Criminals exploit Covid-19 as fraud moves increasingly online

  • Unauthorised fraud fell by eight per cent to £374.3 million in first half of 2020, as the banking industry prevented £853 million of losses.
  • Criminals are exploiting and adapting to Covid-19 with a rise in online data harvesting and a fall in cheque and contactless card fraud.
  • £207.8 million was lost to Authorised Push Payment (APP) fraud, in line with the same period last year. Finance providers were able to return £73.1 million of APP fraud losses to victims, up 86 per cent compared to last year.
  • £47.9 million of losses were reimbursed to victims under APP voluntary Code in first half of 2020. UK Finance is calling for legislation to ensure greater consistency for customers.

Losses to unauthorised fraud fell by eight per cent in the first half of this year to £374.3 million, figures from UK Finance's half-year fraud report1 for 2020 have revealed. 

The banking and finance industry prevented £853 million of attempted unauthorised fraud over the same period, up four per cent on the previous year, as firms continue to invest in advanced security systems2 to detect and block fraudulent activity. It means that almost £7 in every £10 of attempted fraud was blocked in the first half of this year.

UK Finance is warning that criminals have been exploiting and adapting to Covid-19 with a growth in fraud and scams that target people online. Many of these scams harvest customers? personal and financial details, for example through phishing emails or smishing text messages impersonating trusted organisations. There is often a delay between criminals obtaining people's details and using them to commit fraud, meaning the full losses from Covid-19 related scams in the first half of this year are likely to not yet have been fully realised. Customers are reminded to follow the advice of the Take Five to Stop Fraud campaign and always take a moment to stop and think before parting with their money or information in case it's a scam.

The figures also suggest criminals have been turning away from more traditional forms of fraud due to the impact of the pandemic. Contactless card fraud, which takes place using lost and stolen cards, fell by 20 per cent to £8.2 million, the first year-on-year decrease since this data started being collected in 2013. This is likely to be related to the reduced number of face-to-face transactions by consumers using contactless cards during the lockdown. Cheque fraud losses also saw a significant fall of 78 per cent to £6.4 million, which is likely to have been driven by the reduced use of cheques during the lockdown period and the increased use of advanced security features on business cheques.

£207.8 million was lost to authorised push payment (APP) fraud in the first half of 2020, which takes place when a customer is tricked into making a payment to another account that is controlled by a criminal. This is in line with losses in the same period last year. Banks and other finance providers were able to return £73.1 million of the overall losses from APP fraud to victims, an 86 per cent increase on the sum returned in the same period in 2019. Losses to investment scams rose by 27 per cent to £55.2 million in the first half of 2020, the largest increase of any scam type.

APP fraud continues to be driven by the abuse of online platforms, including investment scams promoted on search engines and social media, fake goods listed on auction websites and criminals posing as would-be partners on online dating platforms. UK Finance is calling for fraud to be included in the scope of the government's new online harms regulatory framework, to help ensure that online platforms address vulnerabilities that are being exploited by criminals to commit fraud.

Katy Worobec, Managing Director of Economic Crime at UK Finance, said:

Criminals have ruthlessly adapted to this pandemic with scams exploiting the rise in people working from home and spending time online. These range from investment scams promoted on social media and search engines to the use of phishing emails and fake websites to harvest people's data.

?The banking industry is working hard to protect customers from this threat, with almost £7 in £10 of fraud prevented in the first half of this year. But we need the public to remain vigilant against scams and remember that criminals are experts at exploiting events like Covid-19 to impersonate trusted organisations. Always take a moment to stop and think before parting with your money or information, and don't let a criminal rush or panic you into making a decision that you?ll later come to regret.

UK Finance has also published separate figures for the second time on compensation for customers under the voluntary Code on APP fraud, introduced on 28 May 2019 following work between the banking industry, consumer groups and the Payment Systems Regulator3. Customers of a payment service provider that is signed up to the Code are reimbursed if they fall victim to APP fraud, provided they did everything expected of them under the Code. Nine payment service providers, representing 19 consumer brands and over 85 per cent of authorised push payments, have signed up to the Code so far.

