alexskopje - stock.adobe.com
More than two-thirds of consumers expect banks to repay them for losses that result from online scams, with half (51%) prepared to ditch them if they don’t.
The research of about 2,500 people, carried out by YouGov for Akamai Technologies, also revealed that 58% of British people receive at least one attempted scam via email or text message per week, with 23% falling victim to them at some point.
Attacks resulting from credential stuffing, where scammers use stolen account credentials to gain access to people’s accounts, increased by 45%, according to the findings.
The high incident rates come despite consumers increasingly using recommended cyber security practices. In total, 59% of UK respondents said they do not use the same password for any online services, the survey found. Most respondents (86%) were confident that banks will protect them from cyber criminals, and 67% expect banks to cover losses if they do occur, regardless of the amounts stolen.
“This research confirms what far too many of us already know: there’s a serious fraud and cyber crime problem in the banking and financial services industry,” said Richard Meeus, director of security technology and strategy for Europe, the Middle East and Africa at Akamai.
“While 98% of respondents use some kind of security measure to protect and access their online banking, not all services are created equal,” he said. “Only 19% use a dedicated multi-factor authentication app, which is concerning as this is one of the most robust forms of protection out there and one of the lowest used.
“Rising rates of cyber crime mean rising costs for banks as they reimburse their customers en masse,” added Meeus. “Banks need to work with governments and industry to share effective strategies, educate the public on important preventative measures, and implement security models that ensure maximum protection – and retain customers.”
Read more about authorised push payment fraud
- All banks must be transparent about the proportion of victims of APP fraud they refund.
- The financial services ombudsman is siding with customers in over 75% of complaints against banks that refuse to repay losses to authorised push payment fraud.
- Criminals tricking people into making payments through channels such as fake emails and websites have stolen more money than payment card fraudsters.
Banks are calling for social media and other tech companies to take some responsibility for reducing successful scams.
For example, banks are being held responsible for losses to Authorised Push Payment (APP) fraud, which sees criminals use fake websites and emails to trick consumers into authorising payments to them. According to banking trade body UK Finance, this increased by 70% in the first six months of this year, reaching a value of £355m.
In January, Anne Boden, CEO of digital challenger Starling Bank, called for cooperation between different sectors to clamp down on APP fraud.
In a blog post, Boden said other sectors must shoulder some responsibility for APP scams, particularly social media platforms. “Banks invest billions of pounds into tackling economic crime, but we cannot stop it on our own,” she wrote.
“Very often, [social media] accounts are used for advertising for ‘money mules’, for the purposes of money laundering, selling stolen identity and credit card data, phishing, bogus investment scams and impersonation fraud,” she said, adding that banks “seem to have become the underwriter of all kinds of fraud that are not really financial fraud at all”.