Online banking fraud within the U.K. has reached its highest level for at least 3 years, although losses related to cards have fallen in most areas, according to figures from the industry that were released on Wednesday. Online banking fraud saw an increase of 55% up to £39m in the first half of 2011 in comparison with the same period in 2010, according to the FFA, Financial Fraud Action UK, formerly called APACS.
The FFA collates all the data that is reported by financial institutions in the UK, and they attribute this high rise to the sophisticated and malicious software programmes that are infecting vulnerable home computers. The FFA also reported that there was 26,000 phishing sites, fraudulent websites that are designed to trick people into revealing their log in details and passwords.
The rise in this type of fraud comes at the same time as the UK banks are taking rigorous measures to try and combat online banking fraud. While the websites for the US banks only ask for a log in and a password for their customers to access online banking, the UK banks have several steps in the process.
The NatWest for example, parts of the RBS group, requires their customers to enter their date of birth a well as a unique code of four digits. In the second step, the user is also required to enter random digits from a separate four digit PIN code with is different from the one they use at an ATM.
The website then asks for specific parts of another password, such as the 1st, 3rd and 6th letter. The combination changes every time and if you fail you can’t access your account through online banking. Despite all these measures, the security can be bypassed if the user has fallen foul of a phishing scam and has unwittingly disclosed their access details.
Card fraud remains the costliest however, for the first 6 months of 2011 it amounted to a mighty £232.8m, and that is down by 23% compared with the same period in 2008. A spokeswoman for the FFA, Michelle Whiteman, says that this is the first time that the overall figure for credit card fraud has declined.
They are attributing this fall to the use of chip & PIN technology, where ATM’s and card readers at the point of sale check for the microchip which uses encrypted keys to allow a transaction, and the user must enter correctly the four digit PIN that is linked to this chip. A fraudster must know this PIN otherwise the card can’t be used to make a personal purchase.
This differs greatly from the way cards are used in the US, where there is no chip and PIN technology and all the fraudster needs to do is copy the signature that is on the back of the card. Even with all this technology, fraudsters will still try and use chip and PIN cards online, this is known as card not present fraud, but even this fraud has dropped by 18% this year to £134m.
The FFA believes that the main reason for this is increase in numbers of those enrolling in the SecureCode from MasterCard and the ‘Verified by Visa’ from Visa programmes. This stops a transaction going through by prompting the user to enter a unique password, and if it isn’t entered correctly the transaction will fail. Once again, however, this can still be bypassed if the user has revealed their details to a successful phisher.
The other areas that saw a significant decline in fraud were counterfeit card, lost and stolen cards used fraudulently and cards being intercepted by fraudsters in the mail and not reaching their intended recipient. The only category that saw a rise was ID theft through a card, which went up by 23% to £23.9m.