UK card fraud plummets

These latest fraud statistics are good news for the UK banks and UK consumers, but the fraudsters have not disappeared overnight. They will be looking for the next easy target and the increase in online banking losses is the result of the large increase in phishing attacks. A new category of Phone Banking Losses has also been included for the first time as criminals look to target consumers directly, bypassing the banks security systems, which are almost (never say never) impossible to penetrate. Although Chip and PIN, Verified by Visa and MasterCard SecureCode and the fraud detection systems are all helping significantly, the fall in the value of sterling may also be a contributing factor as fraudsters look to defraud non-UK issued cards where Chip and PIN is not operational and whose currencies are stronger. A blip or a downward trend?

Well, this is all good PR for the banks, but the information not included in these statistics is the rise in legitimate cardholder transactions that are simply blocked by bank fraud systems. Ever tried using a credit or debit card overseas in the last few years? Even though customers have to go through the painful process of having to call the banks offshore call centres to pre-advise them of their travel plans, 90% of the time such information is not captured by their authorisation process and transactions are declined, requiring yet more painful call centre conversations. The banks may be making progress with the fraudsters and for that I applaud their efforts but it all comes at a cost to customer service.

Although the fraud figures released today show signs of improvement in certain areas, the level of online banking fraud across the UK is still shockingly high. I believe that one of the major reasons for this level of fraud is that our banks are still relying on fixed passwords and PINs for online banking.

Measures such as ‘Mastercard Secure Code' and ‘Verified by Visa' are going some way to protect customers but are all still based on the user having a fixed code, so if the customer falls victim to a phishing attack they are left completely exposed.

It is also important for the industry to wake up to the fact that many customers use the same username/password combination for their bank accounts as they do for their email and social networking login, so it needs to adopt more innovative methods that stop fraudsters in their tracks and render stolen login details worthless, no matter how or where they are acquired.

The industry needs to adopt a ‘one time password' model across the board given that more secure software-based authentication technologies have been available for a number of years now. By adopting these solutions banks can offer greater security which is both cost effective to implement and easy to use.

These stats are worrying for consumers and banks alike - increasingly fraudsters are using Trojans that can infect a user's PC, and then launch man-in-the-browser attacks that can get around the strongest user authentication measures. The consumer may not even be aware that the funds have been moved from their account as the Trojan can alter the page being displayed.

To tackle this problem, banks need to get a better understanding of their customers' online banking activity so that they can check to see if it fits the established profile of the genuine customer. Alongside other fraud prevention methods such as authentication, a layered approach to online banking fraud monitoring - one that analyses the login, the transactions, and risky sequences of events - gives banks the best chance to minimise online banking fraud. In addition, consumers need to be educated around the dangers of clicking links in unsolicited emails and on social networks. Fraudsters will always look for weaknesses in the system, in this case the user's PC, and banks must work with their customers to plug the security gaps.