Review of fraud and computer misuse statistics for England and Wales

Introduction

Why we did this review

1.1 This review of police recorded fraud and computer misuse statistics produced by the Office for National Statistics (ONS) complements our existing review of the quality of police recorded crime statistics for England and Wales.

1.2 We reviewed this subset of police recorded crime statistics separately, as the process for recording fraud and computer misuse is different from that for other crime types – these statistics are derived from victim reports to Action Fraud and industry referrals to the City of London Police, rather than reports to territorial police forces. Action Fraud is managed by the City of London Police, the national lead police force for fraud in England and Wales.

1.3 This review looks in depth at the quality and value of the Action Fraud, Cifas and UK Finance data used to produce the police recorded fraud and computer misuse statistics. It examines the entire data process, from crime recording to data quality management and assurance to the production of the final statistics.

1.4 This review also looks at the value of the fraud and computer misuse estimates from the Crime Survey for England and Wales (CSEW). The CSEW is widely seen as the most reliable data source on fraud and computer misuse experienced by individuals. We consider the coherence of the CSEW statistics and police recorded fraud and computer misuse statistics and the insights they bring.

Fraud and computer misuse crimes

1.5 Fraud encompasses a wide variety of deceptive behaviours. The legal definition of fraud in England and Wales is set out in the Fraud Act 2006 as when a person ‘dishonestly makes a false representation, and intends, by making the representation, to make a gain for himself or another, or to cause loss to another or to expose another to risk of loss’. In principle, all fraud offences involve an element of deception that causes a loss to the victim and a possible gain to the offender.

1.6 Computer misuse crime, or cyber-enabled crime, includes crimes under the Computer Misuse Act 1990 that can only be committed using a computer or similar technology. These include offences such as hacking, the making of malware and denial of service attacks.

1.7 Fraud is often linked to computer misuse crimes, with cybercrimes such as hacking frequently used as a precursor to commit fraud. For example, fraudsters can hack into a company’s database and steal the personal details of its customers, which they can then use to apply for credit cards or loans.

1.8 Fraud and computer misuse are complex crimes, and often cross jurisdictional boundaries. Online criminals can target thousands of victims at the same time from anywhere in the world and can therefore be hard to trace and prosecute. Fraud and computer misuse crimes are constantly evolving; as technology rapidly changes, so do the methods used to commit these offences.

Fraud and computer misuse statistics for England and Wales

1.9 ONS publishes statistics on fraud and computer misuse in its quarterly Crime in England and Wales statistical bulletin. These official statistics come from the Crime Survey for England and Wales (CSEW) and three administrative data sources which together comprise the ‘police recorded fraud’ statistics. The general characteristics of each data source are detailed in Table 1.

Table 1. Overview of characteristics of the different data sources for fraud and computer misuse official statistics.

Search:

Data source	Data collection method	Crimes covered	Population covered
Crime Survey for England and Wales (CSEW)	Interviewer-administered face-to-face victimisation survey	Wide variety of fraud and computer misuse offences, including some that are rarely reported to police, such as scam emails	A sample of individuals aged 16 and over resident in households
Action Fraud	Fraud and computer misuse incidents recorded as crimes by the police	Offences varying in severity that victims have reported to the police	All reported individuals and businesses
Cifas	Fraud incidents recorded by member organisations	Business-, finance- and banking-related fraud	Individuals and businesses
UK Finance	Fraud incidents recorded by member organisations	Finance- and banking-related fraud	Individuals and businesses

Showing 1 to 4 of 4 entries

Action Fraud

1.10 In contrast to other crime types, fraud and computer misuse recording in England and Wales is centralised. Action Fraud, the national reporting centre for fraud and cybercrime, is managed by the City of London Police and collects information about fraud and computer misuse offences on behalf of police forces in England, Wales and Northern Ireland.

1.11 The National Fraud Intelligence Bureau (NFIB) sits alongside Action Fraud within the City of London Police. NFIB receives and processes reports from Action Fraud. The City of London Police’s crime registrar and its team use the Home Office Counting Rules for Fraud to determine how fraud and computer misuse offences should be recorded. NFIB is also responsible for sending police recorded fraud and computer misuse data to the Home Office. In this report, we refer to the City of London Police when describing NFIB’s processes and activities.

1.12 There are three main ways fraud or computer misuse can be reported:

Victims may report the incident directly to Action Fraud via the phone or the online portal. The City of London Police told us that it receives around 40,000 reports per month from Action Fraud, of which 65% come via the online portal and 35% by phone, although these proportions fluctuate from month to month.
A victim may report the incident to their local police force, who will advise them to report to Action Fraud. However, The City of London Police told us that many victims choose not to report to Action Fraud after reporting it to their local police force. To address this issue, forces have been given the ability to bulk upload these reports to Action Fraud.
If the fraud involves a victim’s bank account, the victim may also choose to report the incident to their bank instead of Action Fraud or the police. The bank would normally refer the incident to Action Fraud.

1.13 There are other bodies that investigate fraud and cybercrimes. All crimes reported via these routes should also be reported to Action Fraud, but they are not always. As a result, these crimes are missing from the official statistics:

Severe cyber incidents, such as a ransomware attack on the National Grid, should be reported to the National Cyber Security Centre. Organisations should also report such crimes to Action Fraud, but the City of London Police has told us that this is often not the case.
The Serious Fraud Office accepts reports of fraud from companies or whistleblowers. Some of these reports will be sent to Action Fraud and captured in the official statistics. However, the cases that the Serious Fraud Office investigates itself are not captured in the official statistics.

Industry bodies (Cifas and UK Finance)

1.14 Since 2015, ONS’s police recorded fraud statistics have included data from two industry bodies, Cifas and UK Finance. These industry bodies cover a subset of the fraud types covered by Action Fraud, such as mortgage fraud, or fraud by false representation, cheque, plastic card and online bank accounts. These industry bodies do not record computer misuse offences.

1.15 Cifas is a not-for-profit fraud prevention service that gathers intelligence on fraud from over 750 members across public and private sectors in the UK. Its coverage includes all the major banks and around 90% of plastic card providers. Cifas intelligence is shared with both its membership and with the City of London Police for reporting and investigation purposes.

1.16 UK Finance is a trade association, representing 300 firms across the UK financial industry. UK Finance provides advocacy, policy and operational services. As part of these services, it releases a fraud report twice a year which provides the value and volume of fraud losses reported by its members. In addition, UK Finance provides its members with intelligence sharing services, with one service facilitating onward sharing to the City of London Police for reporting and investigation purposes.

1.17 Not all financial organisations are Cifas or UK Finance members, so the data from these industry bodies present a partial picture of the scale of fraud.

1.18 The City of London Police supplies aggregate-level Action Fraud data and UK Finance intelligence data to the Home Office. Cifas sends aggregate-level fraud data directly to the Home Office. The Home Office then sends data from all three sources to ONS, which processes and publishes them as the police recorded fraud and computer misuse statistics for England and Wales.

Crime Survey for England and Wales (CSEW)

1.19 The Crime Survey for England and Wales (CSEW) is a face-to-face victimisation survey in which people resident in households in England and Wales are asked about their experiences of a range of crimes in the 12 months prior to the interview. Survey respondents are also asked about their attitudes to different crime-related issues, such as the police and the criminal justice system, and perceptions of crime and anti-social behaviour.

1.20 Since April 2015, the CSEW has included questions on victimisation covering the following fraud categories: bank and credit account fraud, advance fee fraud, consumer and retail fraud, and other fraud offences. In addition, it includes the computer misuse offences ‘unauthorised access to personal information’ (including hacking) and ‘computer viruses’.

1.21 Fraud and computer misuse have been included in the headline CSEW estimates since the year ending September 2016. Comparisons have been available since the year ending September 2017, when two full years of data first became available.

1.22 The CSEW captures fraud and computer misuse crimes that have not been reported to, or recorded by, the authorities. However, as it is a household survey, the CSEW only covers fraud and computer misuse crimes where an individual has been a victim; it does not cover crimes against businesses and organisations.

The scale of fraud and computer misuse

1.23 It is widely acknowledged that fraud and computer misuse are under-reported to Action Fraud by victims. Because the CSEW captures incidents that go unreported to the police, it better indicates long-term trends in the volume of fraud and computer misuse offences in England and Wales.

1.24 Since they were first published in 2017, the CSEW fraud and computer misuse estimates have filled a large knowledge gap on the crimes experienced by individuals. Fraud is the most common crime experienced by CSEW respondents, consistently accounting for around two-fifths of all crimes captured by the survey.

1.25 In the year ending September 2024, the CSEW estimated 4.7 million fraud and computer misuse incidents in England and Wales, compared with 5.2 million incidents in the year ending March 2017, a decrease of 10% (Figure 1). CSEW estimates for the years ending March 2021 and March 2022 are not available because of the coronavirus (COVID-19) pandemic.

Figure 1. Incidents of CSEW fraud and computer misuse in England and Wales, year ending (YE) March 2017 to YE September 2024.

Source: ONS Crime in England and Wales: year ending September 2024.

1.26 Police recorded fraud and computer misuse shows a different trend. Between the year ending March 2015, when Action Fraud took over the reporting of fraud and computer misuse from all police forces in England and Wales, and the year ending March 2024, the number of fraud and computer misuse offences recorded by Action Fraud increased in six out of the last ten years (Figure 2). Fraud and computer misuse offences increased by 53% over this period.

Figure 2. Fraud and computer misuse offences in England and Wales recorded by Action Fraud, year ending (YE) March 2015 to YE March 2024.

Source: ONS Crime in England and Wales: year ending September 2024.

