Fraud against individuals

Brå’s assessment

Fraud against individuals is a crime with serious consequences, and affects both individuals and society as a whole. Telephone fraud is of particular concern, as it often results in considerable financial and emotional harm to the victim, risks eroding trust in society’s institutions and systems, and provides significant proceeds of crime to criminal networks. Other types of fraud also have serious consequences. Brå therefore believes that it is important to generally prioritise crime prevention work to counter fraud against individuals.

Brå has identified a large number of vulnerabilities that facilitate crime, both among potential victims and in the technical and structural circumstances. The overall assessment is that, with a few exceptions, these vulnerabilities are addressed by some form of preventive measure. However, it is clear that fraudsters are constantly developing their methods and strategies, and are identifying new vulnerabilities in technology, structures and individuals. The continued high – and, in many respects, rising – levels of crime also show that the preventive work being carried out is not sufficient, and that there is a need for further development and improvement.

Fraud involves deceiving people, and as technology becomes more secure, fraudsters are increasingly targeting the individual. Measures to make potential victims less likely to be deceived are therefore essential. However, these measures need to be designed to make them even more relevant to the target groups, including more practical elements. At the same time, digitalisation means that individuals have been given greater responsibility for protecting their banking assets, and are now reliant on digital solutions that they do not always master. Banks and other actors – within both the private sector and the public sector – who develop and provide the services and systems used in fraud therefore need to take back some of the responsibility and protect the individual better through more secure solutions.

Brå also sees a need for a clearer overall perspective within fraud prevention work, where technology and information are used in partnership to respond better to fraudsters’ rapid adaptations. Technology can be used to make the information more accurate, relevant and clear. This information is, in turn, needed to ensure the correct use of the technology.

Brå’s recommendations:

• The police should take a leading role in fraud prevention work. Increased support is needed for the police regions and local police districts in terms of how the local levels can include fraud in their status reports and action plans. To ensure that the problem descriptions drawn up by the police are relevant for fraud prevention work, they should also include attempted crimes and reports that are dismissed immediately. The police also need to update and improve the relevance of existing information and training materials on fraud by further enhancing target group adaptation and adding more and better adapted practical elements. In addition, broad implementation of the crime prevention strategy within the authority is required.
• The Swedish Police Authority, in collaboration with agencies such as the Swedish Association of Local Authorities and Regions, the Swedish Theft Protection Association, the Swedish Internet Foundation and the Swedish Civil Contingencies Agency, should develop and systematise targeted information initiatives for children and young people who risk being used to launder money.
• To make it harder to prepare for fraud and to launder the proceeds of crime, the Swedish Companies Registration Office, the Swedish Internet Foundation, online platforms and search engines should increase their checks on company and domain representatives, websites, user accounts and adverts. In particular, Brå has identified a need for the Swedish Companies Registration Office – in accordance with the proposals contained in SOU 2023:34 – to expand its checks on company representatives.
• The Government should review the opportunities for limiting the publication of personal data that can be used to identify potential victims of fraud.
• The Swedish Post and Telecom Authority, telephone operators and the Swedish Telecom Advisors should continue and accelerate their work to combat spoofed phone numbers, and should extend this work to other areas, such as the fraudulent use of text messages and mobile
  phone numbers.
• The Government should move forward with the proposal for a state eID. This eID needs to be implemented and ultimately developed.
• All banks should ensure that BankID’s solutions for secure identification and signing are fully implemented. At the same time, non-secure options should be phased out. Banks should also continue to develop more secure digital banking, particularly in connection with authorised transactions (when the victim is tricked into carrying out a transaction themselves). Areas where Brå has identified particular opportunities for development include banking products with voluntary restrictions and individual-based transaction monitoring.
• Different actors within society should develop the use of push notifications and alerts that relate to an individual’s activity. Brå has also identified an opportunity to make greater use of measures that push people towards the secure alternative, known as nudging.
• Public actors at all levels should increase their support for people who need help using digital services, such as digital banking, digital social services and digital commerce. This applies in particular to municipalities, which have had a responsibility for crime prevention work since 1 July 2023 (in accordance with Act 2023:196).
• The anticipated effects of both technical and structural measures, as well as measures to strengthen potential victims, need to be evaluated and followed up on. Technical and structural measures should also be preceded by risk or vulnerability assessments. These assessments and evaluations should include analyses of any displacement of crime, as well as whether the measures involve any undesirable consequences, such as for groups who do not make use of new solutions or procedures.