We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Online banking fraud hits three-year high

Sophisticated software beating banks' defences

Online banking fraud in the UK has risen to the highest level in at least three years while card-related losses fell in most categories, according to new industry figures.

Online banking fraud increased 55 percent to £39 million in the first six months of the year compared to the same period a year ago, said Financial Fraud Action UK (FFA), formerly known as APACS. FFA collects data reported by UK financial institutions.

FFA attributed the rise to sophisticated malicious software programs that infect vulnerable consumer computers. FFA also counted 26,000 phishing sites, which are fraudulent websites designed to trick people into divulging their log-ins and passwords.

The rise in banking fraud comes as UK banks have taken more rigorous measures to combat online fraud. While banks in the US, for example, often only require a log-in and password to get access to online banking, UK banks often have several more steps.

For example, NatWest - owned by the Royal Bank of Scotland Group - requires customers to enter their birth date plus a unique four digit code. During the second step, a person is prompted to enter some digits of a separate four-digit PIN (Personal Identification Number), which is not the same as the person's ATM card.

Then, the website asks for another password, but only specific parts of it, such as the second, four and seventh letter. NatWest asks for a different combination every time. If you fail to log in successfully, the account can't be accessed online.

Nonetheless, most bank security measures are defeatable if a person falls victim to a phishing scam and sends a fraudster their authentication credentials.

Card fraud, however, remains more costly. For the first half of this year, it amounted to £232.8 million, but that was down 23 percent compared to January to June 2008. It's the first time that the overall card fraud figure has declined, said Michelle Whiteman, FFA spokeswoman.

FFA attributes that decline to the use of chip-and-PIN technology. Point-of-sale card readers and ATMs check for the presence of a microchip that uses cryptographic keys to enable a transaction, and a person must enter a four-digit PIN.

Unless the fraudster knows the PIN, the cards can't be used to make in-person purchases.

It doesn't stop a fraudster, however, from trying to use chip-and-PIN cards to buy goods online, known as card-not-present fraud. But that kind of fraud also dropped this year by 18 percent to £134 million.

The reason, the FFA believes, is increased enrollment in Verified by Visa from Visa and SecureCode from MasterCard. For retailers that implement those programmes, customers must enter a unique password before completing a purchase online. The measure is still defeatable by a successful phishing attempt, however.

Other categories of fraud that saw significant declines included counterfeit cards, fraud on lost or stolen cards and non-receipt of cards through the mail. The only category that rose was card ID theft, which increased 23 percent to £23.9 million.

IDG UK Sites

Apple promises developers better stability, performance for Swift

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...