The year of the pandemic brought on a new dimension of accelerated illicit activities by individuals or organisations who engage in online fraud. It created parallel realities with businesses combatting these attacks on the one hand and fraudsters capitalising on newfound opportunities for social engineering scams and malware on the other.
The UK Finance issued a report on the impact COVID-19 had on fraud levels and the industry’s response to it. The published data sheds light on the losses resulting from unauthorised fraudulent transactions made using payment cards, remote banking and cheques and unauthorised push payment (APP) scams.
Key takeaways from a comparative analysis for periods H1 (January to June) 2019 to H2 (July to December) 2020 reveal:
· Total unauthorised fraud down 8% over H1 2019 at £374.3M
· Card fraud losses down 8% over H1 2019 to £288.2M
· E-commerce fraud statistic compared to H1 2019 at 183M
· Cards fraud to turnover ratio static at 8.4bps as card spending down 8%
· Cheque fraud back down 78% (after recent increases) at £6.4M
· Unauthorised Remote Banking fraud up 21% on H1 2019 (down on H2 2019)
· Authorised Push Payment Fraud losses flat from H1 2019 to H2 2020 after large increases in recent years.
Although the figures appear to present a largely reducing trend, they conceal more interesting and disconcerting details.
A closer look at the high levels of prevented fraud – with figures as high as £853 million in the first half of 2020 – show that albeit criminals have had to work harder to misappropriate funds, efforts in fraudulent behaviour have also increased significantly in terms of volume and value. These trends are particularly concerning and suggest that despite organisations’ best attempts to curtail this activity, persistent attacks are likely to continue in the future.
The gravity of the situation is compounded by the sheer volume of compromised cards, credentials and identities available to organised criminal gangs to exploit.
The 2020 fraud figures we see in the UK Finance report are a result of COVID-19 and the 12 months data since the Contingent Re-imbursement Model (CRM) for Authorised Push Payment Fraud (APP) came into force.
Obvious repercussions of new working-from-home arrangements include a rise in doorstep scamming, and credential theft via phishing mail with the intent to access and abuse or exfiltrate critical data and information, ransomware attacks and others. Cheque fraud dropped significantly over H1 2020 for two primary reasons, the first being a shift in use of digital banking channels during the lockdown months and secondly, better prevention and detection of fraud by banks. Mobile banking losses stemmed from greater use of these application services during COVID with one bank reporting mobile signups tripling. The same can be said for e-commerce, with consumer spending reaching 42% of the transaction value in June 2020 compared with 30% in June 2019 and an equally steady increase in e-commerce fraud to match.
Looking at the sheer volume of APP and remote banking attacks alone over just a 6-month period may indicate a complex system which employs the use of several mules to enable high volume payments. Mule Insights Tactical Solutions (MITS) exist to help track these suspicious transactions and are one such measure the finance industry in the UK is committed to implementing to combat fraud in this area.
Other investments are also being made to reduce gross loss and average loss per case. As with financial sectors in most jurisdictions, the increased focus on AML and greater awareness on shifting trends in fraud, has spurred the sector to step up the fight against financial crime across its various fractions.