Online banking rip-offs go up, card fraud goes down
Losses due to credit and debit card fraud have fallen for the first time in 3 years, says the UK Cards Association, only to be supplanted by a rising incidence of phishing attacks aimed at stealing login credentials for online bank accounts.
A total of £440 millions were stolen through card fraud in the UK this past year – that’s 28% less than in 2008. This comprises lost and stolen cards, the use of counterfeit cards, cards intercepted in the mail and the use of cards to buy things over the phone.
According to BBC News , losses due to phishing attacks increased by 14% and reached £59.7 millions. To get a hold on the login credentials, criminals resort to tricking people to give them up or to install malware on their computers that will steal them and send them to the criminals.
“Today’s UK card fraud figures show some good news but also highlight areas where there is room for improvement. In other words it’s a case of some swings, some roundabouts,” says Steve Brunswick, Strategy Manager with Thales.”First of all, there has been an increase in online banking fraud, growing 14% from £52.5M to £60M, which would seem to indicate that the improvements in reducing on-line banking fraud which were seen two years ago have stalled. At that time three major UK banks introduced Chip&PIN card CAP readers, adding two-factor authentication to their customers’ online banking security, but there have been no further moves by the other UK banks since then.”
“Many banks rely on back-end analytics to protect their customers from on-line banking fraud, and while this certainly plays an important part in protecting them, relying on back-end analytics without strong authentication of users is like installing a burglar alarm but leaving the front door wide open,” he says. “We have all heard the complaints that it’s inconvenient having to have a card reader to hand to do online banking, but other forms of two-factor authentication are now surfacing that help overcome this hurdle. Mobile phone based two-factor authentication, for example, is an effective alternative because most people carry their mobile phone with them pretty much all of the time.”
Stephen Ley, partner at accountancy firm Deloitte, thinks that users should be vigilant and well-informed on the different fraud tactics out there. “A better-educated consumer is less likely to fall foul of phishing attacks,” he affirms.