Card and banking fraud back on the rise again

News by Steve Gold

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.

New figures just released by Financial Fraud Action UK (FFA UK) claim to show that card and remote banking fraud increased during the first six months of 2014.

According to the fraud agency, the intelligence behind the figures reinforces recent trends, which have seen the growth of deception crimes seeking to persuade consumers to part with their personal and financial information, as well as criminals' use of computer viruses. As a result, customers are being warned to be vigilant and be aware of the key warning signs of scams.

The bad news is that online banking losses in the UK reached almost £30m in the first half of 2014, as criminals targeted the accounts of businesses - mostly with phishing attacks - that allow higher-value transfers.

In fact, the FFA UK says that fraud losses on UK cards totalled £247.6m between January and June 2014 - an increase of 15 percent on the same period last year.

Fraud expressed as a proportion of card purchases has remained flat at 7.4p for every £100 spent, the same proportion as the industry reported at the end of 2013.

Losses on remote banking fraud, however, rose to £35.9 million - up 59 percent from the £22.6 million reported in H1-2103 - within this total, online banking fraud losses rose to £29.3 million, up a hefty 71 percent from the £17.1 million reported in H1-2013.

Likewise with telephone banking, where H1-2104 fraud rose to £6.6m - up 20 percent from £5.5m seen in H1-2013.

Business advice

The fraud agency has some good advice to businesses on how to take steps to avoid becoming a victim of remote purchase fraud, which it says has become a major issue in the UK.

Retailers, it says, should ask their bank or card processor about the online protection offered by card schemes, such as Verified by Visa, SecureCode by MasterCard and American Express' 'Safe Key' - which help make transactions over the Internet safer from the threat of fraud.

Retailers should also know their customer, and assess a customer's profile, order and delivery details before accepting a transaction, as well as being wary of high value or unusual orders from customers you do not know, particularly if the product is easily resalable.

The FFA UK says that businesses can also use the banking industry's Address Verification Service (AVS), which compares the delivery address provided for the order with the billing address details for the payment card held by the card issuer.

Finally, the fraud agency says that businesses should maintain a record of fraudulent accounts and transactions to prevent further breaches, as fraudsters will continue to attack businesses until the window of opportunity is closed.

Keith Bird, UK managing director with Check Point, said that his firm's 2014 security report found that 88 percent of financial institutions experienced at least one data breach last year - which is consistent with the FFA UK's analysis of the rise in online banking fraud.

"Our report also showed that organisations sent sensitive data outside the business once every 49 minutes, with 33 percent of those incidents including credit card data or account numbers," he said.

Large organisations

Mark James, a security expert with ESET, meanwhile, said that, with the ever-increasing amount of data being stolen from large organisations it is inevitable that this information will be used in the many  scams we so often hear about.

"More and more people are being targeted with a highly alarming amount of factual data in these cold-calling type scams. Scammers often will ask for you by name, confirming your address details and other data including bank details or personal information they have found online," he said.

"This immediately tricks the victim into a false sense of trust. Once this relationship is established it is just a matter of time before the scammer is able to trick the victim into giving them more information; either to confirm who they are or to verify details that have been compromised," he added.

According to James, these details are then used for identity theft or criminal activities.

In the case of cold phone calling, he explained, it is far too easy once trust is gained to "show" you areas of concern or supposedly infected machines that require their anti-virus solution to solve the problem.

"However, once it is installed it will harvest your private data and send it to servers online for later use. I believe the effectiveness of how successful these attacks have become is largely down to the amount of data stolen and circulated on the Web," he said.

So how can you protect yourself?

James says that all cardholders need to remember that Microsoft and other large companies will never call you out of the blue to fix your computer; unless you have contacted them first, it is a fake call.

Your bank, he adds, will never ask for your full password or security codes online.

"If you're concerned about the authenticity of the call then ask for details, explain you will contact them, go get a number you trust and call them back yourself. If they are truly concerned about your security they will understand. Please be very wary of anyone coming to your door and asking for payment or about giving them private information," he said.

"Take their details and verify by phone who they are before letting them in. Better still turn them away and visit your bank or financial institute in person. Lastly, always keep an eye on bank statements: often small amounts of money are taken first to test your card to see if it works," he added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews