With more than a million cases of card, cheque, phone or online fraud recorded in the first six months of 2016 – one every 15 seconds, FFA UK has found that the rate of fraud in the UK payments industry is accelerating, from £755 million in 2015, itself a 26 percent rise over the previous year, soaring by 53 percent in the first six months of this year. Phishing, and vishing (phone and text based scams) are the focus of concern for the FFA UK in its Take Five campaign (advising caution before responding to information requests from their bank) to protect businesses and consumers.
Katy Worobec, director of FFA UK said in the report that banks stopped £7 in every £10 of attempted fraud – though of course that means that by value, thirty percent of such frauds are successful.
Home Office security minister, Ben Wallace is supporting the initiative and adds in the review that,” the Government is working closely with law enforcement and the banking sector through the Joint Fraud Taskforce to take action to stop the organised criminals behind financial fraud.” And Ian Dyson, commissioner, City of London Police, which is the national policing lead for fraud said in a press statement: “Fraud and cyber crime account for nearly half of all crime according to the British Crime Survey and this campaign is aimed at giving people the confidence to think before they act. Pausing for that short moment and asking ourselves, is this the safe thing to do, will go a long way to thwarting the fraudsters that prey on peoples trusting nature.
Rob Norris, director Enterprise & Cyber Security EMEIA at Fujitsu commented in an email to SCMagazineUK.com, “It's sad but unsurprising that payments fraud has grown significantly in the last year. Financial fraud offers a lucrative source of income for cyber-criminals, totalling £755 million in 2015 in the UK alone. Cyber-criminals have grown in their sophistication, exploiting the human interest factor by posing as banks or suppliers and then duping consumers into revealing their personal details. These scams have also proved effective in targeting commercial organisations, as senior executives are tricked into revealing sensitive information which enables access to a company network.
Norris advises, “To combat these types of attacks, consumers should always report emails to their banking provider. No legitimate organisation will ask for security or banking details so consumers need to be suspicious of any email that requests this information. It's also important for consumers to use a password manager to generate and manage secure passwords or use the built in password manager in iOS or OSX.”
David Webber, managing director of Intelligent Environments, also emailed SC and adds, “...with almost five million people being forced to cancel their bank cards in 2015 as a result of cybercrime.... This shows that every single day consumers are being impacted by cyber-crime. There is not a single solution to this challenge but there needs to be more consumer education and adoption of the full range of security technologies that are currently available.
Webber reports his own company's research shows that, “consumer education is poor with 19 per cent of British bank users saying they have a limited understanding of how to stay safe online and more than a quarter (30 percent) said they would like their bank to offer them more advice on how to stay safe online.
He adds, “Our research shows that over half (58 percent) of people are ready to ditch their passwords in favour of biometric security measures, while two thirds of consumers (69 percent) would like their banks to put more security measures in place. ...passwords and PIN numbers are simply the perimeter defences. Banks need to make sure their internal systems are able to detect and neutralise threats in real-time. Financial services' security needs to evolve by using technology that can anticipate and understand the difference between typical user behaviour and criminal behaviour so they have the capability to cope with threats in real-time.”
In an email to SC Brian Spector, CEO at MIRACL, comments: “Given the current state of security in the payments industry, it's inevitable that the number of cases of financial fraud has risen so dramatically in the past year. As the payments market has become more open, with a plethora of third party applications now sitting between banks and their customers, it has become paramount to accurately verify the identities of people accessing the data and systems involved. Fortunately, this is something that is addressed by the revised Payment Services Directive (PSD2), which will make online payments safer for businesses and individuals. In the meantime, customers should take every opportunity to protect their personal and financial data, such as enabling multi-factor authentication when it is offered, and not reusing passwords across multiple accounts.”
Companies can also help by using the latest tools to improve their PCI compliance says Dave Cole, chief product officer, Tenable Network Security who emailed to say, “Organisations, from big retailers to credit card payment processors, are targeted daily by cyber-criminals because of the large amount of sensitive data passing through their networks and point-of-sale systems.” “Retailers can minimise the likelihood of a breach by integrating continuous PCI compliance monitoring into their overall security strategy, but too many organisations view PCI as a burden and treat compliance like a once-a-year project.”