Lords call for e-crime shakeup

Fraud should be reported to police, not banks and consumers must have more protection, says Committee

The Lords committee called for a security breach notification law

The House of Lords Science and Technology Committee is calling on the government to change the reporting system for electronic fraud.

Members of the public who are defrauded online must report the incident to their bank, who aggregate responses and pass them on to the police.

This must change, according to Lord Sutherland of Houndwood, chairman of the Lords Science and Technology Committee, which published a follow-up report into personal internet security this morning.

"It is vital that the victims of e-crime can report crime directly to the police," he said. "If you were robbed in the street, you would expect the police to recognise it as a crime and try to catch the person responsible."

The committee is concerned that under the current arrangements, banks may have a commercial incentive not to pass reports on to the police because large fraud statistics are not good for public relations.

Police may refuse to accept a bank customer's assertion that a fraud has been committed if their bank did not support their claim – a fact that has also caused concern.

The call for the changes came in the Committee's original report on personal internet security last summer. Following the government's response the inquiry was reopened earlier this year.

One of the reasons for the change in reporting method was inadequate police resources for collecting and collating of e-crime information. Lack of IT skills in local police forces and the absorption of the National Hi-Tech Crime Unit into the Serious Organised Crime Agency (Soca) left a gap in the national reporting infrastructure for e-crime.

The banks resent criticism that they can not be trusted after being asked by the Home Office to carry out a function that is not traditionally their responsibility. "This is a Home Office initiative and banks were asked to do it," said a spokesman for banking industry body Apacs. "And it is still the police, not the banks, who investigate the crimes."

The latest statistics have shown a drop in online banking fraud being reported from £33.5m in 2006 to just £22.6m in 2007. The reporting changes came into effect on 1 April 2007. But banks put this down to improved anti-fraud measures, a significant investment they say they are making on behalf of consumers.

The Lords' follow-up report also called for legislation to establish the principle that banks be held responsible for losses incurred by electronic fraud.

"The result of being the victim of online fraud can be crippling for an individual who can find his entire savings or current account wiped out in an instant. The Banking Code does not offer enough protection," said Lord Sutherland.

"We believe that legislation would have the added advantage of encouraging the banks to be more proactive about improving the security of their online banking operations," he said.

The report also called for a data security breach notification law to be introduced.

Shadow home affairs minister James Brokenshire said the government should have addressed the issues in the first Lords report.

"The Government have their heads in the sand on cyber-cime. They arrogantly brushed aside the Lords' previous report on this serious issue. This isn't something that is going away and government inaction is putting us all at greater risk."