Card fraud up - it's no surprise

The latest figures from APACS show that card fraud in the UK has risen by 14% since last year, despite the introduction of chip and PIN. Online banking fraud increased by 185% due to phishing. More than 20,000 fraudulent phishing websites were set up in the first half of 2008.

This is no surprise. The banks should have invested in decent authentication systems a long time ago. Chip and PIN has cost a small fortune but only addresses part of the problem. We’ve all known for decades that mutual authentication is essential, yet there’s still no sign of it.

Last night I was phoned by my bank for no good reason other than the fact they wanted to discuss my services (i.e. sell me something). They provided no authentication information, yet seemed surprised when I informed then that I don’t discuss financial matters with unidentified strangers over the phone. No doubt they regard me as a difficult, rather than enlightened, customer. It’s not surprising that there’s so much fraud when leading banks set such bad examples.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

There are now authentication technologies 'out there' capable of generating one-time codes without the use of additional hardware. All the banks and others in financial services have to do is consider adopting them. Systems like our own 'GrIDsure' would even allow easy two-way authentication during phone calls from the banks, as you describe. Both sides could strongly identify themselves, importantly without giving anything of value away, which a fraudster could use against you.
The fraud results released by APACS are generally as expected in the industry, with steady increases in card-not-present (CNP) and counterfeit card fraud, however there are a few numbers that raise questions for me. The first of these is with UK retailer (face-to-face) transactions, where fraud has increased by 26 percent since the same period in 2007. These numbers are still down from 2005, but it is interesting to note that following a steady downward trend for the first few years this has now started to increase. This trend can also be seen in ATM fraud, which is up 22 percent since the same time last year. The increase in online banking fraud is possibly easier to explain, as it ties in with the increased phishing activity we saw in the UK in the run up to the Faster Payments launch. However, banks in the UK are starting to use increasingly sophisticated methods to counter the threat of online banking fraud. One method is monitoring the IP address that is being used to log onto online bank accounts and comparing it to both known suspect addresses and the customer's own usual pattern of activity, which can help identify fraud immediately. With such anti-fraud methods in place, I feel confident that we will see these numbers start to decrease in the future. These tools can also be used to help manage CNP fraud levels - by mandating that IP data is included in the transaction information, banks will be able to stop fraudulent transactions before they happen, especially if IP data is combined with two-factor authentication methods. The APACS figures are a very useful measure of the amount of fraud we are seeing on UK-issued cards, and will hopefully reiterate to banks, consumers and retailers the importance of fraud prevention and detection. The percentage of fraud is still low compared to the actual amount of money spent on cards or through online banking, however, the whole industry needs to work together to ensure it remains this way.