Fraud Charter: Interim remediation is ‘vital’ while Online Safety Bill progresses

As Google ad spoofing becomes a more prominent fraud threat for the insurance industry, it is “absolutely vital” that the technology sector steps up and “puts in place interim remedial measures to protect online users” while the government’s Online Safety Bill (OSB) progresses, according to Mark Allen, chief fraud and financial crime officer at the ABI.

Ad spoofing involves fraudulent organisations - often claims management companies (CMCs) - buying popular ad words on search engines such as Google. When policyholders then search for their insurer’s details online via their mobile following a road traffic accident, for example, the fraudulent contact details appear more prominently then the genuine insurer’s information, tricking policyholders to use their phone’s ‘click to call’ function to contact the CMC rather than the insurer.

Speaking at Insurance Times’ September Fraud Charter roundtable, in association with Carpenters Group on 21 September, LV= claims crime prevention technical controller Graham Olford described Google ad spoofing as one of the “biggest issues” the insurer is seeing - especially following the launch of the Official Injury Claim (OIC) portal in May.

‘Disjointed’ legislation

Aiming to identify and remove harmful content on the internet, the draft OSB was published on 12 May 2021. After failing to include fraud via emails, advertising or cloned websites, the UK government announced several calls for evidence to improve the legislation – the last deadline for submission was 16 September 2021.

The next step for the bill involves parliamentary scrutiny of the draft, determining what will be included in the law once it becomes an act.

Under the draft OSB, which was first proposed under Theresa May’s leadership in December 2020 and called the Online Harms Bill, telecommunications and broadcasting competition authority Ofcom can levy unprecedented fines up to £18m or 10% of a firm’s global turnover – this is an “eyewatering” sanction, noted Allen.

The Department for Digital, Culture, Media and Sport (DCMS) is also considering how online adverts are regulated through its Online Advertising Programme – the consultation for this is expected to happen in Q4 2021, followed by the government’s response in 2022.

Despite these ongoing initiatives, Allen believes the response from the UK’s top brass around online safety “feels a little bit disjointed”.

He said: “In my view, the government is gambling on the Online Advertising Programme, about which little is known [except] being the primary vehicle for dealing with fraud perpetrated via paid-for advertisements.

“Advertising regulation has so far focused on the advertiser and the content of the ad rather than the platform hosting the ad, so I think that’s an added complexity that will need a change of mindset.

“We know that the consultation is not expected on the ad programme until the end of the year at the earliest, which will inevitably be subject to a period of prolonged scrutiny before it comes to fruition. It also remains to be seen how robust any sanctions will be under that programme.”

Carpenters Group head of public affairs Andy Thornley echoed Allen’s sentiments, noting that “the Online Safety Bill hasn’t been amended in the way that we potentially want it to [in order] to put a greater responsibility upon technology firms for the adverts that they run”.

He added that the OSB only covers user generated content like ghost broking, therefore CMCs or lead generation firms that spoof an insurer’s claims number using Google ad words wouldn’t be covered by the act – this is because “Google ad spoofing does not necessarily fit into the criminal definition of fraud, [so] it sometimes falls between the gaps”.

Call to action

In a bid to tackle this issue while also creating an honest and open debate between the insurance industry and the UK government, Carpenters Group has been working with the chair of the Insurance and Financial Services All-Party Parliamentary Group (IFSAPPG) Craig Tracey and the Chartered Insurance Institute (CII) secretariat to deliver a summit for the stakeholders affected by ad spoofing.

Thornley said: “We are working through the logistics of this and understanding who needs to be around that table.

“There has been engagement to date, but it has been somewhat piecemeal. The aim of this summit when we’ve discussed this with Craig Tracey is to use the APPG as a convening force – [this] will bring more gravity than just the industry themselves when we get around the table and Craig sees a lot of value in that. It’s something that he’s keen for the APPG to do, to be more active in solving issues that pertain to the insurance industry.”

Carpenters Group hopes colleagues from the government will join the summit, alongside a representative from the tech giant Google.

Donna Scully, director of Carpenters Group and Fraud Charter chair, also encouraged insurers to get involved.

Thornley added: “I think the proof is in the pudding. If you pull your mobile phones out and search ’Aviva claims number’ right now, you will be served with digital ads from mobile only searches for these services, so basically that is the acid test – are these ads still getting through when people search and unfortunately, in the interim period, that’s really where we need to tackle.”