The rate of cyber fraud dropped slightly over the first six months of 2023, falling 2% compared to the same period in 2022, but even so criminals and fraudsters still managed to steal approximately £580m via both authorised and unauthorised fraud during the period, according to UK Finance’s latest half-yearly report.
At the same time, UK Finance – which acts as the “collective voice” of the UK’s banking and finance industry – found that banks prevented a further £651m worth of losses through improved security systems and policies, suggesting some progress is beginning to be made on tackling the issue.
Nevertheless, said UK Finance managing director of economic crime Ben Donaldson, while good work is being done on stemming the flood of losses, the cost of fraud is never merely financial.
“In addition to the financial losses, these crimes often involve callous manipulation of the victim which can cause psychological and emotional harm. As the UK Finance report shows, criminals are increasingly using social media, online platforms, texts, phone calls and emails to deceive victims into giving up their personal details and their money,” said Donaldson.
“The financial services sector continues to lead the fight against these awful crimes. We are also currently the only sector that reimburses victims. However, it is impossible to reimburse the human impact of these crimes: we must prevent it from happening in the first place.
“The only way we will prevent fraud is if other sectors do much more to help us deal with the criminality which is increasingly taking place on their platforms,” he said.
UK Finance found that criminals are not letting up on their attempts to trick businesses and consumers out of their money, and authorised push payment (APP) fraud in particular is being massively driven by the abuse of online platforms and telecommunications.
APP fraud accounted for £293.3m of losses, down 1% on 2022, with £196.7m stolen from consumers and £42.6m from businesses, and £158.3m returned by banks – this latter figure showed a 13.6% improvement on the first six months of 2022, and will likely improve still further after the Payments Systems Regulator introduced new rules around reimbursement in June.
Varieties of APP fraud include investment scams that are frequently advertised on legitimate social media platforms, romance scams originating through dating platforms, and purchase scams promoted through social media and auction websites. UK Finance found that 77% of all APP fraud cases originate online, accounting for 32% of losses.
APP fraudsters also frequently use scam calls and texts to trick people into authorising a payment, or handing over data that can be used to do so. UK Finance found that these instances accounted for 17% of all APP fraud cases but accounted for 45% of losses. APP losses to fraud originating via phishing emails accounted for 1% of cases and 11% of losses during the period.
Meanwhile, unauthorised fraud losses due to transactions on payment cards, remote banking and cheques accounted for £340.7m across 1.26 million cases, down 3% and 10.6% year-on-year respectively.
Victims of this type of fraud have been legally protected against losses for some time and UK Finance believes that victims were fully refunded in 98% of cases.
The biggest driver of unauthorised fraud remains remote purchase or card-not-present fraud, although losses to it were down 12% to £173.8m and cases down 14%. This represents the lowest level seen since 2015 and is likely being driven by improved security measures such as Strong Customer Authentication and adoption of one-time passcodes (OTPs).
However, there was a substantial increase in card ID theft losses to partially offset the decline – these rose 57% to £33.1m. In this type of fraud, a criminal who has been unable to socially engineer their victims into making an authorised push payment generally resorts to using the personal information they have been able to gather, as well as stolen card details, to either take over existing accounts or apply for new credit cards.
More work needed from tech side
Commenting on UK Finance’s latest statistics, Alia Mahmud, regulatory affairs practice lead at regtech specialist ComplyAdvantage, said: “While the overall losses to fraud have dropped since this time last year, the amount still exceeds a staggering half billion pounds.
“Banks and payment processors are partnering with fintechs to use the power of AI and machine learning to identify fraud in an ever-changing landscape, but they can’t be in this fight alone.
“More than 75% of the fraud cited in today’s report came from online sources, so technology companies need to step up and help shore up the bulwark protecting consumers.”