Phishing attacks take £30 million toll as UK online bank fraud rises

FFA reports sudden half-year rise in online fraud

Online banking losses in the UK reached nearly £30 million ($48 million) in the first half of 2014, as criminals targeted the accounts of businesses that allow higher-value transfers, according to banking organisation Financial Fraud Action UK (FFA).

Is card fraud getting a bit worse, a bit better or is it much the same? That depends how which type fraud is considered and what is measured.

As far as online bank fraud is concerned, the answer appears to be a resounding 'yes', with losses rising to £29.3 million between January and June, compared to only £17.1 million for the same period on 2013.

Take a longer view going back to 2008 and it's clear that the figure is not far from the longer-term average - with telephone bank fraud static at around £7 million, banks seem to have kept a lid on online fraud albeit that it's not getting better either.

For remote purchase fraud (aka card not present fraud) - mainly across the Internet - the rise is harder to explain away. The new half years figure is £174.5 million, up 23 percent from £142 million in 2013. The FFA downplays this, pointing out that consumers spent £47 billion during the period, but it's still a jump to the highest absolute figure ever recoded, beating even 2008's £163.9 million.

Total card fraud of all types reached £247.6 million, a 15 percent increase over the same period in 2013. Again the FFA is at pains to put this into some context. Fraud is proportionally no worse than in 2013, it said, accounting for only 7.4p in every £100 spent.

Technologies such as Chip and PIN have slashed fraud rates on high-street purchases in the last decade which has caused criminals to adjust their tactics by attacking individual consumers rather than bank systems, the organisation said.

The classic example of this which anecdotal reports suggest is now a serious issue in the UK, is the sort of social engineering attack where customers are phoned up by criminals posing as a legitimate organisation. Given the success of this type of con, it looks as if the success off Chip and PIN has pushed some of the face-to-face fraud to the remote fraud column.

Some have predicted that this will result in a lot more often inconvenient phone checks being carried oud on transactions.

The FFA's own research showed that a quarter of consumers took no action to challenge the identity of cold callers, a figure that rose to a third for younger consumers.

"Be aware of the warning signs: your bank will never ask you for your 4 digit PIN, to transfer or withdraw money, or to give your card to a courier," said DCI Perry Stokes, head of the Dedicated Cheque and Plastic Crime Unit, a police unit sponsored by the cards industry.

A key target for attackers was now businesses. "Intelligence suggests criminals are targeting business accounts which typically allow higher value fraudulent transactions," said the FFA.

Break into an individual's account and the pickings might be measured in hundreds of pounds. Do the same to a business account and it could easily be tens of thousands before anything untoward was noticed.

Last month, a separate estimate from Worldpay (which sees 44 percent of card transactions in the country) estimated that seven million UK credit and debit cards had been put at risk during data breaches, or three million in 2013 alone. Exactly how much fraud arises from these breaches is incredibly hard to estimate because compliant firms encrypt credit card numbers. But personal data is lost and this could feed back into social engineering attacks that the FFA is worried about.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechsecurityFinancial Fraud Action UK

More about Worldpay

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E. Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts