We can do much more against online fraud

This article is from NRC .

Cybercrime Online Crime is growing tremendously, but there are plenty of opportunities to better protect consumers from it, say Jorij Abraham and Marianne Junger.

Since 2002, traditional crime has been declining annually. In contrast, the number of digital crimes such as online fraud and computer crime has skyrocketed since then. Businesses are being defrauded, extorted or hacked for millions online. Less well known is that fraud among consumers is also taking dramatic forms. And most fraud today is online. Since 2012, the number of reports has more than tripled, to 252,000 by 2021.

This is just the tip of the iceberg. Only 11 percent of consumers report online fraud to the police. Research by the University of Twente estimates that the damage to consumers in the Netherlands due to (online) fraud amounted to 2.75 billion euros in 2020. It was also recently revealed that online fraud reports are often not processed by the police because the chances of resolution are insufficient. The Netherlands is not unique in this. Worldwide, 41 billion euros were lost through online scams last year. The number of reports doubled in one year to 266 million.

Dutch society has been able to reverse the upward trend in crime before. Between 1950 and 2000, recorded crime rose from ten crimes per 1,000 inhabitants to 93 per 1,000. From the 1980s new policies were developed, partly through the work of a committee led by the late Hein Roethof. The essence was that the whole of society had to help prevent crime: the police could not do it alone. In this integral security policy, not only the authorities but also companies and organizations were jointly responsible. Despite skepticism among some academics, physical crime stabilized in the 1990s, then, in the new millennium, began to decline significantly. Between 2001 and 2017, the number of recorded crimes almost halved.

Wide-ranging action

A more effective cybercrime policy also requires broad action: from prevention and disruption of scammers to assistance to victims and detection of all involved. Everyone needs to improve: software and hardware manufacturers, internet providers and platforms, the government needs to come up with better legislation, organizations need to train their staff.

Read also: '17 percent of Dutch people will be victims of online crime in 2021' . At present, many companies and government agencies are making citizens aware of the dangers of scams, mainly with warnings of the type "beware, watch out". Research shows that many campaigns and training courses have insufficient effect. But it is essential to make citizens aware of the dangers from an early age. We need to do a better job of figuring out how best to do this.

Scammers are constantly changing tactics, story and medium. Society has gone from letter and phone through email and text massively to Facebook, WhatsApp and TikTok. Scammers are using the latest technology, and due to "deep fakes," recognizing scams will only become more difficult in the coming years. Whereas antivirus scanners and network filters stop most malware, consumers need more tools to recognize online fraud.

Belgium is further

A first initiative has been taken with veiliginternetten.nl , but there are more infrastructural measures to protect consumers. Belgium is already a lot further ahead. There, citizens send 12,000 phishing emails daily to the Center for Cybersecurity Belgium . That sends the data directly to internet providers, so that email accounts and websites can be blocked. This may reduce the number of online fraud cases in Belgium by 14 percent by 2020.

A second issue is the sharing of information. The Dutch Fraud Helpline was caught off guard by the Personal Data Authority in 2021 because it is not allowed to collect and store data on possible fraudsters. The result is that many organizations do not dare to share data about cybercrime in any way. And that is necessary to stop scams early and prevent more victims.

The European Commission seems to be slowly coming to the realization that the balance has been tipped. It is in the process of amending legislation. Brussels also recently reprimanded the Personal Data Authority for taking a too restrictive view of privacy legislation.

The National Cyber Security Centre (NCSC) in the Netherlands receives information about online threats from all sides and is only allowed to share that information with the central government and companies in vital sectors. In other words, the best secured organizations are helped, the small organizations, which are often less secure, are not.

Sharing data is essential for tackling fraud and preventing it. Scammers often have hundreds of websites and operate in dozens of countries. By sharing data on a national and international level, criminal activity can be identified much more quickly.

Anonymity

Furthermore, the anonymity of consumers who are online needs to be considered. Why can anyone in the Netherlands start a webshop, while the physical shopkeeper has to completely identify himself, has to have certificates and is often inspected annually? Denmark now requires proof of identity from anyone who wants to start a .dk website. The number of fake webshops has therefore fallen by 80 percent in one year.

It is also important that the size, knowledge and powers of the police are expanded. "The Dutch police need much more manpower to combat digital crime, now that Dutch people are almost as often victims of traditional crime (17.1) as of online crime (16.9)," according to the 2021 Security Monitor.

Finally, there is a challenge in broadening the cooperation powers of the police. This applies not only in the Netherlands between the police and the business community, but especially internationally, between the Dutch police and agencies such as Europol and Interpol. A request to share data through the formal route now often takes six to nine months. A foreign police unit that would like to take action if consumers are cheated in the Netherlands - or vice versa - encounters major obstacles altogether.

Jorij Abraham is the General Manager, Global Anti Scam Alliance & ScamAdviser.

Marianne Junger is a professor of Cyber Security at the University of Twente.

Translated with www.DeepL.com/Translator (free version)