The finance industry prevented £1.66bn of unauthorised fraud during 2018, effectively stopping £2 in every £3 of attempted unauthorised fraud, according to the latest report, Fraud the Facts 2019, from UK Finance.
During the same period, a total of £1.2bn was stolen by criminals committing both authorised and unauthorised fraud.
Industry research suggests that the theft of personal and financial information through social engineering caused by data breaches outside the financial sector was a major contributor to the fraud losses. Stolen data is used to commit fraud both directly and indirectly. There were several high-profile data breaches involving significant brands during 2018.
Katy Worobec, managing director of Economic Crime at UK Finance, said:
“Fraud is a crime which poses a major threat to us all – it can have a devastating impact on victims and the money stolen funds even more damaging crimes such as terrorism, drug trafficking and people smuggling. Every business, from online retailers to social media companies, as well as the public sector, has a duty to work together to beat fraud and prevent stolen data getting into the hands of criminals.
“Last month, the finance industry and consumer groups agreed a voluntary Code which will increase protection for customers from authorised push payment scams. It delivers a significant commitment from signatories to reimburse victims when the customer has met the standards expected of them under the Code. At the same time the industry continues to fight fraud on every front to protect customers and prevent this kind of crime – investing in advanced security systems and new ways to track stolen funds, assisting law enforcement in tackling the criminals and supporting the government in improving the ways in which intelligence is shared.”
The data published by UK Finance covers both unauthorised and authorised fraud.
In an unauthorised fraudulent transaction, the account holder themselves does not provide authorisation for the payment to proceed and the transaction is carried out by a third-party. Customers are legally protected against losses caused by unauthorised fraud. Industry research indicates that customers are fully refunded in over 98% of unauthorised fraud cases.
Total losses due to unauthorised fraud across payment cards, remote banking and cheques in 2018 were £845m, an increase of 16% compared to 2017. Included within this overall total:
Authorised push payment scams
In an authorised push payment (APP) scam, a customer is duped into authorising a payment to another account which is controlled by a criminal.
The APP scam data for 2018 shows:
In February, the Authorised Push Payment Scams Voluntary Code was agreed following work between the industry, consumer groups and the Payment Systems Regulator. The Code, which comes into effect on 28 May 2019, will bring new protections for customers of payment service providers who sign up to it. The Code delivers a significant commitment from all firms who sign up to it to reimburse victims of authorised push payment scams in any scenario where their bank or payment service provider is at fault and the customer has met the standards expected of them under the Code. Currently, under existing legislation, if a customer authorises the payment themselves they have no legal protection to cover them for losses.
UK Finance only began collating data on APP scams from 2017 onwards. Losses due to APP scams in 2017 totalled £236m across 43,875 cases. The data published today is not directly comparable to these figures as new industry guidelines introduced in January 2018 have improved the identification and reporting of APP scams. Four additional banks also began reporting the data to UK Finance from 2018.