May 23 • 2023
UK Finance 2022 Fraud Report and UK Fraud Strategy – Positive signs in the battle against fraud and scams
Cybercrime is low risk, low investment, and high return. Not surprisingly, illegal financial gain is one of the biggest reasons for cyber-attacks. The result is a predicted USD 10 Trillion of damages by 2025. Our vision is to change that.
Written by Rob Tharle, Head of Product
It often feels like doom and gloom when talking about fraud, but the latest fraud figures from UK Finance show there is some light in the fight against fraud and scams. In this blog, I’ll give an overview of the numbers concentrating on remote payments and APP frauds as well as the recent UK Government fraud strategy.
- Overall fraud loss number £1.2bn down 8% on 2021
- Banks and PSPs prevented £1.2bn of unauthorised fraud
- Remote Banking Fraud losses down 18%
- Authorised Push Payment (APP) Fraud losses down 17%
An overall downward trend, but what’s underneath?
Let’s dig a little deeper.
There are three main areas of fraud in the UK report, so let’s cover those in turn concentrating on remote banking and authorised fraud and scams.
Card Fraud (Unauthorised)
- Card fraud up 6% to £556.3m, from lowest level since 2014
- However, fraud to turnover ratio has continued to decline to 6bps as card usage has increased
- Case volumes down 3% to 2.7m
Remote Banking Fraud (Unauthorised)
- Losses down 18% to £163.1m
- Cases down 46% to 47,473
- Prevention down from £365m to £174m
- Mobile Losses increasing, three times as fast as cases volumes – due to increasing use of mobile banking over telephony and internet banking.
- Internet Banking cases fell twice as fast as losses, with the average loss per case increasing.
- Telephony losses now way be low pre-pandemic levels
Clear shifts in channel usage by genuine customers which is then reflected in how the fraudsters attack, but overall a decrease in fraud.
Prevention has moved further towards source so harder to record and/or attack level has dropped off. This is likely due to covid impacts of lockdown being removed, the 51% prevention rate is still just above pre-pandemic numbers.
APP Fraud (Authorised)
- Losses reduced by £98m, 17% to £485.2m
- Cases up 6% to 207,372 so the attack level is still increasing yet prevention & detection improved.
- Personal/business split at £408.2 vs £77m, Businesses still likely underreporting
- Customers had 59% returned although mostly refunds rather than a return of their funds
As discussed here most cases start online, with banks reporting online as the source in 76% of cases, telcos 18% and email 2%. What is interesting is how this changes for values at 36%, 44% and 12% respectively.
Therefore, the average value for online cases are lower than via telcos as many of these are lower value purchase scams. Email has the highest average loss per case as value is 6 time the volume.
What do the numbers tell us that’s interesting?
- Investment in systems and controls is working, leading to meaningful decrease in fraud & scams
- Areas without investment focus have been increasing e.g. telephony and F2F cards
- Covid impacts are now largely out of the numbers, apart from the permanent shifts to digital, mobile and higher contactless
This report shows that the attack level is still very high and that the enablers are still there, namely the levels of compromised and continually compromised data and online platforms and telcos.
What is clear is that by increasing the incentives for financial services players to invest, is resulting in meaningful reductions in both cases and losses, whether regulatory or financial through increase liability.
However, as ever there is an element of whack a mole here, as the fraud does shift and often to where investments have not been made. It is therefore important for firms to invest where items can make the most difference and where they can be easily leveraged across products, channels and risk types.
This ties in nicely with the recent UK government’s long awaited fraud strategy.
The key points of this are:
- Bans on SIM farms, Number Spoofing UK & Cold Calling
- Tougher controls on UK facing adverts
- Increased data sharing and law change to support
- Increasing refunds and liability to beneficiary banks
- Addressing Mule Networks
- Look at new legislation to restrict selling identities
- Replace Action Fraud
- Increasing resources and establishing the National Fraud Squad
- 10% reduction in fraud on 2019 number
Whilst this fraud strategy is welcome, it probably doesn’t go far enough. Many of the elements are already being progressed or are in place and the level of resources being allocated it actually quite small given the size of the problem. Further, The targeted reduction is quite small, especially in the context of the reductions in some fraud types in the above report.
Whilst banning things is getting headlines, bans in themselves does not stop them these acts from happening. Having said that these bans could have the following positive effects:
- Harder/more expensive to obtain the kit
- When combined with other laws and regs. e.g. on telcos, they will be looking out for these sorts of illegal activity to prevent their own fines
- Make prosecution easier. This is important as fraud is hard to prosecute, however, abuse of laws such as the computer misuse act and these new laws/regs will simplify things
There is also what many see as watering down of how the platforms are being targeted seems a shame, given the volumes of frauds that originate there, as the numbers above show. Let’s see how to the online safety bill and the Failure to prevent laws will make some difference.
The support for increased data sharing is very welcome and the strategy reflects a number of the things we do at CYBERA.