Cyber Security:

Fraud Act 2006

The Fraud Act 2006 was introduced to simplify a notoriously complex Act of Parliament called the Theft Act.

The previous law defined a large number of types of fraud, often tied to specific circumstances, that made for complex cases that were difficult to prosecute and for juries to understand. In fact, it wasn’t until 1996 that obtaining money from a fraudulent bank transfer was specifically illegal in the UK!

The Fraud Act defines fraud in three ways:

false representation

failing to disclose information

abusing power.

In each case, the defendant’s conduct must be dishonest with the intention of making a gain, or must cause a loss (or the risk of a loss) to another person or individual.

Crucially, no actual gain or loss needs to be proved – the fraud might have been unsuccessful or it was stopped before it could take place.

The Fraud Act can be used against anyone attempting to perform fraud whether or not it takes place over the internet.

However, Section 11 of the Act makes specific reference to electronic fraud and can be used to prosecute in response to:

dishonestly obtaining electronic communications services such as a telephone, ISP or satellite television subscription

cloning mobile phones so that calls made on one handset are billed to another

reprogramming mobile phones to interfere with their operation or change their unique identifier information

breaking encryption on encrypted communications services such as subscription television services or telephone conversations.