- Finance industry stopped £820 million of unauthorised fraud in first half of 2019
- Data compromised through social engineering and ‘digital skimming’ attacks have had a significant impact on fraud losses
- Investment scams account for largest proportion of personal customer losses to authorised push payment fraud
The finance industry prevented £820 million of unauthorised fraud in the first half of 2019, up 14 per cent on the previous year, according to the latest figures from UK Finance. This is equivalent to £2 in every £3 of attempted unauthorised fraud being stopped, or £4.5 million of fraud being prevented a day.2
Over the same period, £408 million was stolen by criminals through unauthorised card, remote banking and cheque fraud. In addition, £208 million was lost to authorised push payment (APP) fraud, where customers are tricked into authorising a payment to an account controlled by a criminal.
The compromise of personal and financial data remains a significant driver behind fraud losses. Customer details are being stolen through data breaches at third parties outside the financial sector, while sophisticated “digital skimming” attacks are being used to steal card data when consumers are shopping online. Criminals also continue to use social engineering techniques to trick customers into divulging their personal information or transferring money.
Katy Worobec, Managing Director of Economic Crime at UK Finance, said:
“Not only does fraud have a devastating impact on victims, the money stolen goes on to line the pockets of organised criminal gangs involved in drugs, arms and human trafficking. The finance industry is constantly investing in advanced security systems to protect customers from this threat, while helping law enforcement to apprehend and disrupt the criminals responsible.
“A new voluntary code was introduced in May that has significantly improved consumer protections from authorised push payment fraud, with signatory firms committed to reimbursing victims providing they have met certain standards.
“However, criminals are continuing to exploit vulnerabilities outside the financial sector to obtain customers’ data that is then used to commit fraud. We all have a responsibility to work together, including online retailers and social media companies, to beat the fraudsters and keep customers’ data secure.”
The data published by UK Finance covers both unauthorised and authorised fraud.
In an unauthorised fraudulent transaction, the account holder themselves does not provide authorisation for the payment to proceed and the transaction is carried out by a third-party. Customers are legally protected against losses caused by unauthorised fraud. Industry research indicates that customers are fully refunded in over 98 per cent of unauthorised fraud cases.
Total losses due to unauthorised fraud across payment cards, remote banking and cheques in the first half of 2019 were £408 million. This is an increase of two per cent compared to the first half of 2018, but a fall of £36 million compared to the second half of 2018. Included within the overall total:
- Losses due to unauthorised transactions on payment cards increased two per cent to £313 million. The industry prevented £488 million in attempted unauthorised card fraud, three per cent less than in the first half of 2018. Three-quarters of card fraud losses (£237 million) were due to remote purchase fraud, where stolen card details are used to buy something online, over the phone or via mail order.
- Losses due to unauthorised remote banking fraud totalled £66 million, 28 per cent lower than in the first half of 2018.
- This category covers unauthorised fraud through internet banking, telephone banking and mobile banking. Banks prevented £130 million of attempted unauthorised remote banking fraud.
- Cheque fraud losses rose to £29 million, an increase of almost eightfold compared to the first half of 2018.
- Intelligence suggests this increase was largely driven by a number of high-value transactions targeting business accounts, with personal customers only accounting for a small fraction of total losses. Over £202 million of attempted unauthorised cheque fraud was prevented, an increase of 172 per cent compared to the first half of 2018.
- There were a total of 1,385,447 cases of unauthorised financial fraud.
Authorised push payment fraud
Authorised push payment (APP) fraud occurs when a customer is duped into authorising a payment to another account which is controlled by a criminal.
The APP fraud data for the first half of 2019 shows:
- A total of £208 million was lost to APP fraud, split between personal (£147 million) and business (£61 million) accounts.
- In total there were 57,549 APP fraud cases, split between personal (53,475 cases) and non-personal (4,074 cases) accounts.
- Financial providers were able to return a total of £39.3 million of the losses to victims, split between personal (£25.6 million) and business (£13.6 million) accounts.
Investment scams accounted for the largest proportion of losses amongst personal customers, with £41 million lost to this type of fraud, or over £12,200 per case. Purchase scams remained the most prevalent form of APP fraud, accounting for almost two in three (65 per cent) of all cases targeting personal customers.
When a customer authorises a payment to be made to another account, even if they are tricked into doing so, current legislation means that they have no legal protection to cover them for the losses – unlike an unauthorised transaction. However, an industry voluntary code that came into effect on 28 May 2019 has introduced new consumer protections against authorised push payment fraud. Firms who have signed up to the code have committed to reimbursing the victims of this type of fraud, provided the customer has met the standards expected of them under the code.
UK Finance only began collating data on APP fraud from 2017 onwards. Losses due to APP fraud in the first half of 2018 totalled £148 million across 34,129 cases. The data published today is not directly comparable to these figures as two additional banks began reporting the data to UK Finance from early 2019. In addition, intelligence suggests that increased public awareness in the build-up to the introduction of the Authorised Push Payment Scams Voluntary Code has resulted in an increase in reporting by customers who fall victim to this type of fraud. Data on reimbursements made under the code is due to be published in 2020.
UK Finance is urging customers to follow the advice of the Take Five to Stop Fraud campaign, and remember that criminals are experts at impersonating people, organisations and the police. Your bank or police will never contact you out of the blue to ask for your PIN, full password or to move money to another account.
- Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.
- Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
- Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.