The latest figures from APACS show that card fraud in the UK has risen by 14% since last year, despite the introduction of chip and PIN. Online banking fraud increased by 185% due to phishing. More than 20,000 fraudulent phishing websites were set up in the first half of 2008.
This is no surprise. The banks should have invested in decent authentication systems a long time ago. Chip and PIN has cost a small fortune but only addresses part of the problem. We’ve all known for decades that mutual authentication is essential, yet there’s still no sign of it.
Last night I was phoned by my bank for no good reason other than the fact they wanted to discuss my services (i.e. sell me something). They provided no authentication information, yet seemed surprised when I informed then that I don’t discuss financial matters with unidentified strangers over the phone. No doubt they regard me as a difficult, rather than enlightened, customer. It’s not surprising that there’s so much fraud when leading banks set such bad examples.