A decline in the amount of card fraud is a positive, but UK cardholders should remain vigilant.
Figures released by the UK Cards Association showed that total fraud losses on UK cards fell by 28 per cent between 2008 and 2009 to £440.3 million – a decrease of £170 million on the previous year's total.
However online banking losses totalled £59.7 million in 2009 – a 14 per cent rise on the 2008 figure. The association claimed that the increase is largely due to criminals targeting vulnerabilities in customers' PCs, rather than the banks' own systems. It also found that there were more than 51,000 phishing incidents recorded during 2009 – a 16 per cent increase on the amount seen in 2008.
Melanie Johnson, chair of the UK Cards Association, which represents UK credit and debit card providers, said: “The cards industry sees fighting fraud as a key part of keeping its customers' interests centre-stage. We are committed to a wide range of measures to ensure customers feel confident, safe and secure when they use their credit and debit cards - whether in a shop, abroad, online, at a cash machine or anywhere else.”
Johnson claimed that a fall in card fraud is good news for consumers, retailers and the industry, and it remained determined not only to continue to prevent, detect and deter those who are behind this type of crime, but also to make sure that innocent victims do not lose out.
Commenting on the figures, Steve Brunswick, strategy manager at Thales Information Systems Security, said that the figures did show ‘some good news but also highlight areas where there is room for improvement'.
He said: “Many banks rely on backend analytics to protect their customers from online banking fraud, and while this certainly plays an important part in protecting them, relying on backend analytics without strong authentication of users is like installing a burglar alarm but leaving the front door wide open.
“We have all heard the complaints that it's inconvenient having to have a card reader to hand to do online banking, but other forms of two-factor authentication are now surfacing that help overcome this hurdle. Mobile phone-based two-factor authentication, for example, is an effective alternative because most people carry their mobile phone with them pretty much all of the time.”
Sarah Blaney, card fraud expert from life assistance company CPP, agreed that while these latest industry stats may be good news for the banks and customers, fraudsters are not going to simply disappear over night.
She said: “They will be looking for the next easy target and the increase in online banking losses is the result of over 51,000 different phishing emails targeting people's financial and personal information. A new category of phone banking losses has also been included for the first time as criminals look to target consumers directly, bypassing the banks security systems, which are very hard to penetrate.
“It's vital that consumers don't become complacent and that they put processes in place to reduce their chances of falling victim. Cardholders need to remain vigilant by checking their statements regularly, ensuring that they never let their cards out of their sight and only using trusted sites when shopping online.”
Stephen Howes, CEO of GrIDsure, said that he felt the level of online banking fraud across the UK is still shockingly high, and one of the reasons for this is that banks are still relying on fixed passwords and PINs for online banking.
He said: “Measures such as ‘MasterCard Secure Code' and ‘Verified by Visa' are going some way to protect customers but are all still based on the user having a fixed code, so if the customer falls victim to a phishing attack they are left completely exposed.
“It is also important for the industry to wake up to the fact that many customers use the same username/password combination for their bank accounts as they do for their email and social networking login, so it needs to adopt more innovative methods that stop fraudsters in their tracks and render stolen login details worthless, no matter how or where they are acquired.”
Mel Morris, CEO at Prevx, believed that online fraud is up for many reasons, including the availability of a banking fraud kit online for a few thousand pounds. He said: “These kits allow the purchaser to target PCs anywhere in the world and infect them with a powerful information stealing Trojan (or bot), which monitor all internet activity, recording everything and anything entered or displayed by someone browsing the web.”