Figures released this week from UK finance show that in the first half of 2018, more than £500 million was stolen from customers of British banks. The report outlines the most popular tactics of fraudsters.
For example, it identifies that £145 million of the total was lost through authorized push payment (APP) scams, where victims are conned into sending money to another account. The most common example of this kind of scam in 2018 is ‘purchase scams’, where people are tricked into paying for products or services that do not exist, such as cars or vacations. The tragic thing about this kind of scam is that victims cannot be refunded because UK legislation states that individuals are responsible for any losses that occur due to their authorization.
The remaining £358 million worth of loss is attributed to unauthorized fraud, such as criminals stealing and using credit card details and account information. This is the type of fraud the banks typically end up paying for. While the report doesn’t delve into the numbers of how the criminals are acquiring this card information, it does identify cybercrime as a growing cause:
“Data theft also continues to be a major enabler of fraud and contributor to fraud losses… The stolen data is either used by criminals to commit fraud directly, for example card details are used to make unauthorized purchases online, or personal details are used to apply for credit cards.”
It’s not much of a surprise that UK losses due to bank fraud are increasing. In the last few months alone we’ve seen thousands of people have their accounts compromised after massive data breaches at companies like British Airways and Ticketmaster – and the cost of this to banks is huge.
For the criminals, it’s a pretty easy pay day – they’ll either sell the details on the dark web for profit, or use them themselves to empty accounts. Usually these are vast networks of criminals with responsibility for different parts of the scam chain, making them almost impossible to trace and for individuals to be held accountable.
Who is Responsible for the Fraud Losses and What Can Be Done?
While this report is on the fraud losses for banks, and there is an argument that they should be better at protecting customer accounts by improving fraud detection and prevention mechanisms, they are not the only responsible parties here. There’s also a responsibility for other vendors to better prevent card details being stolen online, as well as a need for more education campaigns to raise awareness of social engineering attacks targeting consumers.
Protecting the transactions against cybercrime would go a long way in reducing these fraud losses. Whether it is theft of bank details at the point of sale, or interception of passwords while logging in, the majority of the world’s endpoint and browser-based malware abuses this point of exchange to commit fraud. Both banks and vendors need to do more to protect user credentials because this is a problem that isn’t going anywhere unless more is done to prevent it from all sides.
With Protector Air, Trusted Knight has developed innovative technology to achieve this, inserting cloud-based (agentless) malware protection into every web transaction request that visitors make. This neutralizes any malicious software present on the endpoints – stopping keylogging, form grabbing, web injections and transaction hijacking, effectively locking malware out of every session. It enables banks, ecommerce sites and other online brands to conduct transactions even with compromised endpoints without having sensitive data stolen. This dramatically reduces the risk of brand damage, fraud and operating losses with zero impact on customer experience.
To find out more about Protector Air and how cloud-based malware protection for your unmanaged website customers can help stop fraud, click one of the links below.