Online banking fraud losses fell by more than a third in the first half of the year compared to the same period last year, a welcome decline following a spate of Zeus-related arrests in the US, UK and Ukraine.
UK banks reported £24.9 million lost due to online bank fraud from January through June, a 36 percent drop from the £39 million lost in the first six months of 2009, according to the UK Cards Association and Financial Fraud Action UK.
But the agencies warned that cybercriminals are a determined bunch. "Over the past five years fraud losses in this area have been fairly volatile over a six-month period so this decrease is not necessarily the start of an ongoing trend. Given this and the fact that fraudsters are still focusing on this type of fraud, the industry will continue to advance its crime prevention initiatives," the UK Cards Association and Financial Fraud Action UK said.
The latest figures showed other bright spots. Card-not-present fraud - where payment card details are used to purchase goods from the Internet or phone or mail-order services - fell 12 percent to £118.2 million for the first six months of the year. It is the fourth year in a row that the type of fraud has fallen and represented the lowest figure since 2006.
The drop was attributed to the increased use by online retailers of 3-D Secure (3DS), better known under the names Verified by Visa and MasterCard SecureCode. Implemented and paid for by e-commerce vendors, the systems require a person to enter a password or portions of a password to complete an online purchase. It does that by showing an iframe before a purchase is completed that is used to connect to the purchaser's bank and verify a separate password for the payment card used.
Losses from cloned payment cards also fell to the lowest level in five years. Banks reported £28.2 million in losses, a 39 percent drop over the first six months of 2009 when those institutions lost £46.3 million.
Clone cards are created by copying the magnetic stripe on the back of payment cards and then encoding that on a dummy payment card. Russia's Interior Ministry said on Tuesday it had a detained a Ukrainian national who led a gang that specialised in that trade, also known as "carding."
But banks reported a significant increase in phishing attacks, where people are tricked into divulging sensitive details either on a website or through deceptive email. For the first six months of the year, banks saw 31,448 attacks - a five year high and up 21 percent over the first six months of last year.