Customers received £47.9 million in compensation in cases assessed under the Code in the first half of this year. This accounted for 38 per cent of the £126.5 million in losses in cases assessed under the Code during this period. It means a total of £89.2 million has been reimbursed to customers under the APP voluntary Code since it was launched on 28 May 2019. This figure does not include all money returned to APP fraud victims in all cases, for example in some instances where the customer was found at fault under the Code but the bank was able to trace and return the original stolen funds.

Compensation rates were higher for more sophisticated scams and those involving higher, life-changing sums of money.  54 per cent of losses were reimbursed under the Code for scams in which criminals impersonate banks or the police, which saw an average loss per case of £4,460. This compares to just 22 per cent of losses being reimbursed for purchase scams, where the customer pays in advance for goods or services that are never received, and which have an average loss per case of £720.

UK Finance is backing calls from consumer groups and MPs for legislation to be introduced to put the voluntary Code on a statutory footing. This would help ensure more consistent outcomes for customers and mean the Code applies to firms across the banking and finance industry. The trade body is also calling on regulators and the government to deliver a long-term, sustainable funding arrangement for APP cases where neither the customer nor the bank is at fault.

Katy Worobec added:

The voluntary Code, developed by the banking industry alongside consumer groups, has led to more victims being reimbursed particularly for higher value and more sophisticated scams.

?However, it is now clear that the voluntary Code is not delivering consistent outcomes and that new legislation is needed to deliver certainty for both firms and their customers.

?This should go hand in hand with progress towards a sustainable funding solution for cases in which neither the customer or bank is at fault, and a stronger regulatory framework to ensure online platforms and other sectors play their part in tackling fraud.

Staying safe

UK Finance is urging customers to follow the advice of the Take Five to Stop Fraud campaign, and remember that criminals are experts at impersonating people, organisations and the police. rs down for just a moment. Stop and think. It could protect you and your money.

  • Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.
  • Challenge: Could it be fake? It's ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
  • Protect: Contact your bank immediately if you think you?ve fallen for a scam and report it to Action Fraud.
Area of expertise:

