Ireland needs stronger anti-fraud policies to protect consumers

• Bank of Ireland sets out four point plan to increase consumer and business protection
• Plan aims to significantly curb bogus online advertising, allow organisations to track and tackle fraudsters in real time, and block spam texts
• Fraud and scams cost Ireland €100 million in 2023, up 16% on 2022

Against a backdrop of a 76% increase in investment fraud this year, Bank of Ireland has today outlined a four point plan to better protect consumers and businesses from fraud. The plan calls for action in a number of areas where consumers are especially vulnerable to fraud, and where change is urgently required.

The plan includes restricting online advertising for financial products and services to financial services providers that are regulated, the development of a shared fraud database, the introduction of an SMS scam filter, and for a co-ordinated national financial crime strategy to be put in place.

For consumers and businesses, these actions would better protect them from the wave of fraud attempts they are vulnerable to through text messages, social media ads, and search engine results. For corporate Ireland and the State, these actions would allow for the rapid sharing of information to track and tackle fraudsters in real time, and for the national response to this fast-evolving and insidious threat to stay one-step-ahead ahead of the criminals.

Bank of Ireland’s four point plan

1. Ensure that online advertising for financial products and services is only permitted by regulated financial service providers. Bank of Ireland believes that national and European legislation should be amended so that online platforms may only publish advertising for financial products and services from companies that are regulated by their competent national authority.
2. Prioritise the introduction of a Shared Fraud Database in Ireland. Financial institutions, utility companies, and payment companies are not allowed to share details of fraud between them. A shared fraud database in Ireland would facilitate the sharing of important fraud related information and would help to prevent customer losses more swiftly.
3. Introduce an SMS scam filter. ComReg has highlighted that Ireland is out of step with other English speaking countries in not having an SMS scam filter. This filter would operate like the spam filters that are applied to email inboxes by detecting and blocking harmful links or content. An SMS filter is already in place in some EU Member States. The introduction of a SMS scam filter in Ireland would require new legislation by the Department of Environment, Climate, and Communications which in our view should be prioritised.
4. Develop a National Financial Crime Strategy. The development of a comprehensive National Financial Crime Strategy, led by the Department of Justice, would help deliver a coordinated approach to the prevention of all types of financial fraud.

Myles O’Grady, CEO of Bank of Ireland, said:

“Financial crime respects no individual, no company, no Government, and no border. It constantly evolves to target us in new ways and to steal money, hurting individuals and society as a whole. That is why we are calling for action, setting out four important proposals to help combat this problem.

“To the end of 2025, Bank of Ireland will spend €50 million to protect our customers from fraud. This includes resourcing a dedicated fraud team which works 24/7 to catch fraud attempts, and which our customers can call anytime, day or night. We’re also investing in technology, and run an always-on, high-profile consumer awareness programme. Criminals constantly evolve, however, and we all need to work together on this serious problem.”

Paul O’Brien, Bank of Ireland security, said:

“We’ve seen a 76% increase in investment fraud attempts in the first half of the year. On any given day, you can find ads online supposedly fronted by high-profile politicians, business people, and journalists offering huge returns for small investments. They’re fake ads, however, but they’re everywhere and they’re catching people out. Similarly, consumers face a wave of fake texts, each of which is trying to get them to divulge confidential information.

“Ireland has become an outlier on a number of fronts. This is no doubt attracting even more fraudsters to target Irish consumers and we need swifter policy action to combat this. Other countries in Europe and around the world are taking firm steps to interrupt the criminals and protect the consumer, and Ireland needs to follow suit.”

Bank of Ireland has written to the Oireachtas Committee on Finance, Public Expenditure and Reform and political parties in Leinster House to set out the four interventions in detail, and to explain how these actions would significantly enhance consumer and business protection from fraud and financial crime. The Bank has asked political representatives to consider including these four interventions in manifestos that are currently being prepared for the coming General Election.

Notes to Editor

Further detail in relation to the Bank of Ireland four point plan is below.

1. Ensure that online advertising for financial products and services is only permitted by regulated financial service providers

   Companies providing financial products and services must be regulated by their competent authorities in order to do so. For example, Irish retail banks – like Bank of Ireland – are regulated by the Central Bank of Ireland (CBI) and the European Central Bank (ECB) to provide financial services in the Irish market, and are subject to CBI guidance on advertising and the Consumer Protection Code. In contrast, fraudsters – which are obviously not regulated by any authority – can advertise fake financial services and products directly to Irish consumers via paid advertising on online platforms.

   Bank of Ireland believes that national and European legislation should be amended so that online platforms may only publish advertising for financial products and services from companies that are regulated by their competent national authority. In practice, this would mean that before accepting an advertisement for a financial product or service an online platform would be required to check if the company is regulated to provide these services. The list of regulated companies is publicly available on the CBI website and, in the case of banks, also on the ECB website. Any company not regulated to provide a financial service would not be permitted to advertise online.

