Fraud reporting rules change

Changes in the law mean that firms will have to report fraud direct to their banks

New changes in the law mean that companies will have to report fraud directly to their banks, rather than the police, leading some experts to predict that it could make the process of reporting fraud less convoluted.

The new rules come into force on the 1 April and are an attempt to cut the bureaucracy involved in the reporting and investigation of online fraud, according to Apacs' Sandra Quinn.

Since the NHTCU (National Hi Tech Crime Unit) was subsumed into the new Soca (Serious Organised Crime Agency), many firms have criticised the lack of a single body to deal with e-crime. The e-Crime Unit within Soca has a larger remit, dealing with global organised crime, while local police forces have been criticised for lacking the resources or focus necessary to help organisations when they have been hit by an attack.

"The NHTCU was rolled into Soca but [this new organisation] doesn't seem to have the public-facing relationship as the NHTCU," said Quinn. "This will be a way of filling that gap – each police force will now have a single point of contact for the banking industry."

The new rules will mean banks will decide whether to report an incidence of fraud to the police, depending on the amount lost and whether it appears to have been committed by a serial perpetrator.

"The difficulty has always been that having regional police forces means they have a different focus and different priorities," said Quinn. "There's a lack of awareness in law enforcement about this kind of fraud and we're looking at ways of bridging that gap, too."

David Roberts, chief executive of blue-chip user group The Corporate IT Forum, said the organisation "welcomes any initiative that genuinely makes it harder for cyber criminals to attack businesses and makes it easier for consumers and corporates to report cases of cyber crime".

Reporting online fraud was also on the agenda at the fourth Prove-ID forum for retail fraud managers organised by 192.com Business Services last month.

"A common theme was that when retailers try to report fraud, it's a slow and arduous process," explained 192's marketing director, David Pope. "Each police force has three strategic directives and fraud is not in the top three. A lot of retailers lamented the fact that the NHTCU's priorities have been realigned in Soca."

In related news, Soca has come in for criticism for not doing more to stop hackers stealing nearly 46 million credit card details from US fashion chain TK Maxx, over a several month period between July 2005 and December 2006.

"This is a high-profile target and to be a victim for almost 18 months suggests that the hacker really knew their stuff – if that is not a serious crime then what is?” argued Tom Newton of security vendor SmoothWall.