Authorised and unauthorised fraud totalled £1.2bn in 2018, with the theft of personal and financial data through social engineering a major contributor to fraud losses, according to the annual report from UK Finance
Stolen data is used to commit fraud both directly and indirectly, with UK Finance citing several high-profile data breaches involving significant brands during 2018.
Total losses due to unauthorised fraud across payment cards, remote banking and cheques in 2018 were £845m, an increase of 16% compared to 2017.
Losses due to unauthorised transactions on payment cards increased 19% to £671m. Three-quarters of the card fraud losses (£506m) was due to remote purchase fraud, where stolen card details are used to buy something online, over the phone or via mail order.
Losses due to unauthorised remote banking fraud totalled £153m, which was 2% lower than 2017. This category covers unauthorised fraud through internet banking, telephone banking and mobile banking.
Cheque fraud losses rose by 109% to £21m. UK Finance says the volume of fraudulent cheques increased by only 16%, indicating that a small number of high-value fraudulent transactions made during the year led to the rise in losses rather than a change to the longer-term downward trend in this type of fraud.
Authorised push payment
The report highlights the growing prevalence of authorised push payment (APP) scams, where a customer is duped into authorising a payment to another account which is controlled by a criminal.
UK Finance only began collating data on APP scams from 2017 onwards, when losses totalled £236m across 43,875 cases.
The APP scam data for 2018 shows a total of £354m was lost through APP scams, split between personal (£228m) and business (£126m) accounts.
In total the number of cases almost doubled to 84,624 APP scam cases, split between personal (78,215 cases) and non-personal (6,409 cases) accounts. Financial providers were able to return a total of £83m of the losses.
While the 2018 figures are not directly comparable with the previous year, as there have been changes in the way in which APP scams are identified and reported, UK Finance points out that in February a voluntary code was agreed following work between the industry, consumer groups and the Payment Systems Regulator.
The code, which comes into effect on 28 May, will bring new protections for customers of payment service providers who sign up to it. It includes a significant commitment from all firms who sign up to it to reimburse victims of APP scams in any scenario where their bank or payment service provider is at fault and the customer has met the standards expected of them under the code. Currently, under existing legislation, if a customer authorises the payment themselves they have no legal protection to cover them for losses.
The report also shows the finance industry prevented £1.66bn of unauthorised fraud during 2018, effectively stopping £2 in every £3 of attempted unauthorised fraud.
Katy Worobec, managing director of economic crime at UK Finance, said: ‘Fraud is a crime which poses a major threat to us all – it can have a devastating impact on victims and the money stolen funds even more damaging crimes such as terrorism, drug trafficking and people smuggling.
‘Last month, the finance industry and consumer groups agreed a voluntary Code which will increase protection for customers from APP scams.
‘At the same time the industry continues to fight fraud on every front to protect customers and prevent this kind of crime – investing in advanced security systems and new ways to track stolen funds, assisting law enforcement in tackling the criminals and supporting the government in improving the ways in which intelligence is shared.’
Fraud the facts 2019 is here.
Report by Pat Sweet