News and resources on cyber and physical threats to banks and fintechs worldwide.

Criminals stole £1.2 billion from UK bank accounts in 2018

Source: UK Finance

The finance industry prevented £1.66 billion of unauthorised fraud during 2018, effectively stopping £2 in every £3 of attempted unauthorised fraud, according to the latest report, Fraud the Facts 2019, from UK Finance

During the same period, a total of £1.2 billion was stolen by criminals committing both authorised and unauthorised fraud.

Industry research suggests that the theft of personal and financial information through social engineering caused by data breaches outside the financial sector was a major contributor to the fraud losses. Stolen data is used to commit fraud both directly and indirectly. There were several high-profile data breaches involving significant brands during 2018.

Katy Worobec, Managing Director of Economic Crime at UK Finance, said:
“Fraud is a crime which poses a major threat to us all - it can have a devastating impact on victims and the money stolen funds even more damaging crimes such as terrorism, drug trafficking and people smuggling. Every business, from online retailers to social media companies, as well as the public sector, has a duty to work together to beat fraud and prevent stolen data getting into the hands of criminals.

“Last month, the finance industry and consumer groups agreed a voluntary Code which will increase protection for customers from authorised push payment scams. It delivers a significant commitment from signatories to reimburse victims when the customer has met the standards expected of them under the Code. At the same time the industry continues to fight fraud on every front to protect customers and prevent this kind of crime - investing in advanced security systems and new ways to track stolen funds, assisting law enforcement in tackling the criminals and supporting the government in improving the ways in which intelligence is shared.”

The data published by UK Finance covers both unauthorised and authorised fraud.
Unauthorised fraud
In an unauthorised fraudulent transaction, the account holder themselves does not provide authorisation for the payment to proceed and the transaction is carried out by a third-party. Customers are legally protected against losses caused by unauthorised fraud. Industry research indicates that customers are fully refunded in over 98 per cent of unauthorised fraud cases.

Total losses due to unauthorised fraud across payment cards, remote banking and cheques in 2018 were £845 million, an increase of 16 per cent compared to 2017. Included within this overall total:
• Losses due to unauthorised transactions on payment cards increased 19 per cent to £671 million. The industry prevented £1.12 billion in attempted unauthorised card fraud, 14 per cent more than in 2017. Three-quarters of the card fraud losses (£506 million) was due to remote purchase fraud, where stolen card details are used to buy something online, over the phone or via mail order.
• Losses due to unauthorised remote banking fraud totalled £153 million, 2 per cent lower than 2017. This category covers unauthorised fraud through internet banking, telephone banking and mobile banking. Banks prevented £318 million of attempted unauthorised remote banking fraud.
• Cheque fraud losses rose by 109 per cent to £21 million. The volume of fraudulent cheques increased by only 16 per cent, indicating that a small number of high-value fraudulent transactions made during the year led to the rise in losses rather than a change to the longer-term downward trend in this type of fraud. A total of £218 million of attempted unauthorised cheque fraud was prevented.
• There was a total of 2,651,556 cases of unauthorised financial fraud.
Authorised push payment scams
In an authorised push payment (APP) scam, a customer is duped into authorising a payment to another account which is controlled by a criminal.
The APP scam data for 2018 shows:
• A total of £354 million was lost through APP scams, split between personal (£228m) and business (£126m) accounts.
• In total there were 84,624 APP scam cases, split between personal (78,215 cases) and non-personal (6,409 cases) accounts.
• Financial providers were able to return a total of £83 million of the losses.

In February, the Authorised Push Payment Scams Voluntary Code was agreed following work between the industry, consumer groups and the Payment Systems Regulator. The Code, which comes into effect on 28 May 2019, will bring new protections for customers of payment service providers who sign up to it. The Code delivers a significant commitment from all firms who sign up to it to reimburse victims of authorised push payment scams in any scenario where their bank or payment service provider is at fault and the customer has met the standards expected of them under the Code. Currently, under existing legislation, if a customer authorises the payment themselves they have no legal protection to cover them for losses.

UK Finance only began collating data on APP scams from 2017 onwards. Losses due to APP scams in 2017 totalled £236 million across 43,875 cases. The data published today is not directly comparable to these figures as new industry guidelines introduced in January 2018 have improved the identification and reporting of APP scams. Four additional banks also began reporting the data to UK Finance from 2018.

Comments: (0)