Losses from UK card and online banking fraud both increased during the first half of the year as phishing attacks spiked and the criminal fraternity turned to old-school deception cons to trick people into handing over their cards and PINs.
We're seeing a significant increase in social engineering and malware. There's not much banks can do to stop their customers being stupid and giving away their PIN or password, but multi-factor along with good analytics should prevent out-of-band attempts
in most cases.
We need to step-up our capabilities on understanding customer behavior in respect to technology use, so we can predict when our customers' accounts are being compromised by fraudulent activity.
Now I'm not clairvoyant, but warning signs pointing to increased fraud losses were buried in last year's results, despite them being the lowest figures in the last five years: £341m. Specifically, there were two exceptions where plastic fraud increased (mail
inception and lost and stolen).
This was a clear signal that the fraudsters were returning back to low-tech methods. Let's not beat up chip and pin here - it's had success. We too readily forget that had we not adopted it, extrapolated losses were expected to rise upwards of £840m. However,
let me continue with the low-tech theme for now.
Counterfeit cheques also showed evidence of increased losses – again the jump from counterfeit cards and cash to cheque should not have been a surprise. Social engineering is a big menace and we should recognise the efforts of industry, trade bodies and
government to educate the customer to be wise to the threats. Ignorance is a real problem and I think the case for contributory negligence against the customer continues to build.
One last thought. I'm just puzzled as to whether all banks are equally impacted or whether we have a few non-performers who might be distorting the statistics. That's something the trade bodies, regulators and shareholders probably need to contemplate.
© Finextra Research 2013