You can use the search function to find a range of UK Finance material, from consultation responses to thought leadership to blogs, or to find content on a range of topics from Capital Markets & Wholesale to Payments & Innovation.
Finance industry stops £2 in £3 of attempted unauthorised fraud Purchase scams revealed as the most common type of authorised push payment scam Criminals use social engineering to commit fraud, fuelled by information gained from data breaches
A total of £503.4 million was stolen by criminals through authorised and unauthorised fraud in the first six months of 2018, new data from UK Finance shows.
During the same period, the finance industry prevented £705.7 million of unauthorised fraud, equivalent to £2 in every £3 of attempted unauthorised fraud.
Newly-collected data, published for the first time, reveals that purchase scams were the most prevalent authorised push payment (APP) scam in the first half of 2018, accounting for almost two thirds of reported APP cases with a total of £19.4 million lost. In these scams the victim pays in advance for a product or service, such as a car, electronics or a holiday rental, which is never received or does not exist. It often takes place online, through auction websites or social media.
There was a total of 3,866 reported cases of impersonation scams in the first six months of 2018. In these scams the criminal purports to be from the police, bank and other organisations and tricks the victim into transferring money, often claiming there has been fraud on the account. The nature of these scams means the victim is often persuaded to transfer a significant sum, with an average loss in a police and bank impersonation scam of £11,402 and in other impersonation scams of £7,504.
Katy Worobec, Managing Director of Economic Crime at UK Finance, said:
Fraud and scams pose a major threat to our country. The criminals behind it target their victims indiscriminately and the proceeds go on to fund terrorism, people smuggling and drug trafficking, whether or not the individual is refunded. Every part of society must help to stamp out this menace, especially by stopping the data breaches which increasingly are fuelling fraud.
The finance industry is committed to fighting back, investing millions in security systems and cyber defences to protect customers. We have brought in new standards to ensure scam victims get the help they need from their payments provider; we are supporting law enforcement in disrupting the criminals and freezing stolen money; and we are assisting the government in improving intelligence sharing to extinguish the threat.
Authorised push payment (APP) scams
The APP scams data for January to June 2018 shows:
In an APP scam, the account holder is duped into authorising a payment to be made to another account. If a customer authorises the payment themselves, current legislation means that they have no legal protection to cover them for losses. UK Finance has been working with consumer groups and the Payment Systems Regulator on proposals to tackle these scams and to establish an industry code which clearly establishes the circumstances in which APP scam victims will be reimbursed by their payments provider.
UK Finance began collating data on APP scams for the first time last year. In the first half of 2017 there were 19,370 cases of APP scams reported, with £101.2 million in losses. However, the data published today is not directly comparable with the 2017 figures. At the start of 2018, new industry guidelines2 were introduced which have improved the identification and reporting of APP scams. Four additional banks also began reporting the data to UK Finance this January.
In context, there was a total of over 4.2 billion bank transfers made in 2017.
The enhanced data on APP scams, collated since the start of 2018, provides a breakdown by different scams, payment types and payment channels. The data shows the most prevalent type of APP scams were purchase scams, accounting for 63 per cent of cases. While CEO fraud had the least number of cases, it resulted in the highest average case value of £23,055.
Malicious payee (where the victim authorised a payment for what they believe are for legitimate purposes, usually to obtain goods or services, but it is a scam)3:
Malicious redirection (where the victim intends to pay a legitimate payee, but the criminal instead directs them to authorise a payment to fraudulent third party)4:
Unauthorised fraud
The unauthorised fraud data on payment cards, remote banking and cheques for January to June 2018 shows:
In an unauthorised fraudulent transaction, the account holder themselves does not provide authorisation for the payment to proceed and the transaction is carried out by a third-party.In the vast majority of cases, victims of unauthorised fraud would receive a full refund.
Industry action
The finance industry is tackling authorised and unauthorised fraud by:
Staying safe
Tony Blake, Head of Fraud Prevention at Dedicated Card and Payment Crime Unit, said:
Criminals are after your money and they are clever at getting it, impersonating people and organisations to groom even the savviest into acting. If you get a call, text, email or social media message asking for your personal or financial details or to transfer money, it could be a scam so stop, think and Take Five. Check every request is genuine by doing some research and contact the organisation using the details from their official website, a latest bill or statement.
To stay safe, customers are urged to follow the advice of the Take Five to Stop Fraud campaign:
Behind the data
Intelligence indicates that social engineering, in which criminals groom and manipulate people into divulging personal or financial details or transferring money, was the key driver of both unauthorised and authorised fraud losses in the first half of 2018.
Impersonation and deception scams are an all too common form of social engineering, where a fraudster contacts their victim by phone, text message, email or social media pretending to be a genuine person or organisation, such as a bank, the police, a utility company or a government department. The criminal then either tricks the individual into revealing personal or financial information, which is used to facilitate unauthorised fraud, or persuades their victim to authorise a payment to them.
Data theft also continues to be a major enabler of fraud and contributor to fraud losses. This occurs particularly through third-party data breaches, but also includes mail intercepts, malware and phishing. The stolen data is either used by criminals to commit fraud directly, for example card details are used to make an unauthorised purchase online, or it is used to target individuals in impersonation scams. Criminals also use the publicity surrounding data breaches as an opportunity to commit fraud, sometimes posing as the affected organisation.
