The finance industry prevented £820 million of unauthorised fraud in the first half of 2019, which is up 14% on the previous year. That’s according to the latest figures from UK Finance. This is equivalent to £2 in every £3 of attempted unauthorised fraud being stopped, or £4.5 million of fraud being prevented per day.
Over the same period, £408 million was stolen by criminals through unauthorised card, remote banking and cheque fraud. In addition, £208 million was lost to authorised push payment scams (more of which anon), whereby customers are tricked into authorising a payment to an account controlled by a criminal.
The compromise of personal and financial data remains a significant driver behind fraud losses. Customer details are being stolen through data breaches at third parties outside the financial sector, while sophisticated “digital skimming” attacks are being used to steal card data when consumers are shopping online.
Criminals also continue to use social engineering techniques in order to trick customers into divulging their personal information or transferring money.
Katy Worobec, managing director of economic crime at UK Finance, said: “Not only does fraud have a devastating impact on victims, but the money stolen goes on to line the pockets of organised criminal gangs involved in drugs, arms and human trafficking. The finance industry is constantly investing in advanced security systems to protect customers from this threat, while helping law enforcement to apprehend and disrupt the criminals responsible.”
Worobec continued: “A new Authorised Push Payment Scams Voluntary Code was introduced in May that has significantly improved consumer protections from authorised push payment scams, with signatory firms committed to reimbursing victims providing they’ve met certain standards. However, criminals are continuing to exploit vulnerabilities outside the financial sector to obtain customers’ data that’s then used to commit fraud. All of us, including online retailers and social media companies, have a responsibility to work together to beat the fraudsters and keep customers’ data secure at all times.”
The data published by UK Finance covers both unauthorised and authorised fraud.
In an unauthorised fraudulent transaction, the account holder themselves doesn’t provide authorisation for the payment to proceed and the transaction is carried out by a third party. Customers are legally protected against losses caused by unauthorised fraud. Industry research indicates that customers are fully refunded in over 98% of unauthorised fraud cases.
Total losses due to unauthorised fraud across payment cards, remote banking and cheques in the first half of 2019 were £408 million. This is an increase of 2% compared to the first half of 2018, but a drop of £36 million compared to the second half of 2018.
Included within the overall total are the following:
*Losses due to unauthorised transactions on payment cards increased by 2% to £313 million. The industry prevented £488 million in attempted unauthorised card fraud, which is 3% less than in the first half of 2018. Three-quarters of card fraud losses (£237 million) were due to remote purchase fraud, where stolen card details are used to buy something online, over the phone or via mail order
*Losses due to unauthorised remote banking fraud totalled £66 million, which is 28% lower than in the first half of 2018. This category covers unauthorised fraud through Internet banking, telephone banking and mobile banking. Banks prevented £130 million of attempted unauthorised remote banking fraud
*Cheque fraud losses rose to £29 million. That’s an increase of almost eight-fold compared to the first half of 2018. Intelligence suggests this increase was largely driven by a number of high-value transactions targeting business accounts, with personal customers only accounting for a small fraction of total losses. Over £202 million of attempted unauthorised cheque fraud was prevented. That’s an increase of 172% compared to the first half of 2018
*There were a total of 1,385,447 cases of unauthorised financial fraud
Authorised push payment scams
In an authorised push payment (APP) scam, a customer is duped into authorising a payment to another account which is controlled by a criminal.
The APP scam data for the first half of 2019 shows:
*A total of £208 million was lost through APP scams, split between personal (£147 million) and business (£61 million) accounts
*In total there were 57,549 APP scam cases split between personal (53,475 cases) and non-personal (4,074 cases) accounts
*Financial providers were able to return a total of £39.3 million of the losses to victims, split between personal (£25.6 million) and business (£13.6 million) accounts
Investment scams accounted for the largest proportion of losses among personal customers, with £41 million lost to this type of fraud (or over £12,200 per case). Purchase scams remained the most prevalent form of APP fraud, accounting for almost two-in-three (65%) of all cases targeting personal customers.
When a customer authorises a payment to be made to another account, even if they’re tricked into doing so, current legislation means that they have no legal protection to cover them for the losses – unlike an unauthorised transaction. However, an industry Authorised Push Payment Scams Voluntary Code that came into effect on 28 May 2019 has introduced new consumer protections against APP scams. Firms who’ve signed up to the Authorised Push Payment Scams Voluntary Code have committed to reimbursing the victims of these scams, provided the customer has met the standards expected of them under the code.
Increased public awareness
UK Finance only began collating data on APP scams from 2017 onwards. Losses due to APP scams in the first half of 2018 totalled £148 million across 34,129 cases. The new data published isn’t directly comparable to these figures as two additional banks began reporting the data to UK Finance from early 2019.
In addition, intelligence suggests that increased public awareness in the build-up to the introduction of the Authorised Push Payment Scams Voluntary Code has resulted in an increase in reporting by customers who fall victim to this type of fraud. Data on reimbursements made under the Authorised Push Payment Scams Voluntary Code are due to be included in UK Finance’s Annual Fraud Report for 2019, which is currently scheduled to be published in 2020.