E-commerce fraud losses rose 14% last year to reach £217.4m, while online banking fraud has risen 48% since 2013 to £60.4m, according to the latest official UK figures.
The stats from Financial Fraud Action (FFA) UK also claimed telephone banking fraud losses rose 20% to £13.9m in 2014, with businesses increasingly being targeted by phone-based scammers.
The fraudster typically cold calls a victim pretending to be from their bank, police or another trusted organization before tricking them into handing over their card and PIN details or transferring money into a ‘safe account’ under their control, FFA UK warned.
Despite the rise in online banking and e-commerce fraud, total card fraud losses rose only a modest 6% to £479m.
FFA UK argued that this figure is still well short of the peak of £609.9m in 2008 and taken as a proportion of the value of purchases, has risen only slightly – from 7.4p in every £100 spent to 7.5p.
The total number of incidents rose by 5% to 1.3m in 2014, driven mainly by criminals using cards abroad.
This figure jumped 23% to £150.3m, while domestic losses remained relatively “flat” at £328m, FFA UK said.
Detective chief inspector Perry Stokes, head of the Dedicated Card and Payment Crime Unit (DCPCU) urged internet users to make sure their AV software is up-to-date, only shop on secure websites, and be suspicious of any unsolicited emails.
It was also advised that cardholders check their bank and card statements frequently to spot any unusual transactions.
Businesses, meanwhile, were urged to mitigate the risk of fraud by signing up to 3D Secure – the card companies’ secondary payment authentication system – as well as being suspicious of “high value or unusual orders.”
FFA UK also encouraged firms to sign up to the banking industry’s Address Verification Service – which compares delivery with billing address – and to keep a record of fraudulent transactions to prevent further breaches.
Tim Lansdale, head of payment security at Europe’s largest payment processor, Worldpay, explained that criminals always go for the low-hanging fruit, which currently means targeting consumers.
“Businesses have to be alert to this threat, ensuring they keep their wits about them. They should be extra cautious when taking payments over the phone and be on the lookout for transactions that seem unusual, such as asking for goods to be delivered to a different address to which the card is registered to,” he told Infosecurity.
“Businesses will be responsible for the cost of the goods sold to fraudulent cards not to mention the damage to their reputation, something that can take years to repair.”
Stephen Moody, EMEA solutions director at anti-fraud firm ThreatMetrix, argued that passive multi-factor authentication is needed to add extra layers of security on top of user names and passwords.
“We have moved into an era where traditional identity data has already largely been compromised. User names and passwords are no longer a secure authentication method and organizations should not treat them as such,” he told Infosecurity by email.