Notes to editor

<p>UK Finance is the collective voice for the banking and finance industry. Representing more than 250 firms across the industry, we act to enhance competitiveness, support customers and facilitate<br />
innovation.</p>
<ol><li>
UK Finance?s 2020 Half Year Fraud Update can be found <a href="https://www.ukfinance.org.uk/policy-and-guidance/reports-publications/2…;
<li>
The banking and finance industry is committed to tackling fraud and scams by:</li>
</ol><ul class="rteindent1"><li>
Investing in advanced security systems to protect customers, including real-time transaction analysis, behavioural biometrics on devices and technology to identify the different sound tones that every phone has and the environment that they are in.</li>
<li>
Working closely with the government and law enforcement to tackle fraud through a national <a href="https://www.gov.uk/government/news/criminals-to-face-fresh-crackdown-in… Crime Plan</a>, including regularly exchanging information and coordinating responses to emerging threats such as scams linked to Covid-19.</li>
<li>
Delivering the <a href="https://www.ukfinance.org.uk/press/press-releases/bank-branch-staff-and… Protocol</a> ? a ground-breaking rapid response scheme through which branch staff can alert police and Trading Standards to suspected frauds taking place. The system is now operational in every police force area and has prevented £116 million of fraud and led to 744 arrests since it began being rolled out in 2016.</li>
<li>
Working with text message providers and law enforcement to <a href="https://www.ukfinance.org.uk/press/press-releases/banking-and-mobile-in…; scam text messages including those exploiting the Covid-19 crisis. 821 unauthorised sender IDs are currently being blocked to prevent them being used to send scam text messages mimicking trusted organisations, including 70 related to Covid-19</li>
<li>
Working with the regulator <a href="https://www.ofcom.org.uk/__data/assets/pdf_file/0034/194974/nuisance-ca…; to crack down on number spoofing, including through the development of a ?do not originate? list. Ofcom has said this work has led to significant successes in preventing criminals from spoofing the phone numbers of trusted organisations. For example, when HMRC added numbers to this list they reported reducing ?to zero the number of phone scams spoofing genuine inbound HMRC numbers.?</li>
<li>
Helping customers stay safe from fraud and spot the signs of a scam through the <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F74n5c… Five to Stop Fraud</a> campaign. 27 major banks and buildings societies have signed up to the new<a href="https://takefive-stopfraud.org.uk/news/eight-in-ten-brits-would-be-emba… Five Charter</a>, bringing the industry together to give people simple and consistent fraud awareness advice.</li>
<li>
Sponsoring a specialist police unit, the Dedicated Card and Payment Crime Unit (DCPCU)<strong>,</strong> which tackles the organised criminal groups responsible for financial fraud and scams. In the first half of 2020, the unit <a href="https://www.ukfinance.org.uk/news-and-insight/blogs/dcpcu-prevents-12-p…; an estimated £12.5 million of fraud, secured 30 convictions, and disrupted seven organised crime groups (OCGs).</li>
<li>
Introducing a <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F74n5c… code</a> to better protect customers and reduce the occurrence of authorised push payment (APP) fraud. The code became effective for signatory firms on 28 May 2019.</li>
<li>
Working with Cifas on the Don?t Be Fooled campaign, which aims to inform students and young people about the risks of giving out their bank details, and deter them from becoming money mules. The campaign website is here: <a href="http://moneymules.co.uk/">http://moneymules.co.uk/</a></li&gt;
<li>
Working with Pay.UK to implement the <a href="https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2F74n5c… Insights Tactical Solution (MITS)</a>, a technology that helps to track suspicious payments and identify money mule accounts.</li>
</ul><ol><li value="3">
<strong>Authorised push payments voluntary code</strong></li>
</ol><ul class="rteindent1"><li>
An industry voluntary <a href="https://www.lendingstandardsboard.org.uk/wp-content/uploads/2019/05/CRM…; was launched in 28 May 2019 that has introduced new consumer protections against authorised push payment (APP) fraud. The Code was developed by a Steering Group comprising of representatives from consumer groups and payment service providers (PSPs).</li>
<li>
Customers of a payment service provider that is signed up to the Code will be fully reimbursed if they fall victim to an APP scam, provided they did everything expected of them under the Code. </li>
<li>
Nine payment service providers, representing 19 consumer brands and over 85 per cent of authorised push payments, have signed up to the Code so far. A list of signatories can be found <a href="https://www.lendingstandardsboard.org.uk/contingent-reimbursement-model…;
<li>
In situations where both the customer and their payment service provider meet the required standards under the the Code, a customer of a signatory firm who falls victim to an APP scam will still receive their money back. To fund this compensation, a number of launch signatories of the Code established an interim funding arrangement to provide reimbursement until a long-term solution is in place. In February, it was <a href="https://www.ukfinance.org.uk/press/press-releases/app-scams-voluntary-c…; that this interim funding arrangement is being extended to 31 December 2020, to  give more time for regulators, government and the industry to deliver a long-term, sustainable funding arrangement.</li>
