- Email: [email protected]
UK Finance: Fraud The Facts 2019
NEWS
Report Analysis
UK Finance: Fraud The Facts 2019
M
easured purely in terms of financial impact, fraud is one of the biggest forms of crime in the UK. In 2018, criminals stole £1.2bn, and they used technology – email, SMS texts, websites and even the humble telephone – to do it.
On the positive side, financial institutions and law enforcement organisations are also successfully exploiting technology in their efforts to combat this problem. In fact, in the same year, £1.6bn worth of fraudulent transactions were stopped in their tracks. UK Finance is an industry group representing banking and finance companies and runs an Economic Crime team that promotes and supports the industry’s activities in combating fraud, money laundering, bribery and corruption, and cybercrime. It’s no surprise, then, that its latest report is quick to point out the advances the industry has made, including: the Banking Protocol – a rapid-response scheme that enables banking staff to alert police and Trading Standards of possible frauds; the trial of
a new anti-spoofing system to prevent the use of scam text messages; the activities of the Dedicated Card and Payment Crime Unit, a police unit sponsored by the banking industry and which tackles organised crime groups; and UK Finance’s work with a government-led programme to reform economic crime information sharing processes – socalled Suspicious Activity Reports. Yet the cost of fraud continues to rise. The report looks at four main areas – card fraud, cheque fraud, unauthorised remote banking fraud and authorised push payment (APP) fraud. The kinds of cyber criminals familiar to information security specialists are active in all these areas. Unauthorised remote banking fraud encompasses Internet, mobile and
Fraud losses for various banking types, in millions of pounds.
4
Computer Fraud & Security
telephone banking. And the figures reflect the role that technology at the customer level has come to play in the banking sector. Compared to the previous year, the overall value of unauthorised remote banking fraud dropped 2%, to £153m, with the volume of cases having fallen by 8% to 31,797. However, these numbers mask a shift in what types of banking criminals are targeting. At £123m in 2018, losses in Internet banking were slightly up over the previous two years, but lower than the peak of £133m in 2015, suggesting that banks are making some headway. There’s a similar picture in telephone banking, although the losses there are significantly lower than for Internet banking. UK Finance’s figures for mobile banking only go back to 2015, and the losses here are much smaller than in the other areas. However, they show a steady rise as more people turn to this method of interacting with their banks. Authorised push payment (APP) is any fraud where a scammer persuades a victim to make a bank transfer. The transfer itself, therefore, is genuine, and may slip past fraud monitoring systems. A large proportion of these APP frauds involve technology at some point: in fact, most of them are enabled by it. Investment, fee-forwarding and romance scams, along with CEO fraud (the term UK Finance prefers to the more accurate business email compromise, or BEC) are mostly carried out via email. Impersonation scams, in which fraudsters pretend to be police officers or bank staff, may start with a phone call or text message, but will always involve online banking. The report is available here: www. ukfinance.org.uk/policy-and-guidance/ reports-publications/fraud-facts-2019.
April 2019
Report Analysis
UK Finance: Fraud The Facts 2019
M
easured purely in terms of financial impact, fraud is one of the biggest forms of crime in the UK. In 2018, criminals stole £1.2bn, and they used technology – email, SMS texts, websites and even the humble telephone – to do it.
On the positive side, financial institutions and law enforcement organisations are also successfully exploiting technology in their efforts to combat this problem. In fact, in the same year, £1.6bn worth of fraudulent transactions were stopped in their tracks. UK Finance is an industry group representing banking and finance companies and runs an Economic Crime team that promotes and supports the industry’s activities in combating fraud, money laundering, bribery and corruption, and cybercrime. It’s no surprise, then, that its latest report is quick to point out the advances the industry has made, including: the Banking Protocol – a rapid-response scheme that enables banking staff to alert police and Trading Standards of possible frauds; the trial of
a new anti-spoofing system to prevent the use of scam text messages; the activities of the Dedicated Card and Payment Crime Unit, a police unit sponsored by the banking industry and which tackles organised crime groups; and UK Finance’s work with a government-led programme to reform economic crime information sharing processes – socalled Suspicious Activity Reports. Yet the cost of fraud continues to rise. The report looks at four main areas – card fraud, cheque fraud, unauthorised remote banking fraud and authorised push payment (APP) fraud. The kinds of cyber criminals familiar to information security specialists are active in all these areas. Unauthorised remote banking fraud encompasses Internet, mobile and
Fraud losses for various banking types, in millions of pounds.
4
Computer Fraud & Security
telephone banking. And the figures reflect the role that technology at the customer level has come to play in the banking sector. Compared to the previous year, the overall value of unauthorised remote banking fraud dropped 2%, to £153m, with the volume of cases having fallen by 8% to 31,797. However, these numbers mask a shift in what types of banking criminals are targeting. At £123m in 2018, losses in Internet banking were slightly up over the previous two years, but lower than the peak of £133m in 2015, suggesting that banks are making some headway. There’s a similar picture in telephone banking, although the losses there are significantly lower than for Internet banking. UK Finance’s figures for mobile banking only go back to 2015, and the losses here are much smaller than in the other areas. However, they show a steady rise as more people turn to this method of interacting with their banks. Authorised push payment (APP) is any fraud where a scammer persuades a victim to make a bank transfer. The transfer itself, therefore, is genuine, and may slip past fraud monitoring systems. A large proportion of these APP frauds involve technology at some point: in fact, most of them are enabled by it. Investment, fee-forwarding and romance scams, along with CEO fraud (the term UK Finance prefers to the more accurate business email compromise, or BEC) are mostly carried out via email. Impersonation scams, in which fraudsters pretend to be police officers or bank staff, may start with a phone call or text message, but will always involve online banking. The report is available here: www. ukfinance.org.uk/policy-and-guidance/ reports-publications/fraud-facts-2019.
April 2019