New figures released today (12 March 2013) show that a return amongst criminals to traditional methods of fraud, such as low-tech deception crimes, has led to increased fraud losses borne by the banking industry. Experts have highlighted the impact of improved security features, such as Chip & PIN and more sophisticated detection tools, which have driven criminals to resort to deceiving consumers into such things as parting with their own cards, PINs and financial passwords. The industry has responded by re-doubling efforts to re-educate and encourage consumers to protect their details, with targeted campaigns being delivered to reach specific groups of customers who are at higher risk of being approached.
Fraud losses on UK cards totalled £388 million in 2012, showing a 14% increase from total fraud losses of £341m in 2011. This increase follows three years of significant decreases (2012 losses of £388m versus 2008 losses of £610m when fraud was at its peak, representing an overall decrease of 36%) with fraud dropping to a ten-year low in 2011. Efforts by the cards industry to enhance the security of payment systems has delivered substantial falls since fraud peaked in 2008.
Interrupting this decline, new fraud intelligence has shown that the 2012 rise was driven by crude scams designed to bypass security systems by duping consumers into handing over their own cards and PINs. This includes distracting people in shops and bars, or shoulder surfing at cash machines and then stealing customers’ cards without them noticing, or even tricking them into handing over their card details on their own doorstep. Another major factor has been UK cards being compromised and used in countries where security levels are lower than in the UK, for example where those countries have not yet moved to Chip and PIN.
Losses on Card-Not-Present transactions (those conducted online and over the telephone) rose by 11% in 2012, but this needs to be seen in the context of the sharp 18% increase in card spending on the internet (reaching £63bn) over the last year.
Despite the overall 2012 increase, the chances of becoming a victim are still low: the amount lost to fraud as a proportion of the amount we spent on our cards represents only 7p of losses for every £100, which is down from 12p per £100 recorded in 2008.
In response, the card payments industry has reiterated its message to consumers that banks and the police will NEVER phone or email customers to ask them to disclose their PIN. Activity has also been undertaken by officers at the industry-sponsored Dedicated Cheque and Plastic Crime Unit (DCPCU) to demonstrate to customers the importance of shielding their PIN at cashpoints. A checklist of ways in which consumers can protect themselves from these forms of deception is provided following the detailed break-down of fraud figures.
Online banking fraud rose 12 per cent to £39.6m from £35.4m in 2011. This increase has been largely driven by fake websites which have tricked consumers into giving away their online banking login details.
These ‘phishing’ emails and sites, which were on the rise for most of 2012, are set up by criminals to trick vulnerable customers into believing they are communicating with their bank or building society. Evidence shows that online banking customers are also being tricked into divulging their login details, passwords and other personal data over the phone to someone they believe is from their bank but is actually a fraudster.
In response, the industry is working with the Serious Organised Crime Agency (SOCA), the Police Central e-crime Unit (PCeU), overseas law enforcement agencies, technology companies and Internet Service Providers (ISPs) to detect and close down phishing websites. Encouragingly, sustained police attention has led to phishing incidents falling significantly during the final quarter of 2012. Alongside this, the introduction of online banking password-generators has had a notable impact in enhancing security.
Telephone banking fraud losses fell to £12.6m in 2012 from £16.7m in 2011 (a decrease of 25%). This reduction reflects the success of procedures used by banks to confirm customers’ identity, but has led to criminals focusing their efforts on fraudulently accessing accounts online rather than over the phone.
The effect of these two sets of figures is that the combined total net remote banking (online and telephone) fraud losses for 2012 are flat.
Cheque fraud losses rose 2 per cent to £35.1m in 2012 from £34.3m in 2011. The rise can be attributed to fraudsters stealing genuine cheques and altering the payee name or using details from genuine cheques to create counterfeits. This new figure represents a decrease when compared to a peak in 2008, when losses were 16% higher. The overwhelming majority of this type of fraud is stopped before the cheque is paid: in fact, 93% of attempted cheque fraud was spotted and prevented during the clearing process in 2012. Law enforcement has also played a major role, with the industry-sponsored Dedicated Cheque and Plastic Crime Unit (DCPCU) having dismantled what is believed to be one of the UK’s biggest counterfeit cheque crime groups, worth in excess of £5 million, last year.
Fraud figures published by the National Fraud Authority (NFA) put these payment fraud losses into perspective. The NFA estimates that fraud in all its guises cost the UK more than £73 billion a year during 2011 – card and banking fraud only accounts for just over half a per cent of this figure. Importantly, regulation ensures that the victims of fraud will be protected against any losses. Recent industry data found that 97% of all claims resulted in a full refund of losses to the customer, a figure which was confirmed by recent research published by Which? magazine which put the figure receiving refunds at 98%.