Tech companies could do ‘heaps more’ to protect users from fraud

Technology companies could be doing “heaps more” to protect users against fraud, a senior official at the National Crime Agency (NCA) told a parliamentary committee on Wednesday.

Fraud is the most common crime in England and Wales, according to government statistics, with millions of incidents reported annually and potentially millions more going unreported.

James Babbage, the director general for threats at the NCA, told the Home Affairs Committee’s new inquiry on fraud that more than 80% of these crimes were taking place online.

“We have to be focusing on what more the technology companies can do — and in general there is heaps more they can do,” Babbage said.

The committee, which is examining “how effective Government and law enforcement agencies are at identifying and combating existing and emerging forms of fraud,” heard examples of how technology companies could protect their users.

“If you receive an email, and it is from a very newly created domain, that is a red flag that your email provider could in theory show you alongside the email,” suggested Babbage.

“If you receive an email from an email address that is very similar to the one that you correspond with a lot, but just slightly different — a ‘1’ for an ‘l’ or something — that is something that the technology ought to be able to flag to you.”

The inquiry is the second on the topic in recent years, with the Justice Committee warning in 2022 that the British government’s response needs “a wholesale change in philosophy and practice.”

In the Justice Committee’s report, it welcomed obligations on technology companies being introduced in the Online Safety Act to prevent scams being perpetrated on their platforms.

TSB, a British retail bank, has claimed that the social media giant Meta’s platforms are the origin for 80% of all fraud cases that it refunds. The bank has the highest proportion of all fraud refunds in the United Kingdom, according to data published by the Payment Systems Regulator.

Babbage praised the combination of the compulsory Online Safety Act and the voluntary Online Fraud Charter, which is meant to be implemented this year, introducing “a sort-of ‘Know Your Customer’-style verification” requirement for platforms.

“That could make an enormous dent in the volume of fraud,” he said, although he stressed that social media companies could also do more to share signals of inauthentic behavior with potential victims and other platform users.

“If you’re on a social media application, and the person you’re talking to has various indications of inauthentic behavior — so let’s say they appear to the platform to be somewhere other than where their profile says they are located, or they appear to have hundreds of different accounts, or are even messaging unusually large numbers of people,” these are details that could be available to users.

Solutions to the problem of fraud online involve “finding ways to make more transparent the stuff that the platforms understand and that, as consumers, either we don’t or it’s just too complicated to check,” said Babbage, who also warned that “broadly speaking, social media companies are increasingly putting the content of such groups beyond their own ability to see and moderate.”