Fraudsters Steal £500m+ from UK Consumers

UK consumers lost over half a billion pounds to scams in the first half of 2018, with online helping to drive authorized and unauthorized fraud, according to UK Finance.

The industry body revealed that of the £503m stolen in total over the period, the smaller amount (£145m) was lost due to so-called authorized push payment (APP) scams: when an account holder is tricked into making a payment to another account.

Although APP losses have jumped nearly 44% since the first half of 2017, UK Finance claimed that this is because of more accurate reporting this year.

A breakdown of losses revealed two main types of APP fraud. In malicious payee fraud the victim authorizes a payment for what they believe to be legitimate purposes, but it’s actually a scam. Of these, insurance fraud was the most costly (£21m), followed by purchase fraud (£19m).

Malicious redirection happens when the victim intends to pay a legitimate payee but the fraudster directs them to pay a third-party instead.

Of these, CEO fraud featured the least number of cases (347) but the highest average losses per case (£23,055). Invoice and mandate scams topped the list, leading to theft of £49m during the period.

The vast majority of fraud (£358m) was unauthorized, although UK Finance reported losses here down by 2% year-on-year, despite a rise in the number of cases of 10%.

In these instances the cardholder has nothing to do with the payment itself, which is carried out by a third party: for example, if they have bought breached card details off the dark web.

Bank losses remained the same as 1H 2017 (£74m), although banks apparently were able to stop £138 million of attempted unauthorized remote banking fraud.

In total, the finance industry prevented nearly £706m of unauthorized fraud, according to UK Finance.

Cameron Thomson, VP Northern Europe at Aspect Software, argued that banks often reject requests for refunds after APP fraud, when in fact they should have better fraud detection measures in place.

“Banks turning down compensation claims due to a customer’s own errors is understandable to an extent. However, banks — like so many other businesses — are customer-focused institutions with a responsibility for those in their care. People are being hit by increasingly sophisticated social engineering schemes and related scams, including SIM-swap hacks or posing as a highly convincing text message, email or web page purporting to be from the bank,” he argued.

“A certain level of common sense from customers should rightly be expected, but the growing skills of fraudsters in appearing legitimate mean that it has become unrealistic to expect every customer to distinguish a fraudulent request from a genuine one.”

What’s Hot on Infosecurity Magazine?