UK card fraud plummets

UK card fraud plummets

Fraud losses on UK cards tumbled by more than a quarter - to £440 million - last year, the first fall since 2006, according to figures from the UK Cards Association.

Overall, UK card fraud fell 28%, or £170 million, between 2008 and 2009. Card not present fraud was down 19%, to £266.4 million while losses from skimming and cloning plummeted 52% to £80.9 million. Fraud on lost or stolen cards, ID theft and mail non-receipt all also fell.

Retail face-to-face losses were down 27% to £72.1 million with ATM fraud down 20% to £36.7 million. Card fraud committed in the UK was down 16% to £317.7 million and fraud abroad - which has risen steadily in recent years because of the introduction of Chip and PIN in the UK - fell 47% to £122.7 million.

The Association says there is no one reason for the dramatic fall, citing the combined force of industry initiatives such as chip and PIN, the increasing use of sophisticated fraud detection tools by banks and retailers and the work of the Dedicated Cheque and Plastic Crime Unit.

For CNP fraud, the group claims the continuing growth in the use of MasterCard SecureCode and Verified by Visa by both online retailers and cardholders has stymied crooks.

Melanie Johnson, chair, UK Cards Association, says: "We recognise that cards will always be targeted by criminals, so we are determined not only to continue to prevent, detect and deter those who are behind this type of crime, but also to make sure that innocent victims don't lose out."

There is less encouraging news in relation to online banking fraud, with losses totalling £59.7 million in 2009, a 14% rise on the previous year. This is largely due to criminals using more sophisticated methods, notably malware, which targets vulnerabilities in PCs, rather than the banks' own systems which are more difficult to attack. There were also more than 51,000 phishing incidents recorded during 2009, a 16% increase on the amount seen in 2008.

Phone banking losses totalled £12.1 million in 2009, the first time they have been recorded. Cheque fraud dropped 29% to £29.8 million.

David Cooper, chairman, Fraud Control Steering Group, says: "Although online banking fraud losses have shown a year-on-year increase, card fraud remains a main focus of criminal activity. However, the industry remains committed to containing and reducing all areas of fraud. To this end, we will continue our partnership approach - working with law enforcement, retailers, consumers and the Home Office - to tackle fraud head-on."

Comments: (4)

A Finextra member
A Finextra member 10 March, 2010, 10:47Be the first to give this comment the thumbs up 0 likes

These latest fraud statistics are good news for the UK banks and UK consumers, but the fraudsters have not disappeared overnight. They will be looking for the next easy target and the increase in online banking losses is the result of the large increase in phishing attacks. A new category of Phone Banking Losses has also been included for the first time as criminals look to target consumers directly, bypassing the banks security systems, which are almost (never say never) impossible to penetrate. Although Chip and PIN, Verified by Visa and MasterCard SecureCode and the fraud detection systems are all helping significantly, the fall in the value of sterling may also be a contributing factor as fraudsters look to defraud non-UK issued cards where Chip and PIN is not operational and whose currencies are stronger. A blip or a downward trend?

A Finextra member
A Finextra member 10 March, 2010, 21:14Be the first to give this comment the thumbs up 0 likes

Well, this is all good PR for the banks, but the information not included in these statistics is the rise in legitimate cardholder transactions that are simply blocked by bank fraud systems. Ever tried using a credit or debit card overseas in the last few years? Even though customers have to go through the painful process of having to call the banks offshore call centres to pre-advise them of their travel plans, 90% of the time such information is not captured by their authorisation process and transactions are declined, requiring yet more painful call centre conversations. The banks may be making progress with the fraudsters and for that I applaud their efforts but it all comes at a cost to customer service.

A Finextra member
A Finextra member 11 March, 2010, 13:14Be the first to give this comment the thumbs up 0 likes

Although the fraud figures released today show signs of improvement in certain areas, the level of online banking fraud across the UK is still shockingly high. I believe that one of the major reasons for this level of fraud is that our banks are still relying on fixed passwords and PINs for online banking.

Measures such as ‘Mastercard Secure Code' and ‘Verified by Visa' are going some way to protect customers but are all still based on the user having a fixed code, so if the customer falls victim to a phishing attack they are left completely exposed.

It is also important for the industry to wake up to the fact that many customers use the same username/password combination for their bank accounts as they do for their email and social networking login, so it needs to adopt more innovative methods that stop fraudsters in their tracks and render stolen login details worthless, no matter how or where they are acquired.

The industry needs to adopt a ‘one time password' model across the board given that more secure software-based authentication technologies have been available for a number of years now. By adopting these solutions banks can offer greater security which is both cost effective to implement and easy to use.


A Finextra member
A Finextra member 11 March, 2010, 14:05Be the first to give this comment the thumbs up 0 likes

These stats are worrying for consumers and banks alike - increasingly fraudsters are using Trojans that can infect a user's PC, and then launch man-in-the-browser attacks that can get around the strongest user authentication measures. The consumer may not even be aware that the funds have been moved from their account as the Trojan can alter the page being displayed.

To tackle this problem, banks need to get a better understanding of their customers' online banking activity so that they can check to see if it fits the established profile of the genuine customer. Alongside other fraud prevention methods such as authentication, a layered approach to online banking fraud monitoring - one that analyses the login, the transactions, and risky sequences of events - gives banks the best chance to minimise online banking fraud. In addition, consumers need to be educated around the dangers of clicking links in unsolicited emails and on social networks. Fraudsters will always look for weaknesses in the system, in this case the user's PC, and banks must work with their customers to plug the security gaps.