Financial fraud losses totalled £755m in 2015, according to figures from Financial Fraud Action UK (FFA UK). That’s a 26 per cent increase on the previous year, the trade body says. The data highlights according to the FFA UK the increasing threat posed by impersonation and deception scams, beside the growth in sophisticated online attacks such as data breaches and malware.
Bank and card company security systems detected and prevented a total of £1.76 billion of fraud from occurring in 2015, the trade body adds. The 2015 financial fraud figures suggest:
• Fraud losses on UK payment cards totalled £567.5m in 2015, an 18 per cent increase from £479m in the previous year. A total of £843.6m of attempted card fraud was prevented by banks and card companies – equivalent to £6 in every £10 of fraud being stopped.
• Over 2015, card spending increased by 7 per cent, meaning card fraud as a proportion of spending equates to 8.3p for every £100 spent.
• Remote banking fraud losses totalled £168.6 million, a 72 per cent rise from £98.2 million in 2014. A total of £524.6 million of attempted remote banking fraud was stopped by bank security systems, equivalent to £8 in £10 of fraud being prevented.
• Cheque fraud losses totalled £18.9m in 2015, a 6 per cent fall from £20.2m in 2014, and the lowest ever annual total. A total of £392.8m of attempted cheque fraud was prevented by bank security systems, equivalent to £9.50 in every £10 of fraud being prevented.
The full figures, including breakdowns by fraud type, are available in the statistical bulletin.
Katy Worobec, Director of Financial Fraud Action UK, said: “Banks work extremely hard to protect their customers, using highly sophisticated security systems which stopped 70 per cent of attempted fraud from occurring last year. Any increase in fraud is unwelcome but the industry is continually evolving its response to fraud as it develops. This includes investing in new detection and verification tools, working with law enforcement and educating customers of dangers.
“With the continued rise in impersonation scams and data breaches it’s vital that all customers are alert to the dangers. Everyone should be very cautious about giving out personal or financial information, and organisations holding data need to do all they can to protect people’s private details.”
Detail
FFA UK point to three factors:
Impersonation and deception scams in which criminals approach customers claiming to be from a trusted organisation, such as a bank, the police, a utility company or a government department. The criminals aim to obtain personal and financial details that will then be used to commit fraud. These scams often involve a phone call, text message or email claiming there has been suspicious activity on a customer’s account or that their account details need to be ‘updated’ or ‘verified’. Criminals also attempt to trick people into transferring money directly to them.
Criminals’ use of information gained through data breaches. There have been several high profile breaches reported in 2015, as well as many other smaller-scale attacks. The stolen data is used to commit fraud directly, for example using stolen payment card details online to commit remote purchase fraud. Other information obtained through a breach may be used in impersonation scams, while the publicity around the incident itself can be used to add authenticity to the scammers’ approach.
The use of malware [malicious software which is unknowingly downloaded onto a computer] and phishing emails to compromise customers’ security and personal details.
FFA UK is urging customers to be vigilant of any unsolicited phone calls, text messages and emails and to be extremely cautious about giving out any personal and security information unless absolutely sure they know who they are dealing with. Customers are reminded that their bank or the police will never call them to ask for their online banking passwords or 4-digit card PIN, or to transfer money to a new account for fraud reasons. With fraudsters using stolen information gained through data breaches to commit fraud and aid deception scams, FFA UK is also urging all organisations that hold personal and financial data to improve their security systems in order to prevent data breaches. FFA UK is also reminding retailers selling remotely that there are a number of tools they can use to build up a profile of their customer, verify the cardholder and ensure they receive payment securely.
Tony Blake, senior fraud prevention officer for the Dedicated Card and Payment Crime Unit, said: “Criminals will do all they can to make their approach seem genuine, so it’s important to be vigilant. Don’t take someone at their word – people aren’t always who they claim to be, even if they know a bit of information about you already. If you receive a call, text or email out of the blue asking for your personal information, hang up the phone and do not reply directly. Instead, wait five minutes and ring your bank to alert them to the scam, using a phone number that you trust – such as the one on the back of your bank card or from the official website.”
Comments
Matt Peachey, Vice President and General Manager, EMEA, Pindrop, said: “Phone security has traditionally been overlooked as organisations have focused on their cyber defences. If you think about how online security has matured in the last decade, this line of defence has grown stronger as attacks have become more sophisticated. Phone security to date however has lacked the innovation, education and sophistication needed to protect customers and subsequently has become the weakest line of defence. Fraudsters are proving successful as they use cross channel tactics to commit these attacks. Without the right authentication and fraud detection in place, consumers and organisations will continue to get duped, particularly as the boundaries between phone and online continue to blur.”
John Lord, MD of identity data intelligence firm GBG, argues that we actually need more personal data to combat rising fraud. “As instances of fraud increase, so too does the butterfly effect it creates. The impact of a single fraud can be felt by the individual or business long after it has taken place. When your ID is stolen your details are compromised and are very likely to be blocked by the organisation involved. But if that happens to be your bank account, what happens to your recurring payments, subscriptions or even your credit history? Putting a complete stop against your identity data can sometimes cause more harm than good, such as inadvertently defaulting on a mortgage payment.
“It’s therefore vital that organisations take a wide-ranging view of identity to ensure those impacted by fraud do not experience additional problems because their account is blocked. If someone who recently experienced a card fraud is attempting to make payments to an online retailer for instance, the organisation should be able to request additional, uncompromised personal information in order to authenticate the customer, rather than simply stop the transaction entirely. In the battle against fraud, we actually need access to more personal data – not less. Otherwise how can you validate that what you have been told by the customer is authentic?
“Data is a force for good; it’s a big part of the solution to combating fraud and cybercrime. By having an open and transparent data exchange between consumers and organisations, it actually means there is more ‘good’ data in circulation. This can then be used to provide accurate insights and intelligence that will help stop the increasing number of bad guys in their tracks.”