   Why are we making this proposal?

   Bank of Ireland’s security intelligence and anti-fraud teams have identified that an increasing number of consumers are falling victim to fraudulent advertisements hosted by social media companies and search engines. The fraudulent advertisements are often sponsored content, meaning online platforms are paid to display these advertisements. However, the advertisements in question are entirely false and are simply designed to defraud and extract money from consumers.

   Such advertisements will often offer financial rewards for an upfront investment and take the form of fake crypto investments, bond purchases, or savings products. Some advertisements may include fabricated endorsements from well-known public personalities such as politicians, entrepreneurs, or celebrities, or take the form of a fake media article endorsing the investment which purports to be from a reputable media publisher but which is also, in fact, entirely false.

   Fraudulent advertisements often ask consumers to fill in their contact details, after which they are targeted directly by telephone or email. Unfortunately, due to the nature of investment scams it can be weeks or months before a victim realises they have been defrauded. Digital advertisements can be temporary in nature, meaning that new and different scams appear all the time. Bank of Ireland regularly reports these advertisements to online platforms, yet the problem continues to persist.

2. Prioritise the introduction of a Shared Fraud Database in Ireland

   Today, a fraudster can attempt to defraud multiple institutions at the same time without each institution being aware that others are also being targeted because financial institutions, utility companies, and payment companies are not allowed to share details of fraud between them. However, a shared fraud database in Ireland would facilitate the sharing of important fraud related information and would help to prevent customer losses more swiftly. For that reason, we strongly encourage the introduction of a shared fraud database for Ireland. To facilitate this, enabling regulations are required under the Data Protection Act 2018 by the Department of Justice.

   Similar fraud information sharing structures are already in place across Europe and in the UK, where Bank of Ireland has first-hand experience of the process. Since 2006, a range of organisations – including lenders, postal services, insurance companies, credit unions, and government authorities –share fraud data and intelligence using the UK’s National Fraud Database. Relevant in scope information is managed and co-ordinated by a not-for-profit organisation, Cifas, and more than 400 member organisations can access an information database to help identify potential fraud cases and stop them before damage is done.

   Bank of Ireland’s UK business uses this database every day, and from July 2023 to June 2024 Cifas helped us prevent £20 million (€23.3 million) worth of suspected fraud loss. In the same time period, the Bank filed over 960 instances of fraud and suspected fraud to the database to prevent our customers and other organisations from falling victim. Cifas has reported that, across its UK members, it has prevented tens of thousands of repeat identity-theft cases each year.

3. Introduce an SMS scam filter

   Consumers and businesses regularly receive fraudulent text messages. Typically, through these texts fraudsters will pretend to be from a business or an organisation with a very large customer base such as utility companies, tolling companies, banks, delivery companies, post services, and State entities such as the Revenue Commissioners. Regardless of how they are positioned, all of these texts have the same goal – to trick a consumer into divulging confidential financial information. Fraudulent texts may include a link or attachment which leads to fake websites or downloads malicious software (mobile malware) to the phone. The fraudster then uses the information collected to steal money and/or carry out unauthorised card transactions.

   ComReg, in response to its recent consultation on combatting scam calls and texts (April 2024), has highlighted that Ireland is out of step with other English speaking countries in not having an SMS scam filter. This filter would operate like the spam filters that are applied to email inboxes by detecting and blocking harmful links or content. SMS scam filters are already in place in the United States, United Kingdom, Canada and Australia, and their introduction in Ireland would bring the country into line with these major English-speaking markets. This is important because English-language spam texts, wherever they arise, can and are easily repurposed to target Irish consumers so the level of consumer protection in Ireland should strive to match those which are in place in these other major English-speaking countries.

   At a European level, an SMS filter is already in place in some Member States. The introduction of a SMS scam filter in Ireland would require new legislation by the Department of Environment, Climate, and Communications which in our view should be prioritised.

4. Develop a National Financial Crime Strategy

   Criminals are increasingly focusing on financial crime to steal money and fund criminal enterprises. The nature of the fraud threat is constantly evolving and becoming more sophisticated which requires a rapid response from industry and Government to stay ahead of the fraudsters. The development of a comprehensive National Financial Crime Strategy, led by the Department of Justice, would help deliver a coordinated approach to the prevention of all types of financial fraud. Such a strategy should involve a wide range of entities including law enforcement agencies, banks, online service providers, payment service providers, telecoms companies, and State entities. This would significantly enhance everyone’s ability to curtail fraud and enhance protections for consumers and businesses. The UK has established a similar structure with its public-private Economic Crime Plan which includes participation and input from the financial and legal sectors.