We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Online banking fraud hits three-year high

Sophisticated software beating banks' defences

Online banking fraud in the UK has risen to the highest level in at least three years while card-related losses fell in most categories, according to new industry figures.

Online banking fraud increased 55 percent to £39 million in the first six months of the year compared to the same period a year ago, said Financial Fraud Action UK (FFA), formerly known as APACS. FFA collects data reported by UK financial institutions.

FFA attributed the rise to sophisticated malicious software programs that infect vulnerable consumer computers. FFA also counted 26,000 phishing sites, which are fraudulent websites designed to trick people into divulging their log-ins and passwords.

The rise in banking fraud comes as UK banks have taken more rigorous measures to combat online fraud. While banks in the US, for example, often only require a log-in and password to get access to online banking, UK banks often have several more steps.

For example, NatWest - owned by the Royal Bank of Scotland Group - requires customers to enter their birth date plus a unique four digit code. During the second step, a person is prompted to enter some digits of a separate four-digit PIN (Personal Identification Number), which is not the same as the person's ATM card.

Then, the website asks for another password, but only specific parts of it, such as the second, four and seventh letter. NatWest asks for a different combination every time. If you fail to log in successfully, the account can't be accessed online.

Nonetheless, most bank security measures are defeatable if a person falls victim to a phishing scam and sends a fraudster their authentication credentials.

Card fraud, however, remains more costly. For the first half of this year, it amounted to £232.8 million, but that was down 23 percent compared to January to June 2008. It's the first time that the overall card fraud figure has declined, said Michelle Whiteman, FFA spokeswoman.

FFA attributes that decline to the use of chip-and-PIN technology. Point-of-sale card readers and ATMs check for the presence of a microchip that uses cryptographic keys to enable a transaction, and a person must enter a four-digit PIN.

Unless the fraudster knows the PIN, the cards can't be used to make in-person purchases.

It doesn't stop a fraudster, however, from trying to use chip-and-PIN cards to buy goods online, known as card-not-present fraud. But that kind of fraud also dropped this year by 18 percent to £134 million.

The reason, the FFA believes, is increased enrollment in Verified by Visa from Visa and SecureCode from MasterCard. For retailers that implement those programmes, customers must enter a unique password before completing a purchase online. The measure is still defeatable by a successful phishing attempt, however.

Other categories of fraud that saw significant declines included counterfeit cards, fraud on lost or stolen cards and non-receipt of cards through the mail. The only category that rose was card ID theft, which increased 23 percent to £23.9 million.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite