The banking sector was named the most trusted overall by UK consumers in a recent study into digital trust by LexisNexis Risk Solutions. Banks got the highest share of votes (86%) from consumers when asked which sectors they most trust overall, and nearly two-thirds of UK adults (60%) said they trust banks most to keep their personal details safe online. 

Moreover, banking stands head and shoulders over other sectors – around twice as likely to be trusted with people’s personal details than the police or the government and more than three times as likely as online retailers and TV streaming platforms.

That said, there are generational differences. For example, 70% of those aged 55+ trust the banking industry most, compared with less than half of Gen Z – those aged 16-24 – who are far more accommodating of newer and online-only fintechs and challengers. This was borne out in the fact that nearly three-quarters (72%) of Gen Z said they trust social media companies overall, compared to less than half of those over 55s. The same group also trust messaging apps, investing services and gaming providers more than they trust the government. And most notably, they trust TV streaming services, more than they trust their bank.

On one hand, this is great news for banks and validation of the billions of pounds invested over the past 10 years on technology to strengthen fraud defences and improve security and authentication. However, it also reveals the trusting nature of the digitally native younger generations – 79% of whom, for example, admit to sharing TV streaming service passwords – and by proxy, the wider challenge facing banks in the fight against fraud.

As we’re all too aware, fraud continues to grow in the UK. The latest fraud statistics from UK Finance show almost 200,000 Authorised Push Payment (APP) scams were reported last year, with net losses up 39%. APP fraud now represents close to half of all fraud, driven in large part by social engineering scams.

Impersonation fraud uses people’s misappropriated personal information to gain their trust and, combined with some convincing bravado, manipulate them into making payments or handing over control of their accounts. APP fraud is the hardest fraud to detect and prevent because it’s perpetrated through the genuine customer themselves, using their normal device – to all intents and purposes, nothing looks suspicious.

The fact is, fraudsters only need a few key details to commit fraud, for example, the name of the bank, the day of the month a Direct Debit is paid and the last four digits of a payment card. And they don’t have to compromise bank-level security to obtain them either.

Broadly speaking, the scam process starts around five steps back from the financial sector. Phishing or smishing attacks harvest victims’ login credentials – username and password combinations – before testing them on an industrial scale via sophisticated bot attacks. Our Cybercrime Report shows around 1.6 billion high-velocity bot attacks taking place in just the second half of 2021, targeting sectors with less robust controls, including the communications, mobile and media services (CMM) sector – which saw attack volumes soar by 894% - as well as e-commerce and gaming companies. Password reset attempts are another growing route to gaining control of victims’ accounts - our analysis shows one in eight reset requests is now a suspected fraud attempt. Once the credentials are validated, it’s an open door for fraudsters to harvest the details they need to establish credibility when attempting to social engineer their victim.

To tackle this fraud, the logical solution must therefore be to starve the fraudsters’ supply of information – without which they lose the advantage. Applying strong customer authentication protocols akin to PSD2 measures to the most targeted sectors, like communications and telecoms, would significantly improve account integrity. 

Combined with more effective cross-industry collaboration and information exchange, this could result in a quantum leap forward in fraud prevention. Cross-institutional intelligence sharing of fraud risk indicators and alerting mechanisms is already proven to be a powerful anti-fraud tool, as our own Digital Identity Network attests. The challenge now is to work hand in hand with the regulators and government to loosen the restraints that will open up collaboration even further and create a watertight online ecosystem that keeps the door firmly shut to fraudsters. 

The incentive is clear for all sectors operating online services. No sector or organisation wants to deal with the reputational fall-out of being identified as a third-party enabler of fraud, due to failing to suitably protect the integrity of its customers’ accounts and allowing a flow of misappropriated information upstream towards the financial services sector. It’s time for the private sector to take collective responsibility and recognise that fraud is a shared problem. 

As we say at LexisNexis Risk Solutions, you have to be a network to fight a network. So, let’s be a network that benefits from global shared intelligence and work together to keep these pernicious scams in all their forms, at bay.