Accreditation status of ONS’s fraud and computer misuse statistics

Police recorded fraud and computer misuse

1.27 The ONS police recorded fraud and computer misuse statistics are published as official statistics, not accredited official statistics. We removed the accreditation (formerly known as ‘National Statistics’ status) of the Action Fraud statistics in 2014 following an assessment that found evidence that the quality of the underlying data may not be reliable.

Crime Survey for England and Wales

1.28 Until recently, the estimates from the ONS Crime Survey for England and Wales (CSEW), including the fraud and computer misuse estimates, were published as official statistics, not accredited official statistics. In July 2022, ONS requested a temporary suspension of the accreditation due to quality concerns related to resuming face-to-face interviewing after the pandemic, including a substantial drop in response rate.

1.29 To assure itself and users about the quality of the post-pandemic estimates, ONS carried out a review of the quality of the CSEW estimates. It found that the smaller sample size and lower response rate had a limited impact on the quality of the estimates in terms of the precision and representativeness of the estimates. We reaccredited the statistics in October 2024.

Our approach to this review

1.30 Our review set out to:

examine the quality of the Action Fraud and industry bodies data

understand where responsibility for data and statistical quality lies

develop recommendations to support quality improvements

1.31 We focused on four key areas of statistical quality:

Crime recording processes and practices – how the City of London Police records crimes, including its interpretation and application of the Home Office Counting Rules for Fraud.
Crime recording IT systems – the systems used by the City of London Police to record crimes, and the tools it uses to manage data quality.
Industry bodies procedures – the practices used by Cifas and UK Finance to record data and manage data quality.
The end-to-end quality assurance process – how the City of London Police, industry bodies, the Home Office and ONS quality-assure data.

1.32 To understand how the police recorded statistics and CSEW statistics are used and understood, we examined the value of both data sources, focusing on coherence, insight and data gaps.

1.33 We gathered evidence across five key stakeholder groups:

City of London Police / National Fraud Intelligence Bureau. We had detailed meetings with the National Fraud Intelligence Bureau within the City of London Police about its processes and practices for fraud and computer misuse crime recording. We appreciated the force’s openness about its recording practices. We did not have access to raw police recorded crime data for this review, and as such considered only published data and statistics.
His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS). We engaged with HMICFRS to understand its work on the police response to fraud.
Home Office and ONS analytical teams. We spoke to several teams in the Home Office to understand different aspects of the quality and value of the police recorded fraud and computer misuse data. We spoke to:
- the Home Office team responsible for collating and quality-assuring recorded crime data from City of London Police and industry bodies
- the Home Office fraud evidence and analysis team, which is a key user of fraud statistics and uses data to evaluate government policy

We also spoke to the ONS crime statistics team to understand how it quality-assures the police recorded fraud data and the process for producing the final statistics.

Industry bodies. We met with Cifas and UK Finance to understand how they collect information on fraud, quality-assure fraud data from their members and send data to the City of London Police and the Home Office.
Users of the statistics. We spoke to a small number of users outside of the Home Office, including academics and a think tank, to understand uses of the statistics and gather views on the quality and value of the statistics.

1.34 We also carried out desk research to support the findings from our engagement. We reviewed:

HMICFRS’s thematic inspection of fraud and follow-up review
HM Government’s Fraud Strategy
ONS’s statistical bulletins
UK Finance’s Annual Fraud Report and Cifas’ Fraudscape report
ONS’s user guide to crime statistics and the Crime in England and Wales Quality and Methodology Information report
academic papers

1.35 Dr Sara Correia’s academic paper (2022)[1] was helpful and relevant to our review as to our knowledge, it is the only publicly available report that examines Action Fraud’s crime recording processes and data quality in detail. The author undertook two studies using a sample of around 28,000 Action Fraud crime reports from Welsh police forces between 2014 and 2020. The peer-reviewed study examined the crime reports to assess the accuracy and reliability of the crime reports, the consistency of recording and the impact on coherence and comparability.

[1]Correia, S.G. (2022). Making the most of cybercrime and fraud crime report data: a case study of UK Action Fraud. International Journal of Population Data Science, 7(1). http://dx.doi.org/10.23889/ijpds.v7i1.1721

The UK Government’s position

1.36 In May 2023, the UK Government published its Fraud Strategy. It is a cross-government strategy that outlines plans to tackle fraud where the victims are members of the public or businesses. The strategy included a commitment to reduce fraud by 10% by December 2024, based on the levels of fraud reported in the CSEW in 2019, and to replace Action Fraud with a new system for reporting fraud and cybercrime.

1.37 In September 2023, the Home Affairs Committee launched an inquiry into fraud, publishing its key conclusions and recommendations in May 2024. The committee made several recommendations relevant to statistics and data, including the following:

The replacement of the Action Fraud system should be prioritised and completed by the end of 2024.
The replacement system should build on The National Fraud Intelligence Bureau’s capability to identify patterns and trends in fraud to better support victim outcomes.
The government should clarify the roles and responsibilities of the different bodies involved in fraud to provide more accountability and clear reporting lines.

« Previous

Download PDF version (405.29 KB)