Financial fraud losses across payment cards, remote banking and cheques totalled £768.8 million in 2016, the latest figures from Financial Fraud Action (FFA) UK highlight. This represents an increase of 2% on the previous year. The new data also outlines the fact that banks and card companies prevented £1.38 billion of fraud last year, which is equivalent to £6.40 in every £10 of attempted fraud being stopped.
Impersonation and deception scams – as well as online attacks aimed at compromising data – continued to be the primary drivers behind financial fraud losses in 2016. In all of these operational methods, criminals target personal and financial information (including card data) which is then used to facilitate fraud. The full set of financial fraud data for 2016 produced by FFA UK shows the following headline figures and observations:
*Losses due to payment card fraud were £618 million (representing an increase of 9% from £567.5 million in 2015). A total of £982.4 million of attempted card fraud was prevented by banks and card companies, which is equivalent to £6.10 in every £10 of fraud being stopped
*Across 2016, card spending increased by 6%, meaning that card fraud as a proportion of spending equates to 8.3 pence for every £100 spent
*Within the overall card fraud figures, losses on card purchases made remotely increased by 9% to £432.3 million
*Remote banking fraud losses totalled £137.1 million, equating to a 19% decrease from £168.6 million in 2015. A total of £205.4 million of attempted remote banking fraud losses were prevented, which is equivalent to £6 in every £10 of fraud being stopped
*Cheque fraud losses fell by a total of 28% to £13.7 million (the lowest ever annual total). A total of £196.2 million of attempted cheque fraud was prevented. This is equivalent to £9.40 in every £10 of fraud being stopped
*A total of 1,857,506 cases of financial fraud were discovered across the year
Advanced detection and verification systems
Katy Worobec, director of FFA UK, explained: “Banks take the threat of fraud extremely seriously and continuously invest in advanced detection and verification systems to protect their customers. At the same time, criminals continue in their attempts to circumvent this security by targeting customers for their personal and security information. It’s vital that everyone follows the advice of our ‘Take Five’ campaign and safeguards their details.”
Worobec added: “The payments industry cannot stop all fraud on its own, so it’s essential that every organisation with a role to play unites to tackle this issue. In particular, we’re working with law enforcement and Government through the Joint Fraud Task Force. It’s also vital for any organisation holding personal data to ensure they have robust systems in place in order to prevent data breaches.”
In addition, Worobec stated: “Across the industry, and with the support of key partners, we’re developing new processes to help the police intervene when potential victims visit a bank branch. We’re exploring new ways in which to track stolen funds moved between multiple bank accounts.”
Impersonation and deception scams
FFA UK’s bulletin explains that criminals use impersonation and deception scams to target customers for their personal or financial information, such as passwords, payment card details or bank account information. The criminal purports to be from a legitimate and trusted organisation (such as a bank, the police, a utility company or a Government department) and typically contacts a customer by means of a phone call, text message or an e-mail.
The fraudulent approach may involve a claim that there has been suspicious activity on an account, that account details need to be ‘updated’ or ‘verified’ or a refund is due. Intelligence suggests there has been an increase in more sophisticated phishing e-mails purporting to be from major online retailers and Internet companies, brands which a large proportion of recipients are likely to use.
Backed by every major bank and card company, FFA UK is running the ‘Take Five to Stop Fraud’ campaign to raise awareness of these scams and how customers can protect themselves. Earlier this month, there was a dedicated day of activities in thousands of bank branches across the country as part of the campaign.
‘Take Five’ urges people to guard their personal and financial details and never to assume an e-mail, text or phone call is authentic, even if it includes a reference to some of their basic details. It reminds people to pause and think carefully before responding to any requests for information and not to be pressured into making rash decisions.
Information gained from data breaches also continues to be a driver of fraud. This data may also be used to commit fraud directly. For example, the use of stolen card details to make remote purchases is an ongoing activity.
Robust security systems
FFA UK is urging any organisation that holds personal and financial information to ensure it has robust security systems in place to prevent a data breach. There are a number of tools to build up customer profiles which can be used by retailers who sell remotely, such that cardholders can be verified and payment may be received securely.
Tackling fraud effectively requires a combined response across a range of organisations. FFA UK has a central role in the Joint Fraud Task Force, which is using the collective powers, systems and resources of Government, law enforcement and industry to crack down on financial fraud.
Tony Blake, senior fraud prevention officer at the Dedicated Card and Payment Crime Unit, said: “Fraudsters are often extremely professional, so it’s important that individuals remain alert and guard their personal and financial details. Always take a moment to consider carefully any requests for information and never disclose security details, such as PINs or full banking passwords.”
Blake added: “Criminals will do all they can to scare and pressure you into acting quickly without thinking. Don’t let anyone rush you. If you’re ever the slightest bit unsure, put the phone down or don’t reply to the text or e-mail. Instead, contact the organisation on a telephone number that you trust, such as the one listed on its official website.”
Improving fraud defences
Speaking about FFA UK’s latest statistics, John Marsden (head of ID and counter fraud at Equifax) commented: “Impersonation and deception scams, as well as online attacks to compromise data, dominated the fraud landscape during 2016. The UK is ahead of many other countries in improving fraud defences, but is also subject to a higher number of attacks. There’s no room for complacency. As the tactics of fraudsters continue to evolve at an alarming rate, so businesses need to focus on how they can keep up. Members of the financial services industry in particular need to continue working together to educate consumers and share information in helping to collectively tackle this activity, while also constantly improving their systems to both safeguard consumer personal data and implement appropriate steps designed to confirm transactions are indeed being completed by genuine customers.”
Marsden went on to comment: “Losses from payment card fraud totalled no less than £618 million, which is up 9% from £567.5 million in 2015. This increase reflects the fact that fraudsters and scammers are becoming increasingly bold in their activity, while customers continue to be the victims of phishing scams, deception and hacking. Businesses are also firmly in the sights of these sophisticated criminals, as evidenced by Big Data breaches that took place between July and December last year. The criminals who steal this data then sell it on to fraudsters via The Dark Web, in turn creating more opportunities for unlawful activity.”
In conclusion, Marsden informed Risk UK: “While some businesses are taking a more serious look at biometrics, there’s scope for more investment in technology like this which would provide the necessary barriers to discourage the fraudsters. Although remaining ahead of the fraudsters isn’t easy, businesses should do all they can to make any attempts at fraud by criminals as difficult as possible.”
Chief Superintendent Dave Clark, head of the Economic Crime Directorate at the City of London Police, observed: “These financial fraud figures from FFA UK show the sophisticated methods in which the banking industry has invested to not only identify the threat, but also prevent it. The statistics show that banking prevents £1.38 billion from ending up in the hands of criminals. The evidence we see from fraud victims reporting to Action Fraud is that criminals look for the weakest link in data and cyber security. Other industries need to invest more time, effort and resources into ensuring they identify and prevent the growing threat posed by fraud and cyber crime.”
According to Clark, the potential damage to a business from such crimes “cannot be underestimated” with some businesses failing due to crimes that could have been prevented.
“As these figures indicate,” concluded Clark, “more can be done by industry, Government and policing alike when it comes to preventing fraud. With nearly half of all crime now either fraud related or energised in the cyber realm, all of us need to ensure that we make the UK a hostile place for fraudsters to operate.”