIB will undoubtedly help the police get a better idea of electronic crime and how it is affecting the UK. But investigation of those crimes is a different matter.

Under current thinking, the NFRC will not even let people know if their report is being investigated, though police minister Vernon Coaker recently told a Commons committee this may change.

“There is a possibility there will be some action when a fraud is reported via the NFRC,” he said.

Other than this, much of the previous reporting and investigating situation will remain unchanged. For the time being consumers will still report instances of fraud to banks, which will pass the information to the NFRC.

And smaller businesses and consumers should still report non-fraud e-crime to local police forces, with the PCeU providing a co-ordinating function to collate data, dispatch investigatory resources, and pass information to other agencies where necessary.

Soca said last year that large firms which suffered serious non-fraud e-crime could come straight to them, but industry leaders say they still have not been approached with clear lines of contact. The agency runs a Suspicious Activity Report database, but again it is a data amalgamation function more than anything else.

And although the PCeU has secured government cash, it only has £1m a year in new money as it failed to coax funding from the private sector.

For many businesses and consumers who are victims of e-crime, the policing situation may not improve for some time, according to security expert Peter Sommer.

“While there is now a place to report, the number of police officers equipped to investigate fraud has fallen from 600 to 400 over the past 10 years, with many e-crime people in fraud squads now being transferred to online child abuse cases and counter-terrorism squads,” he said.

“As far as I can see, the only real long-term benefits of the new arrangements will be getting a hold on the size of the problem, but that won’t be realised for two to three years.”

Forces to reckon with

All fraud is ultimately reported to the National Fraud Reporting Centre (NFRC) at City of London Police, who will investigate if it is deemed serious enough. They will flag up any e-enabled crime to the Police Central E-crime Unit (PCeU), who will also co-ordinate any investigatory response to non-fraud e-crime.

But consumers must still report financial fraud to their bank, which will pass it on to the NFRC. The Dedicated Cheque and Plastic Crime Unit, also within the City of London force and funded by the financial payments industry, is most likely to investigate big financial frauds.

That is unless there is an organised crime element, or if the victim is a large firm that has suffered a serious non-fraud e-crime, in which case the investigation could be handled by the Serious Organised Crime Agency.

If it is a smaller e-crime case, such as the use of botnets, that does not involve financial crime, child abuse, organised crime, or fraud, it is likely that the PCeU will co-ordinate any investigation.

Clear now?