<ol><li>The full set of authorised and unauthorised fraud and scams data for January to June 2018, including breakdowns by fraud type, is available <a href="/system/files/2018-half-year-fraud-update-FINAL.pdfDocument">here</a>. UK Finance has also today published a <a href="/fighting-fraud-helping-keep-customers-safe#overlay-context=criminals-steal-%25C2%25A3500m-through-fraud-and-scams-first-half-2018" target="_blank">report</a> on fraud threats and what the industry is doing to protect consumers. (Please note these figures and the report are both strictly embargoed until 23.00hrs Monday 24 September 2018). The fraud data for 2017, published in March, is available <a href="/finance-industry-stops-%C2%A314-billion-attempted-fraud#overlay-context=criminals-steal-%25C2%25A3500m-through-fraud-and-scams-first-half-2018">here</a>.</li> <li>The industry best practice guidelines set out principles for APP claim reporting standards: <ul><li>Banks will have 24-hour, 7-day dedicated staff trained in scam management to deal with and process APP scam complaints.</li> <li>The customer will only have to deal with their own bank or account provider. The victim?s bank will act as the intermediary between the victim and the beneficiary bank, and will be the victim?s sole point of contact.</li> <li>Banks have agreed on a set of necessary information, to be collated by the victim?s bank following APP scam complaints.</li> <li>The victim?s bank will collate and provide this information to the beneficiary bank and the latter will proceed with its investigation into the alleged scam.</li> <li>The beneficiary bank will conduct an investigation, recover funds where possible and appropriate, and return funds to the victim if it can.</li> <li>The banks will also collaborate more widely with each other on information to support investigations and protect victims.</li> </ul></li> <li>Types of malicious payee scam: <ul><li>Purchase scam: In a purchase scam, the victim pays in advance for goods or services that are never received. These scams usually involve the use of an online platform such as an auction website or social media. Common scams include the apparent the sale of a car or a technology product, such as a phone or computer, advertised at a low price to attract buyers. Criminals also advertise fake holiday rentals and concert tickets. While many online platforms offer secure payment options, the criminal will persuade their victim to pay via a bank transfer instead.</li> <li>Advance fee scam: In an advance fee scam, a criminal convinces their victim to pay a fee which would they claim would result in the release of a much larger payment or high value goods, however no such payment exists. These scams include the criminal claiming that the victim has won an overseas lottery or that gold or jewellery is being held at customs and a fee must be paid to release the funds or goods.</li> <li>Investment scam: In an investment scam, a criminal convinces their victim to move their money to a fictitious fund or to pay for a fake investment. The criminal usually offers high returns to entice their victim. These scams include investment in items such as gold, property, carbon credits, land banks and wine.</li> <li>Romance scam: In a romance scam, the victim is convinced to make a payment to a person they have met, often online through social media or dating websites, and with whom they believe they are in a relationship. The ?relationship? is often developed over a long period and the individual is convinced to make multiple, generally smaller, payments to the criminal.</li> </ul></li> <li>Types of malicious redirection scam: <ul><li>Invoice and mandate scam: In an invoice or mandate scam, the victim attempts to pay an invoice to a legitimate payee, but the scammer intervenes to convince the victim to redirect the payment to the scammer?s account. This type of fraud often involves email interception or compromise. It includes criminals targeting consumers posing as conveyancing solicitors, builders and other tradespeople, or targeting businesses posing as a supplier, and claiming that the bank account details have changed.</li> <li>Impersonation (police and bank): In this scam, the criminal contacts the victim purporting to be from either the police or the victim?s bank and convinces the victim to make a payment. Often the fraudster will claim there has been fraud on the victim?s account and they need to transfer the money to a ?safe account? to protect their funds. However, the criminal actually controls the recipient account. Criminals may pose as the police and ask the individual to take part in an undercover operation to investigate ?fraudulent? activity at a branch.</li> <li>Impersonation (other): In this scam, a criminal contacts the victim purporting to be from an organisation other than the police or the victim?s bank and asks the victim to make a payment. Fraudsters pose as organisations such as utility companies, communications service providers or government departments and claim that the victim must to settle a fictitious fine or to return an erroneous refund. The scams can often involve the criminal requesting remote access to the victim?s computer.</li> <li>CEO fraud: CEO fraud is where a victim attempts to make a payment to a legitimate payee, but the scammer manages to intervene by impersonating the CEO of the victim?s organisation to convince them to redirect the payment to the scammer?s account. This type of fraud mostly affects businesses. The criminal will either access the company?s email system or use spoofing software to email a member of the finance team with what appears to be a genuine email from the CEO with a request to change payment details or make an urgent payment to a new account.</li> </ul></li> <li>UK Finance is a trade association formed on 1 July 2017 to represent the finance and banking industry operating in the UK. It represents around 300 firms in the UK providing credit, banking, markets and payment-related services. The new organisation brings together most of the activities previously carried out by the Asset Based Finance Association, the British Bankers? Association, the Council of Mortgage Lenders, Financial Fraud Action UK, Payments UK and the UK Cards Association.</li> </ol>
22.04.24
19.04.24
17.04.24
By downloading this document, you understand and agree that any sharing, distribution or republishing of the content, without prior written authorisation from the author or content managers at UK Finance, shall be constituted as a breach of the UK Finance website terms of use.