Cybersecurity has always been a concern for banks and financial institutions. As data becomes more relevant and in most cases crucial to the core business activities, cybersecurity has quickly evolved into a great challenge to plethora of organisations. And these organisations have every right to worry but, it is the financial sector that should make cybersecurity awareness its top priority.
According to 2018 half year fraud update by UK Finance, which represents almost 300 UK-based, banking, mortgage, markets and payments services providers, financial services firms have been facing an unprecedented level of cyberattacks in recent months. UK Finance distinguishes and publishes data on losses due to few different kinds of fraud, these are: unauthorised fraudulent transactions made using payment cards, online and telephone banking and cheques, and authorised push payment (APP) scams.
UK Finance reports that while banks were able to prevent £705.7m worth of unauthorised fraud over the first half of the year, still losses due to the cyber-attacks in the form of authorised and unauthorised fraud totalled £503.4m in the first 6 months of 2018 alone, with £145.4 million and £358.0 million respectively.
There were 1,036,367 cases of unauthorised financial fraud during January to June 2018, and 34,128 cases of authorised push payment scams.
It seems that these numbers speak for themselves in terms of just how extremely important it is for any financial institution to invest and deploy adequate cybersecurity processes. But apart from that, it is equally crucial that financial directors must take the lead in order to prepare their companies and employees to face cyber criminals and their increasingly sophisticated methods of infiltration.
1. Unauthorised payment card and remote banking fraud
Payment card fraud losses are organised into five categories: remote card purchase, lost and stolen, card not received, counterfeit card and card ID theft.
Remote card purchase occurs when a criminal uses stolen card details to buy something on the internet, over the phone or through mail order. It is also referred to as card-not-present (CNP) fraud.
Lost and stolen fraud occurs when a criminal uses a lost or stolen card to make a purchase or payment (whether remotely or face-to-face) or takes money out at an ATM or in a branch.
Card not received occurs when a card is stolen in transit, after a card company sends it out but before the genuine cardholder receives it.
For a counterfeit card fraud criminal creates a fake card using information obtained from the magnetic stripe of a genuine card. This information is typically stolen using a device attached to an ATM or unattended payment terminal, such as at a car park. A fake magnetic stripe card is then created and used overseas in countries yet to upgrade to Chip & PIN.
Card ID theft occurs it two ways. In a third-party application fraud, a criminal uses stolen or fake documents to open a card account in someone else’s name. This information will have likely been gathered through data loss, such as via data hacks and social engineering to compromise personal data. In an account takeover fraud, a criminal takes over another person’s genuine card account. The criminal will gather information about the intended victim, often through social engineering, and then contact the card issuer pretending to be the genuine cardholder.
In the first half of 2018 fraud losses on cards totalled £281.2 million, a decrease of 2 per cent on the same period in 2017. Over this period, overall value of card spending grew by 3% per cent. Card fraud as a proportion of card purchases has decreased from 7.5p in the first half of 2017 to 7.2p in the first half of 2018.
The finance industry is continuously trying to prevent the card fraud by taking steps such as:
- Continuously investing in advanced security systems to authenticate customers and identify any suspicious transactions.
- Developing and providing fraud detection tools for retailers, such as 3D Secure authentication technology which protects online card purchases.
- Speedily, safely and securely identifying compromised card details through UK Finance’s intelligence hub so that card issuers can put the necessary protections in place.
Financial institutions are constantly improving at preventing unauthorised payment losses, and were able to stop a total of £493.5 million of card fraud from January to June this year.
In terms of the remote banking according to UK Finance it accounted for £137.8m in attempted attacks during the first half of 2018. With regard to losses that financial institutions were unable to prevent, internet banking fraud, in which a criminal gained access to somebody else’s online account, resulted in £56.7m worth of losses at the start of the year.
2. Authorised push payments
In an authorised push payment scam a criminal tricks their victim into sending money directly from their account to an account which the criminal controls. Criminals use a range of social engineering tactics to commit this crime. Typically, this includes the criminal posing as genuine individual or organisation and contacting the victim using a range of methods including via the telephone, email and text message. Intelligence suggests that criminals are increasingly using social media to carry out an APP scam.
Once the victim has authorised the payment and the money arrives in the criminal’s account, the criminal will quickly transfer the money out to numerous other accounts, often abroad, where it is then cashed out. If a customer authorises the payment themselves, current legislation means that they have no legal protection to cover them for losses – which is different for an unauthorised transaction.
Losses due to authorised push payment (APP) scams totalled £145.4 million in the first half of 2018. This was split between personal (£92.9 million) and non-personal or business (£52.5 million). In total there were 34,128 cases of authorised push payment fraud in the first six months of 2018. Of this total, 31,510 cases were on personal accounts and 2,618 cases were on non-personal accounts. One case can include several payments and there was a total of 50,966 during the period.
Financial providers were able to return a total of £30.9 million of the losses in the first half of 2018.
Source: UK Finance 2018 half year fraud update
B60 is a global leader in delivering Digital Transformation and Technology Development and works with ambitious firms in the U.K. Europe and USA across multiple sectors. Since 2012 B60 has been embracing digital change by utilising our unique operating models, frameworks and methodologies to truly drive innovation and change from within our clients businesses.
If you’d like to discuss with one of our experts on how you could successfully deploy Digital Transformation and Technology Development in your business drop us an email at firstname.lastname@example.org or alternatively call us on 0121 405 0270.