Online Fraud Charter agreed by largest tech companies

Published on 17 April 2024

The question

What are the obligations for tech companies that have signed up to the UK’s Online Fraud Charter (the Charter)?

The key takeaway

Signatories to the Online Fraud Charter will have to take a proactive approach to implementing new technologies and processes which seek to prevent the facilitation of fraud on their respective platforms. Participating tech firms must also work collaboratively with the UK Government and its enforcement bodies, helping them to address current issues as well as forecasting future risks.

The background

On 3 May 2023, the Government released its overall fraud strategy, focused on pursuing and blocking fraudsters and empowering the public to protect themselves against fraud. The Government plans to reduce fraud by 10% by 2025. It will measure the impact of industry in preventing fraud through the Joint Fraud Taskforce chaired by the Security Minister.

It is estimated that 80% of fraud is facilitated through online platforms, and consequently the Government has made tackling such cyber-enabled crimes a priority. In its strategy, the Government planned to agree a new charter with tech companies to tackle online fraud.

The development

On 30 November 2023, the Government announced that it had agreed the Charter with key tech companies including Google, Meta, Snap Inc., Microsoft and X. Signatories to the Charter have also been categorised into e-commerce marketplaces, firms with paid advertising services, social media networks, social media networks with peer-to-peer marketplaces, and standalone dating service providers. Certain actions in the Charter apply only to specific categories of firm.

  • The signatories have all agreed to take on several overarching action points including:
  • implementing processes to identify and remove content and users that are suspicious;
  • explaining these measures in their community guidelines;
  • implementing a simple reporting mechanism for users and law enforcement;
  • removing fraudulent activity immediately and taking appropriate enforcement action against users; and
  • (for marketplaces) identifying high-risk goods and offering secure payment mechanisms.

All businesses must also engage with the Online Advertising Programme’s Taskforce. Those that host paid ads must monitor ads by verifying new advertisers, particularly ensuring that financial services companies are authorised by the Financial Conduct Authority prior to an ad going live.

Another key part of the Charter is ensuring cooperation between the major platforms and various Government bodies, including the National Cyber Security Centre and the Information Commissioner’s Office. Businesses must provide information on how their platforms are working to keep users safe from fraud and engage with upcoming government campaigns to raise the profile of online fraud as a serious risk to the general public.

Why is this important?

Whilst many of the signing tech firms will already be implementing a number of the measures, the Charter highlights the growing prevalence and complexity of online fraud. The approach taken by the Charter recognises that tech platforms face varying risks dependant on their business model, userbase and functionalities, and the approach taken to combat such risks will therefore differ from firm to firm. The Charter reflects this by imposing obligations applicable to all businesses, with further specific actions depending on the nature of the operations and the related risks.

Any practical tips?

The Government has imposed a six-month timeline (from signing) for signatories to action the Charter requirements. Given that some of the actions require changes to the technology behind the platforms as well as amendments to existing guidelines, it will be important for businesses to begin implementing changes as soon as possible to meet the deadline. To this end, those that offer a multi-faceted platform to their users should consider which category their business falls under, and therefore whether any additional actions apply to them.

Following the initial six-month period, a review will be conducted against Ofcom’s Codes of Practice, and a further review will be conducted once the Online Safety Act (OSA) comes fully into force. Businesses must therefore be aware that there will likely be future legislative requirements for them to fulfil, and that compliance with the Charter will not necessarily mean compliance with the OSA or Ofcom’s Codes of Practice. Where there is conflict between the Charter and these regulations, the regulations will take precedence.

 

Spring 2024

Stay connected and subscribe to our latest insights and views 

Subscribe Here