The latest card payment fraud losses for 2011, released today by Financial Fraud Action UK, an umbrella group that includes the UK Cards Association, Fraud Steering Control Group and Cheque & Credit Clearing Company, show that debit and credit card fraud in the UK fell to £341 million last year, a ten year low. The figures contradict somewhat the separate CIFAS UK Fraud Prevention Service, however, which showed that non-card fraud is rising in the UK increasing by 9% last year according to its Fraudscape report published on 6 March, which references figures first revealed in late January in its annual 2011 assessment of identify fraud losses.
CIFAS, comprising of the major credit reference agencies in the UK such as Experian and CallCredit, plus the banks, also revealed a 35% rise in attempts to manipulate bank accounts using identity fraud, with loans being targeting by ID fraudsters going up by 58%.
The increase in CIFAS fraud figures is consistent with tough economic times in the UK, which normally coincide with a rise in scams, but the trend also reflects to move into more sophisticated identity-based attacks against bank and financial services customers. The fall in the latest Financial Fraud Action UK card figures perhaps reflects this shift away from card-based fraud, although with the rise of online shopping the threat in this sector still remains very real.
The seven per cent fall in UK card fraud figures to £341 million in 2011 from £365.4m the year before and a whopping £609.9m in 2008, also reflects the hard work the industry has put into a number of initiatives to fight the problem such as chip and PIN and the MasterCard SecureCode and Verified by Visa online transaction password schemes. Online banking fraud losses fell 24% from £46.6m in 2010 to £35.4m last year.
Other improvements in anti-card fraud measures have also contributed to the downwards trend, such as improved consumer education; better behaviour-spotting fraud detection software at banks and retailers; and improved sharing of fraud data and intelligence among financial institutions and legal bodies like the Dedicated Cheque & Plastic Crime Unit. DCI Paul Barnard who heads up the industry-sponsored police squad, does warn though that, “as technological advances have made our payments more secure, we’ve seen a spike in more simplistic crimes”, citing the increases in cheque and telephone banking losses, which respectively rose by 17% and 32% to £34.3m and £16.7m during 2011. “Many scams involve customers being conned into handing over their cards and PINs, or their phone banking security details by someone calling, pretending to be their bank or police,” added Barnard. “Our appeal to the public is to be wary of any unsolicited phone calls or emails – never hand over your card and PIN or bank security details in full as neither your bank nor the police will ever ask you for these.”
For more on the Financial Fraud Action UK figures including why you should or shouldn’t beware of visiting the East Midlands, East Anglia and Northern Ireland in the UK, which respectively saw their card fraud losses rise by 21%, 50% and an astonishing 652% in 2011, please click here ... It turns out a number of organisations that accept Card Not Present online transactions are now based in these areas, so the regional variation – all other UK regions fell – can be put down to this.
Commenting on the Financial Fraud Action UK figures, Pat Carroll, chief executive of authentication firm ValidSoft, said that: “Today’s figures show a reduction in card fraud, but, as is often the case, what appear to be encouraging statistics disguise a less reassuring reality. In recent months banks have been taking a far more aggressive approach to transaction declines and in the case of cross-border transactions, on average nine out of ten of declined transactions are in fact legitimate. This is the credit card equivalent of bricking up your doors and windows to prevent burglary – very effective, but hardly a long term solution. This very blunt instrument approach to fraud reduction may reduce absolute fraud, but it also causes widespread consumer dissatisfaction and costs the banks highly in lost revenue and administration costs.
“Rather than simply basing their decisions as to whether to accept or decline a card transaction using historic data and behaviour spotting patterns on customers, banks should use complementary technology which enables them to anonymously make accurate assessments of the real time situation of their customers,” he added. “This way not only is fraud reduced, but customer satisfaction is maintained at the same time.”
Reaction & analysis
Commenting on the separate CIFAS figures, Gary Clark, the EMEA vice president of security vendor SafeNet, warned that “as hackers adopt more sophisticated methods to target social data and online transactions, financial institutions need to make sure that their data security strategies are evolving at the same pace, or even faster.”
“There is no excuse for organisations not to adequately protect consumer data as proven solutions are available,” he added. “Banks can add additional layers of security by encrypting all user data and ensuring One Time Password (OTP) security keys are stored outside the data centre. By combining multi-factor authentication with strong data encryption, organisations will be able to significantly reduce banking fraud and ensure that only the right people have access to sensitive information.”
Of course, if you believe that fraud is actually going down, as the latest card figures from the Financial Fraud Action UK body show, then you may not need to worry so much about installing expensive vendor security systems, as SafeNet suggest you should. Problem is though that fighting fraud is a constant arms race between the ‘poacher and the gamekeeper’ so if investment in systems, such as Verified by Visa or the myriad of other future solutions like Dynamic Data Authentication cards, does fall off then you can expect card fraud losses to rise once again. As ever, the ratio of risk versus reward in moving consumers onto digital systems is a constant calculation.
“Yesterday’s fraud figures released by CIFAS highlight how banks need to be utterly vigilant in guarding against identity and transaction fraud," said Barrie Neill of SAS UK's retail banking division. "Banks’ need to make a decision as to whether a transaction is fraudulent or not in a split-second. If a bank approves a fraudulent transaction it faces losses from the fraud itself and the cost of managing it, as well as risking regulatory scrutiny, fines and reputational damage. Equally, rejecting a legitimate transaction means the bank foregoes fee income and alienates its customer."
"Big Data Analytics – based on the volume, velocity and variety of data - should be at the heart of a bank’s strategy to subdue the fraud menace. Banks need to score all transactions and not let some slip through on a rules-based approach, and then accept or reject millions of these transactions each day in real-time. In addition, to counter increasingly sophisticated fraudsters, they need to continually monitor fraud and change algorithms and scoring models in response to changing fraud patterns."