The Metropolitan Police commissioner, Sir Bernard Hogan-Howe, has said that victims of online fraud should not be refunded by banks because it "rewards" the public for having a lax stance on cybersecurity. Instead, Britain's most senior police officer believes people need better incentives to embrace better cyber-hygiene such as regularly installing anti-virus updates and ensuring passwords are kept secure.
"If you are continually rewarded for bad behaviour you will probably continue to do it but if the obverse is true you might consider changing behaviour," he told The Times. "At the moment I would argue that there is no incentive for you to do anything to protect yourself or update your software so if you get your card hiked in one way or another you get your money back.
He added: "To be fair to the banks, if one says they'll do it and the others don't that's a competitive advantage. The system is not incentivising you to protect yourself. If someone said to you, 'If you've not updated your software I will give you half back', you would do it."
In response to media reporting of the comments, the Met posted a statement online that said it was wrong to interpret Hogan-Howe's views as a "as a proposal that fraud victims should not be compensated." The police force stressed the comments were "not a blanket proposal for all online fraud victims."
The Met said:
"The Commissioner's comments have been reported fairly in the Times article. He made it clear that, in line with traditional crimes, prevention is essential and we all have a responsibility to stop criminal behaviour. His comments focused on consumers who don't take basic precautions such as adequate password precaution and security measures - not a blanket proposal for all online fraud victims. It has a parallel to insurance companies who do not pay out on claims if the front door is not secure or car left unlocked. To suggest otherwise is misleading."
UK police are set to include detailed cybercrime figures in their official crime statistics for the first time in July and Sir Bernard has warned the inclusion could see crime figures double. While last year, the UK Office of National Statistics estimated that over three million adults in England and Wales were victimised by online fraud between 2014 and 2015. The survey, which also included figures on internet-based crime for the first time, found over five million separate incidents of online fraud.
While banking insurance has been a hotly-debated topic in security circles in the wake of major security incidents at firms like HSBC and Barclays, Sir Bernard is the first senior official to suggest such a potentially extreme measure.
'Faceless' crime on the rise
The police chief's comments come after Home Secretary Theresa May warned that technology is allowing cybercriminals to operate on a massive scale and with "greater speed and anonymity" than ever before. "This is the reality of a great deal of crime today: faceless, contactless and conducted from a distance," she said at an international crime and policing conference on 23 March.
"It is changing the nature of victimhood, changing the nature of crime, and changing the nature of police investigations – and if we are to keep pace, if we are to stop these crimes, our response to crime prevention must change too."
May claimed that spy agency GCHQ estimates that 80% of all cybercrime in the UK could be prevented by better security and – echoing the sentiment of the Met commissioner – said people need to remember to download security patches and create better passwords to effectively help fend off cyber-crooks.