According to UK Finance, during 2020 fraud losses for the banking sector equated to £784m, which is a 5% decrease on levels observed in 2019. On the face of it this looks like a positive trend, but it is masking something that is not widely reported, in that almost £1.6bn in fraud was prevented by the industry across the same period. This trend is perhaps more interesting as it reflects how much banks and card companies have had to innovate and evolve their fraud monitoring approach to keep pace with the fraudsters.
As more and more transacting takes place online, or across remote environments, fraudsters have seized the opportunity to come up with new ways of scamming consumers through “social engineering”, which is the ability to manipulate or deceive individuals into sharing personal information, with the aim of using that information to commit financial fraud. If we look across transactional trends during the pandemic, where most consumers were not only buying things through online via various eCommerce sites, but were also receiving several notifications from the NHS regarding COVID, many let their guard down. Criminals seized the opportunity to use this increase in consumer communications through digital channels to devise more creative ways of defrauding vulnerable consumers. The type of fraudulent activity seen during 2020 included some of the following, despicable methods of enabling criminal activity:
- Impersonation based fraud – where criminals posed as members of the police, NHS staff, banks, utility companies and other online service providers with the aim of deceiving consumers into divulging personal and financial information. The most shocking of these involved asking individuals to share personal data to get access to the COVID-19 vaccine when supply levels were under review by the government.
- Too good to be true investment opportunities – fraudsters, which are typically organised crime syndicates, as opposed to opportunistic chancers, also tackled the investment sector, which has featured very heavily during the last 18 months as a way of duping consumers into parting with money. Here these criminal organisations leveraged the opportunity to use fake websites, or cloned sites, to entice consumers into investing in allegedly high yield portfolios, to protect themselves financially during an expected economic downturn. Areas such as forex trading and cryptocurrency investing have proved to be some of the popular choices in scamming money out of consumers.
- Internet & Mobile Banking – Here the traditional tools of using phishing emails, and social engineering, have led to many consumers sharing their passwords and access codes to their banking accounts with fraudsters. Fraud across internet and mobile channels between 2019 and 2020 increased by 43% and 41% respectively according to UK Finance, some of the highest levels seen since tracking began in this area. Fraud losses across these two channels equated to c£180m last year, clearly highlighting the need for more work to be done in this space when it comes to consumer education, and fraud monitoring innovation.
So how have banks and card companies responded?
Several approaches have been developed to tackle fraud across the various payment methods, remote/digital channels and usage patterns. The success of these initiatives are clear if we reflect on the high percentage of “avoided fraud”, a burden which has been eased by nearly 50% i.e. in the absence of these tools, we would have seen more than double the amount of fraud losses. A staggering hidden cost of operating across financial markets. So what tools have played a role in helping eradicate losses?
- Real-time transaction scoring – this enables card companies and banks to assess the “context” behind a transaction being undertaken to see if this is in line with expected behaviour. For instance, if a consumer who normally uses their card across the same set of retailers, and mainly pays using a contactless card, suddenly started buying online high-ticket items this would trip a rule highlighted that this transaction could potentially be suspicious.
- Public & Private Sector Collaboration – there has always been an extraordinarily strong link between banks and law enforcement agencies when it comes to preventing financial crime. e.g., collaborations like the National Economic Crime Centre.
- Mobile phone operators – as scams become more sophisticated, we also see financial services providers working with mobile networks to block suspicious text messages, and particularly those that were COVID-19 related during 2020 and continuing into 2021.
- Global digital identity tool – being developed by a small number of UK lenders to identify suspicious transactions. Other more sophisticated technology-based techniques are also being used to verify consumers, improving on some of the traditional methods we have seen in the industry previously.
- Card fraud prevention – this has perhaps been one of the success stories of the last 20 years, with several monitoring systems being developed and operated, as well as tightening up on consumer verification techniques at point of payment. Significant online card-based fraud has been prevented through initiatives like chip & pin, SD secure, hot card file distribution, mobile app features to freeze lost & stolen cards, and the continued work with law enforcement agencies to share information on organised crime operations.
- Authorised Push Payment (APP) fraud – This category relates to fraud that centres around bank transfers, where fraudsters manipulate consumers into transferring money direct from their account. Here, a number of the consumer protections do not apply as they would for card-based transactions, so the industry has established a code for these types of transaction, with 9 PSPs across the UK participating in the scheme. Here the aim is to have the ability to reimburse consumers who have been the victim of this type of deceit.
These are only a select few mechanisms that have been deployed to up the anti on the battle against fraud in the UK. The most interesting of all these developments is the use of Machine Learning in enabling a number of these tools. In a recent report produced by Finextra, in conjunction with Sift, several initiatives are discussed across the themes of leveraging data to better decipher transactional signals (false positives), predictive analysis to mimic behaviour, fast paced data analysis for real-time interventions, preventing account takeover fraud, and biometrics. For more information on these trends see The Advantage of Machine Learning in Preventing Fraud
In conclusion, there is much work to be done in this space, and as we move from PSD2, to Open Banking to Open Finance, winning the fraud battle becomes even more critical as data become more “Open”, and consumers will need further protections in this brave new world.