The UK's Fraud Act became law in mid-January, but experts are not convinced it will prove effective. "The Fraud Act 2006, while welcome, is likely to have little immediate effect on businesses, because its main purpose is to speed fraud cases through the courts," said John Smart, fraud partner at Ernst & Young. "It does not address the major bottleneck - a lack of police investigation resources."
However, the mechanics of the new act should make prosecuting cyber fraud easier. Previously, a victim of any alleged fraud would have to be identified, and the value of their loss estimated. Now the intent and ability of the accused to commit fraud is the central issue. The Act also makes it illegal to possess phishing kits or any other equipment designed to commit fraud - this, in theory, would include emails. It states that writing software "knowing that it is designed or adapted for use in ... connection with fraud" can result in a sentence of up to ten years.
Susan Mann, counsel, Reed Smith Richards Butler, said: "This will have a big impact on online fraud. The act is very broad and gives prosecutors a lot of latitude. this should enable much easier prosecutions." However, Jonathan Middup, fraud director at Ernst & Young, sounds a note of caution: "Businesses should establish fraud policies and procedures to deal with such an event, not simply expect this new act to do the job for them. Very few businesses I encounter have all the pieces of the jigsaw in place, and this is part of the reason that 19 out of 20 frauds go unpunished."