Yesterday UK Finance, the UK’s industry trade body, published its annual report into the UK’s payment industry fraud, Fraud the Facts 2019.
The report reveals that in 2018:
- Criminals stole £1.2 billion through fraud and scams:
- Unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £844.8 million, an increase of 16% compared to 2017
- Authorised push payment scams resulted in gross losses of £354.3 million.
- Banks and card companies prevented £1.66 billion in unauthorised fraud, equivalent to £2 in every £3 of attempted fraud being stopped
- Remote banking fraud losses, made up of internet banking, telephone banking and mobile banking, was down by 2%
- But mobile banking fraud specifically increased 20% from 2017
- The theft of personal data through data breaches and social engineering attacks was a major contributor to fraud losses
- Cases of card ID theft, made up of card application fraud and card account takeover fraud, increased by 119%
Sam Bakken, senior product marketing manager for US-based OneSpan, offered perspective on the findings:
“With a colossal £1.2 billion in losses, it’s undeniable that fraud still poses a major problem to banks and financial institutions. But it’s not all doom and gloom. Fraud prevention technology, including innovations in adaptive authentication, biometrics and behavioural techniques, enhanced by AI and machine learning, has seen huge improvements over the last year, so it’s certainly encouraging that banks stopped two-thirds of unauthorised fraud attempts in 2018.
For banks and financial institutions, the report offers food for thought on two accounts.
Firstly, given the explosion in mobile banking, the increase in this type of fraud is perhaps not wholly surprising. However, mobile threats will only become more dangerous, so banks and financial institutions must ramp up their efforts in securing the mobile channel, with the likes of mobile app shielding technology to secure and proactively protect individual banking apps.
Secondly, regular data breaches that expose personally identifiable information across the web are a major contributor to fraud losses. However, we’re seeing huge developments in the methods used for verifying the identity of someone conducting remote digital transactions. For example, more and more banks are implementing risk analytics, that analyses thousands of transactions in real time, alongside device, geographical and behavioural data, to build up a profile for a customer to identify potentially fraudulent transactions. So, whilst third party breaches may be out of a bank’s control, they have the ability to better detect the types of fraud made possible with compromised data.
As any business might, cybercriminals decide where to spend their time and effort based on the return-on-investment. As banks get better at identifying fraud in the telephone and web banking channels, as the report data suggests, a criminal’s level-of-effort must increase and their revenue opportunities decrease. So, this data suggests criminals are making an economic decision to pursue what are typically softer targets — mobile banking apps for example (mobile fraud having increased 20 percent over 2017).
Banks need to respond in kind to attackers’ allocation of resources and make investments of their own. This includes mobile app shielding technology that provides pro-active defense against increasingly innovative mobile threats and malware without interfering with the user experience unless absolutely necessary.
In addition, gaining more visibility into mobile users’ devices and behavior through behavioral biometrics and other contextual data also helps shore up a bank’s defenses against mobile fraud.”