</ul><p> <strong>Executive summary of fraud figures for first half of 2020</strong></p>
<p> <strong>Unauthorised fraud</strong></p>
<p> <em>In an unauthorised fraudulent transaction, the account holder themselves does not provide authorisation for the payment to proceed and the transaction is carried out by a third-party. Customers are legally protected against losses caused by unauthorised fraud. Industry research indicates that customers are fully refunded in over 98 per cent of unauthorised fraud cases.</em></p>
<p> Total losses due to unauthorised fraud across payment cards, remote banking and cheques in the first half of 2020 were £374.3 million. This is a decrease of eight per cent compared to the first half of 2019. There were a total of 1,397,420 cases of unauthorised financial fraud. Included within the overall total:</p>
<ul><li>
Losses due to unauthorised transactions on payment cards decreased by eight per cent to £288.2 million. The industry prevented £487.2 million in attempted unauthorised card fraud, in line with the same period in 2019. Over three-quarters of card fraud losses (£222 million) were due to remote purchase fraud, where stolen card details are used to buy something online, over the phone or via mail order.</li>
<li>
Losses due to unauthorised remote banking fraud totalled £79.7 million in the first half of 2020. This is an increase of 21 per cent compared to the same period in 2019, but down six per cent compared to the £84.9 million of losses in the second half of last year. This category covers unauthorised fraud through internet banking, telephone banking and mobile banking. Banks prevented £181.5 million of attempted unauthorised remote banking fraud in the first half of 2020, up 40 per cent on the same period the previous year.</li>
<li>
Cheque fraud losses fell by 78 per cent to £6.4 million compared to the same period last year. Intelligence suggests this fall was driven by the reduced use of cheques during the lockdown period as well as increased use of advanced security features on cheques to identify fraudulent ones as they go through the clearing process. Over £184 million of attempted unauthorised cheque fraud was prevented, a fall of nine per cent compared to the first half of 2019.</li>
</ul><p> <strong>Authorised push payment fraud</strong></p>
<p> <em>Authorised push payment (APP) fraud occurs when a customer is duped into authorising a payment to another account which is controlled by a criminal. </em></p>
<p> The APP fraud data for the first half of 2020 shows:</p>
<ul><li>
A total of £207.8 million was lost to APP fraud, in line with the same period last year. This was split between personal accounts (£164.1 million) and non-personal or business accounts (£43.7 million).</li>
<li>
There were a total of 66,247 APP fraud cases, split between personal accounts (63,186 cases) and non-personal accounts (3,061 cases).</li>
<li>
Financial providers were able to return a total of £73.1 million of the losses to victims, an 86 per cent increase on the sum returned in the same period in 2019.</li>
</ul><p> Investment scams, in which a criminal convinces their victim to move their money to a fictitious fund or to pay for a fake investment, saw the highest increase in losses of any scam type. £55.2 million was lost to this type of fraud, an increase of 27 per cent compared to the same period last year.</p>
<p> Purchase scams, in which the victim pays in advance for goods or services that are never received, remained the most common form of APP fraud in the first half of 2020. These scams accounted for 57 per cent of the total number of APP fraud cases in the first half of 2020. The lower average case values mean that they accounted for just 13 per cent of the total value of APP fraud in the same period.</p>
<p> <strong>Code</strong></p>
<p> Under industry voluntary <a href="https://www.lendingstandardsboard.org.uk/wp-content/uploads/2019/05/CRM…; on APP scams introduced on 28 May 2019, customers of a signatory payment service provider will receive compensation if they fall victim to APP fraud, provided they meet the standards expected of them.</p>
<p> For the second time, UK Finance is publishing statistics relating to the cases assessed under the voluntary Code, covering first half of this year from 1 January 2020 until 30 of June 2020. This data shows:</p>
<ul><li>
A total of £126.5 million was lost to APP fraud in cases assessed under the Code during this period, of which £47.9 million was reimbursed to victims (38 per cent of the total). This is a significant increase on the 19 per cent of APP losses that were reimbursed before the Code was introduced.</li>
<li>
In total 61,333 cases were assessed and closed under the Code during this period. Of these, 77 per cent involved values of less than £1,000, whilst only 4 per cent of cases involved the more life-changing sums of £10,000 plus.</li>
<li>
40 per cent of losses were reimbursed in those cases involving values of £10,000 or more, compared to 30 per cent of losses reimbursed for cases involving values of less than £1,000.</li>
<li>
Reimbursement levels were higher for more sophisticated scams in which criminals impersonate other organisations to target their victims. 54 per cent of losses were reimbursed for bank and police impersonation scams, the highest out of all eight scam types.</li>
<li>
For purchase scams, 22 per cent of all losses were reimbursed, the smallest proportion of across all eight scam types.</li>
<li>
These figures do not include all money returned to APP fraud victims in all cases, for example in some instances where the customer was found at fault under the Code but the bank was able to trace and return the original stolen funds.</li>
</ul>