Case Studies

Fraud figures rise

by Mark Rowe

Card and online banking fraud rose during 2013, according to Financial Fraud Action UK (FFA UK).

Improved fraud detection and prevention systems used by banks and established internet retailers continue to have an impact, but FFA suggests that criminals are now targeting consumers and small businesses – driving the recent reported losses. While consumers are warned to be vigilant, the authorities point out that they continue to enjoy strong legal protections against bearing any personal losses – meaning online shopping remains safe and secure.

Fraud losses on UK cards totalled £450.4m in 2013, a 16 per cent rise on the total in 2012 of £388.3 million. This figure is still down 26 per cent since fraud was at a peak in 2008. At the same time, total spending on all debit and credit cards reached £532 billion in 2013, a rise of 6.1 per cent on 2012, with 10.9 billion transactions made in the year. Overall, card fraud losses as a proportion of the value of purchases on our cards has increased only slightly – from 7.1p for every £100 spent in 2012 to 7.4p in 2013 (in 2008 it was 12.4p for every £100). The total number of all transactions rose by over half a billion between 2012 and 2013.

Losses on remote card purchases (those made online, over the telephone or by mail order) increased by 22 per cent to £301.1 million in 2013, from £246.0m in 2012.

The UK is described as Europe’s leading online shopping economy with spending by British consumers online growing by 16 per cent in 2013 to reach £91 billion. Card payments are the main driver of this growth as they provide the most effective way to pay online. Debit and credit cards also offer consumers protection against fraud.

Online fraud against UK retailers totalled an estimated £105.5m in 2013, a rise of 4 per cent on the previous year. However, there has been a large increase in fraud against online retailers based overseas, rising 48 per cent to an estimated £57.8m.

Card security features, such as Chip and PIN, as well as real-time fraud screening techniques employed by banks and internet retailers, have forced criminals to change tactics. As well as tricking customers into handing over personal and financial details (including cards and PINs), for example over the telephone while posing as officers from the bank or the police, fraudsters are also making more digital attacks, such as malware and data hacks, to compromise card details.

Malware is malicious software which is unknowingly downloaded onto a computer and which then enables fraudsters to steal personal or financial information or perform unauthorised actions on the device. It is believed criminals are using these stolen details to commit fraud by targeting those online retailers which have not yet adopted security measures put in place by more established firms. To help tackle this trend, experts and the police are urging consumers and online businesses to install security software, often freely available from a customer’s bank. To prevent stolen card details being used to make purchases online, retailers are being advised to take steps to improve their security, including use of the online protection (including American Express’ ‘Safe Key’, ‘Verified by Visa’ and MasterCard’s ‘SecureCode’) and by following the prevention tips (below).

Meanwhile, the national campaign ‘Be Cyber Streetwise’ was recently launched by the Government, supported by FFA UK and offers further advice that consumers and small businesses can adopt to protect themselves while shopping or banking online.

Losses due to fraud on lost or stolen cards increased by 7 per cent to £58.9 million from £55.2m in 2012, with distraction thefts in shops and bars and shoulder surfing at ATMs highlighted. Meanwhile, ‘vishing’ over the telephone, with fraudsters tricking consumers into parting with personal or financial information, has been identified as a driver for the 14 per cent rise in card ID theft to £36.7m from £32.2m. In response, the industry is highlighting to consumers the ‘golden rule’ that the bank and the police will NEVER phone or email customers asking for their PIN or full online banking codes, or visit their home to collect a bank card.

Online banking fraud has increased by 3 per cent to £40.9 million from £39.6m in 2012. Intelligence shows this increase has also been driven by the rise in ‘vishing’ and malware. Fraudsters are increasingly targeting business customers rather than personal accounts due to the prospect of a potentially higher return.

Telephone banking fraud has fallen 8 per cent to £11.6m from £12.6m in 2012. This fall is said to have been as a result of tighter processes by banks which are designed to confirm customers’ identity.

Cheque fraud losses fell 22 per cent to £27.5m from £35.1m in 2012. Improved fraud detection methods used across the industry, including the digital analysis of cheques, has led to the fall.

Detective Chief Inspector Perry Stokes, Head of the Dedicated Cheque and Plastic Crime Unit, said: “Whether in the real world or online, these latest fraud figures show just how important it is for consumers and businesses to know how to protect themselves against fraud. Always make sure you have the latest security software installed on your computer, so you can safely shop and bank online. Fraudsters can be extremely persuasive – do not be fooled. Your bank or the police will never call, visit or email you to request your PIN, collect your bank card, or ask you to transfer money to another account. Anyone attempting to do so is a fraudster.”

Advice to consumers on how to take steps to avoid becoming a fraud victim:

• Ensure you have the most up-to-date security software installed on your computer, including anti-virus. Some banks offer free security software: check your bank’s website for details.
• Only shop on secure websites. Before entering card details ensure that the locked padlock or unbroken key symbol is showing in your browser.
• Always be suspicious of unsolicited emails that are supposedly from a reputable organisation, such as your bank or the tax office and do not click on any links in the email.
• Make sure you are the only person who knows the PIN for your card.
• Be aware: Your bank or the police will never phone, email or visit you to ask you for card PIN or to pick
up your card. Never hand your card over to anyone who comes to ‘collect it’.
• Shield the PIN with your free hand whenever you type it into a keypad in a shop or at a cash machine.
• Check your bank and card statements for unusual transactions. If you spot any let your bank or card
company know as soon as possible.
• Rip up or preferably shred statements, receipts and documents that contain information relating to your
financial affairs when you dispose of them. Some banks offer paperless statements.
• When writing a cheque make sure you draw a line through all unused space on the payee line and the
amount line to help prevent the cheque being fraudulently altered.

