Although the Online Safety Bill may help combat romance scams, insurers and brokers should think about how they can protect customers from social engineering attacks 

Virtual dating platforms and apps are fast becoming a hotbed for fraud, as highlighted by the Netflix documentary The Tinder Swindler.

The documentary tells the story of so-called ‘Tinder Swindler’ Simon Leviev, who allegedly defrauded a series of women that he met via dating app Tinder out of around $10m (£7.9m) in total.

Romance-related scams such as this are becoming more frequent, according to Aviva. Research published by the insurer in February 2021 found that 14% of respondents have been a victim of romance fraud.

Individuals aged between 25 and 34 are 27% more likely to fall prey to these schemes, with 34% of respondents in this age bracket targeted by romance scammers during the Covid-19 pandemic alone.

This trend raises a red flag for the insurance industry around the risk of fraud conducted through virtual reality platforms or metaverses, as well as potential issues determining liability following a financial crime.

Paul Mang, chief innovation officer at Guidewire Software, told Insurance Times: “Stories such as the Tinder Swindler are a reminder that social engineering can be incredibly powerful and insurers should be thinking about how they pro-actively add value to their customers’ lives by protecting them against this.

“That may not come in the form of insurance cover, but instead through education and advice, or perhaps through proactive services based on data analysis and artificial intelligence (AI) that identify and protect against irregular financial activity.”

With brokers playing a fundamental role in end customer education, they too have a chance to step up to advise clients around romance scam risks.

“Insurers cannot and should not shy away from the broader responsibility they have to their customers,” Mang continued.

“In taking a stand, they will not only benefit their customers, but also themselves through the creation of meaningful and productive relationships that extend well beyond the yearly renewal cycle.”

Don’t sue the middleman

Stuart Dobbins, Romero Insurance Brokers’ technical claims manager, said that because dating apps and websites are classed as “the middleman”, they would not be liable following a fraudulent incident as the onus of vetting a potential date ultimately falls on the user - the app just facilitates the vetting process.

Dobbins said: “The dating app is a medium, but as long as it is not in itself facilitating payments between parties in a formal way, then I don’t think there is anything that could come back on them.” 

However, if dating apps charge customers a fee to vet users, in a bid to offer a “higher quality” experience, then this could create an assumption of trust between the app and its users - this could then be undermined by a fraudster.

For example, users who pay for “high-end” dating services, such as Eharmony, will find that it “inherently filters out the more dubious side of the dating world”, Dobbins suggested. 

Looking at Tinder’s pricing plan, Dobbins said the premium features it offers are ones which boost users’ own profile – it does not make promises about the quality of other users. 

“The claims made by the service are simply that their algorithm tends to pair people who are most likely to find love. It does not make any statement about the moral qualities of those with whom one is being matched and, therefore, I would tentatively suggest that the ability of an individual to claim against any dating app is virtually impossible,” Dobbins added.

The regulatory stance

In terms of regulation that could help combat romance-linked fraud, the draft Online Safety Bill (OSB) may prove beneficial because it now covers financial scams, unlicensed financial promotions, fraudsters impersonating legitimate businesses and fraudulent adverts.

Many in the insurance industry like Aviva and Guidewire have campaigned for financial scams to be included in the bill’s scope. 

Within the bill is a fraudulent advertising duty, which requires social media platforms to prevent and minimise online spoof adverts. Firms that fail to comply with the fraudulent advertising duty could be fined up to 10% of their annual global turnover by regulator The Office of Communications (Ofcom).

On 19 April 2022, during the bill’s second reading in the House of Commons, Conservative member of parliament Damian Collins said: “The regulator will have the power to regulate the metaverse and anything that is a user-to-user service is already in scope for the legislation.

“The challenge with the [regulation] will be how do you moderate a conversation between two people in a virtual room as opposed to textual content they are posting? It’s much harder and the technology will have to adapt to do that.”

Despite describing the OSB as a “positive step forward” in protecting consumers from large scale financial fraudsters, Mang added that ”where things get more difficult” is ”dealing with one-on-one online interactions”, such as the conversations that may take place on dating platforms.

Mang added: “Insurers have been right to welcome [the OSB] changes, but it will change the risks that some of their customers face.”

This will be “particularly true” concerning professional indemnity (PI) insurance for senior executives at social media companies and other online platforms - these individuals may face fines or prosecution if they fall outside the OSB rules, Mang noted. 

Data privacy

However Steve Kuncewicz, partner and head of the creative, digital and marketing sector group at law firm BLM, believes the main challenge facing social media firms and dating platforms is data protection-related group claims.

BLM, for example, is currently seeing UK group claims around the misuse of personal data. This includes allegations fired at platform TikTok in April 2021 by former children’s commissioner for England Anne Longfield over how it collected and used children’s data. 

Kuncewicz said there was ”an appetite amongst aggrieved users to take action against platforms and potentially for litigation funders to back them” for data privacy claims.

He continued: “We’re yet to see any wider breach of duty claims brought against social platforms in the UK, however this may change when the OSB - which aims to make the UK the safest place in the world to be online through the introduction of a specific duty of care upon businesses to prevent harm to their users - receives Royal Assent.”

Kuncewicz added that ”whether or not existing cover responds or new products are needed” around claims targeted at social media firms ”is going to be a key issue for big tech and for the insurance market as a whole.”


What is the draft Online Safety Bill (OSB)?

The draft OSB aims to regulate the internet by getting tougher on misinformation and illegal content. Broadcast regulator Ofcom has been enlisted to enforce the OSB, which covers unlicensed financial promotions, fraudsters impersonating legitimate businesses and fraudulent adverts.

Rob Lee, Aviva’s fraud prevention and casualty claims director, said: “This legislation could not be more urgent as it comes at a time of significant increases in the cost of living and increased financial stress. We know that fraudsters target and exploit people with low financial resilience.”

How have dating apps and websites responded to The Tinder Swindler?

A Bumble spokesperson told Insurance Times: “Safety is a top priority and core to Bumble’s mission to empower healthy and equitable relationships.

”Our teams are taking quick action to block any new or potential copycat accounts from being created. We encourage our community to report any account using Simon’s details or photographs to our teams so we can take action.”

What other major group claims have taken place against social media networks?

In April 2021, TikTok was sued over its alleged harvesting and use of children’s personal data through an ’opt-out’ representative claim brought by Anne Longfield, the former children’s commissioner for England. The case was eventually settled for $92m (£73m)

Tech giant Google, meanwhile, was sued by Richard Lloyd - consumer protection campaigner and former head of Which? - for breaching the data of four million Apple iphone users on the Safari browser unknowingly between 2011 and 2012.

In November 2021, the Supreme Court ruled against compensating every data subject in the non-trivial data breach for “loss of control” of personal data.