Financial fraud losses across payment cards, remote banking and cheques totalled £755m in 2015, up 26% on 2014 and driven largely by identity theft,according to Financial Fraud Action UK (FFA UK).
Cyber criminals are increasingly using malware and social engineeringattacks to acquire personal, financial and card data that can be used to commit fraud.
Payment card fraud accounted for 75% of the total losses, followed by remote banking fraud (22%) and cheque fraud (3%).
Fraud losses on UK cards totalled £567.5m in 2015, a rise of 18% from the previous year.
The largest proportion of card fraud losses was due to remote purchase fraud (70%), followed by lost and stolen cards (13%), counterfeit cards (8%) and card ID theft (7%).
Remote purchase fraud, including e-commerce fraud, accounted for £398.2m in losses, up 20% from the previous year in value and up 17% in volume.
According to FFA UK’s latest annual report, much of the increase in remote purchase fraud is due to fraudsters using card details stolen though data hacks and malware.
Counterfeit card fraud occurs when a fake card is created by a criminal using compromised details from the magnetic stripe of a genuine card.
This typically occurs as a result of criminals stealing details from a UK-issued card which is then used to make a fake magnetic stripe card for use overseas in countries yet to upgrade to Chip and PIN.
However, because of an increased roll-out of Chip and PIN technology around the world, counterfeit card fraud losses fell by 5% to £45.3m in 2015.
Card ID theft fraud
Card ID theft fraud occurs when a criminal uses a fraudulently obtained card or card details, along with stolen personal information, to open or take over a card account held in someone else’s name.
This type of fraud is either due to third-party application fraud or account takeover fraud. Third-party application fraud occurs when a criminal uses stolen or fake documents to open an account in someone else’s name. Account takeover occurs when a criminal takes over another person’s genuine card account, first by gathering information about the intended victim, often through deception scams, then contacting the bank or card issuer and pretending to be the genuine cardholder.
Remote banking fraud losses are made up of losses in internet banking, telephone banking and mobile banking.
Total remote banking losses increased by 72% to £168.6m in 2015, mainly due to scams in which a criminal dupes the victim into giving away their personal and security details, which the criminal uses to gain access to the victim’s bank account, the FFA UK report said.
“Criminals are also increasingly targeting business and high-net-worth customers, resulting in a greater increase in the value of losses compared to the volume of cases,” the report said.
Internet banking fraud
Internet banking fraud, which covers fraudulent payments taken from a customer’s bank account using the internet banking channel, rose by 64% to £133.5m in 2015.
The number of cases increased at a lower rate of 23%, which the FFA UK said is evidence of the growing trend for criminals to target high-net-worth and business customers.
The report included data on fraudulent payments made from a customer’s bank account using a mobile banking app, which accounted for £2.8m losses in 2015.
For the first time, the FFA UK report also included data on fraud prevention and showed that although £755m was lost due to fraud in 2015, prevented fraud was more than double that figure – £1.76bn.
Incidents detected and prevented
This represents incidents that were detected and prevented by the banks and card companies and is equivalent to stopping £7 in every £10 of attempted fraud.
A total of £843.6m of card fraud was stopped by banks and card companies, and £524.6m of attempted remote banking fraud was stopped by bank security systems.
Commenting on the FFA UK report, John Lord, managing director of identity data intelligence firm GBG, said data exchanges between consumers and organisations need to be more open and transparent.
“When your ID is stolen, your details are compromised and are very likely to be blocked by the organisation involved,” he said. “But if that happens to be your bank account, what happens to your recurring payments, subscriptions or even your credit history?
“Putting a complete stop against your identity data can sometimes cause more harm than good, such as inadvertently defaulting on a mortgage payment.”
Lord said it is therefore vital for organisations to take a wide-ranging view of identity to ensure those affected by fraud do not experience additional problems by their account being blocked.
“If someone who recently experienced a card fraud is attempting to make payments to an online retailer, for instance, the organisation should be able to request additional, uncompromised personal information in order to authenticate the customer, rather than simply stop the transaction entirely,” he said.
“In the battle against fraud, we actually need access to more personal data – not less – to validate that what you have been told by the customer is authentic.”
Lord believes data is a big part of the solution to combating fraud and cyber crime. “By having an open and transparent data exchange between consumers and organisations, it actually means there is more ‘good’ data in circulation,” he said. “This can then be used to provide accurate insights and intelligence that will help stop the increasing number of bad guys in their tracks.”
Securing payment card numbers
Tim Critchley, CEO of security firm Semafone, said there needs to be more focus on securing payment card numbers across all payment channels.
“Online transactions represent only one piece of the payment puzzle,” he said. “Consumers can’t forget that giving card details over the phone is also incredibly risky if the right security is not in place.”
A large proportion of people in the UK give card details in public when speaking to contact centre agents, said Critchley.
“It’s such a basic mistake, but it can be extremely costly, purely because anyone listening in to the conversation can take down the numbers and use them to commit fraud,” he said.
Critchley said that while it is important for companies to ensure they are implementing the most stringent security measures possible, consumers must also take responsibility for their own data security.
“They should be more vigilant when it comes to supplying card details, whether online or over the phone,” he said.
[Source:- Computer Weekly]