And advice to businesses on how to take steps to avoid becoming a victim of remote purchase fraud:

• Ask your bank or card processor about the online protection offered by card schemes, such as Verified by Visa, SecureCode by MasterCard and American Express’ ‘Safe Key’, which help make transactions over the internet safer from the threat of fraud.
• Know your customer: assess a customer’s profile, order and delivery details before accepting a transaction.
• Be wary of high value or unusual orders from customers you do not know, particularly if the product is easily resalable.
• Use the banking industry’s Address Verification Service, which compares the delivery address provided for the order with the billing address details for the payment card held by the card issuer.
• Maintain a record of fraudulent accounts and transactions to prevent further breaches – fraudsters will continue to attack businesses until the window of opportunity is closed.

Visit http://www.financialfraudaction.org.uk

And meanwhile the credit checking agency Experian reports a rise in detected and prevented fraud attempts in the second half of 2013 as financial services providers push forward in the fight against credit application fraud. According to the company’s latest Index, the overall level of detected and prevented fraud attempts rose by 18 per cent in 2013 across all credit products. In 2013, an average of 21 in every 10,000 applications for loans, credit cards, mortgages, savings accounts, current accounts and insurance were detected as fraudulent compared with an average of 18 in 10,000 fraudulent attempts in 2012.

The level of detected and prevented fraudulent applications for credit cards reached peak levels in the final quarter of 2013 (October to December 2013), the highest level recorded in the last three years. During 2013, 25 in every 10,000 applications were found to be fraudulent compared to 15 in every 10,000 applications for the previous year.

Insurance fraud

In the insurance market, the number of insurance applications found to be fraudulent reached its highest recorded level in 2013, with 17 cases detected in every 10,000 applications in 2013, compared with 12 in every 10,000 in 2012, a rise of around 40 per cent on the previous year.

Current account fraud

The number of current account applications found to be fraudulent has fallen over the year from a peak of 36 in every 10,000 in 2012 down to 29 in every 10,000 applications in 2013, a drop of over 20 per cent.

Fraudulent loan applications continue to account for the fewest detected number of fraud cases across financial services, with just 6 in every 10,000 applications discovered to be fraudulent in 2013. This was similar to levels during the same period the previous year, with five detected cases in every 10,000 in 2012. Identity theft now accounts for almost two thirds (63 per cent) of all the detected loan fraud cases, with falsification of a current address the main grounds for attempted fraud.

The automotive finance industry saw the number of known fraud cases in 2013 remain similar to the previous year, with 20 cases in every 10,000 applications compared to 17 in cases in every 10,000 in 2012. Hiding adverse credit was found to be the most common type of fraudulent behaviour.

Savings account fraud saw the number of known fraud cases in 2013 remain stable compared with the previous year with 12 cases in every 10,000 applications compared to 12 in cases in every 10,000 in 2012. The vast majority of fraud was committed via ID theft (44 per cent).

Mortgage fraud

The number of fraudulent applications detected for mortgage fraud declined in 2013, with 38 cases in every 10,000 applications in 2012, dropping to 30 in every 10,000 in 2013. Mortgage fraud fell to an all-time low since 2010 in Q4 2013, with 27 cases in every 10,000 applications detected during the final quarter. Misrepresentation on mortgage applications was the most common attempt at fraud, in particular hiding adverse credit followed by falsifying details of employment status.

Third party fraud (identity theft) accounts for over a third (37 per cent) of all fraud cases uncovered in the last six months of 2013, up 2 per cent on the previous period in 2012. The Index also suggested that the industry is continuing to make headway in tackling first party fraud, with nearly two-thirds of detected fraud cases (63 per cent) accounting for first party fraud, similar to the same period the previous year (65 per cent), as the industry invests in better fraud prevention systems.

Nick Mothershaw, UK&I director of identity & fraud at Experian, says: “The financial services industry continues to make headway in the fight against fraud, with the amount of fraudulent cases being detected and prevented on the rise and in some sectors of the industry, such as insurance, at an all-time high. However, lenders and consumers should remain vigilant. Although better systems are in place to combat fraud, identity theft still accounts for a high proportion of fraud cases detected showing that identity theft is rife.“As our analysis suggests, fraud is still prominent in major service lines such as credit cards, current accounts and insurance, with credit card application fraud at its highest since 2010. Both providers and consumers can take steps to ensure risk is mitigated. Providers can invest further in the latest fraud prevention systems to protect against individuals misrepresenting their personal information, while also minimising third-party identity fraudsters seeking to open accounts to gain access to more profitable credit products. People should be wary of their personal credit information, especially in the age of social and mobile where personal details may easily be displayed or disclosed, therefore taking every practicable step to avoid becoming a victim to identity theft.”

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing