Digital fraud trends in the UK

Alan Goode|11 April 2018
Digital fraud trends in the UK

As we increasingly move our lives online, it is no surprise that fraud should be following us. The rise of ecommerce and digital banking has resulted in growing levels of fraud targeting these new business channels. In this blog post, London-based analyst Alan Goode investigates what is currently happening in the UK.

Card-not-present (CNP) fraud

Due to the success of improved security measures for physical (card-present) payments, including the increased penetration of EMV cards that support chip-and-PIN transactions, card-not-present (CNP) fraud is growing – and the fact that we are doing more of our shopping over digital channels only exacerbates this. In their Fraud the Facts publication for 2017, industry body Financial Fraud Action (FFA) UK reports that out of the £768.8 million lost to payment fraud last year, £618 million was card fraud – a 9% increase from 2015 – and the biggest area of card fraud is CNP fraud, which totalled £432.3 million in 2017.

New account fraud

Cybercriminals are using stolen or fraudulently obtained card details and personal information to open new accounts (or even take out loans or mortgages) in victims’ names. Online bank account applications are easy to fake, since many banks today do not expect new applicants to visit a branch. This gives fraudsters valuable anonymity. Furthermore, transfers from a user’s legitimate account to this “twin” account are likely to pass the risk-based authentication test, because the user’s history shows that they regularly move funds between their accounts, for instance from a debit to a credit card. If the fraudster knows their stuff, they will hold off on using the fake account within the first month of opening it, or make only small withdrawals to establish a legitimate-looking usage pattern. Mobile capture technology provider Mitek predicts that 2018 will see 150 million new account opening fraud attempts at financial institutions, up from 80 million last year.

Account takeover fraud

Account takeover happens when a fraudster acquires a victim’s security credentials (username and password) and uses them to access the victim’s online bank account. Here, the fraudster adds themselves as a beneficiary and transfers funds out of the account. Security credentials are often not difficult to obtain, being widely available for sale on the dark web. Account takeover is not a new phenomenon, but is currently a significant problem in the UK, representing £24.4 million of fraud in 2017, according to FFA figures. In fact, incidents of account takeover fraud in the UK hit their highest levels ever recorded in 2016.

About the author

Alan Goode

Alan Goode

CEO and Chief Analyst Goode Intelligence

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.