UK Finance: Cross-sector cooperation needed to tackle rise in authorised push payment fraud

Banking and finance industry stopped over £1.8 billion of fraud in 2019. Unauthorised fraud losses fell to £825 million, down two per cent compared to the previous year.
Authorised push payment (APP) fraud losses rose to £456 million in 2019, driven in part by criminals abusing online platforms to scam their victims. UK Finance is calling for cross-sector approach to tackling fraud alongside legislation to combat the abuse of online platforms by criminals.
Victims have received £41 million in compensation in cases assessed under the APP voluntary Code introduced in May 2019.
UK Finance is urging customers to be aware of criminals exploiting the Coronavirus outbreak to commit fraud and to always follow the advice of the Take Five to Stop Fraud campaign.

The banking and finance industry prevented over £1.8 billion of fraud in 2019, up nine per cent on the previous year, the latest UK Finance Fraud the Facts report has revealed.

£824.8 million was stolen by criminals through unauthorised card, remote banking and cheque fraud during the same period, a fall of two per cent compared to the previous year. In addition, £456 million was lost to authorised push payment (APP) scams in 2019, where customers are tricked into authorising a payment to an account controlled by a criminal, up from £354 million the previous year.

UK Finance has also published separate figures for the first time on compensation for customers under the voluntary Code on APP fraud introduced on 28 May 2019. This data shows that customers have so far received £41 million in compensation in cases assessed under the Code since it was introduced, accounting for 41 per cent of the total losses in these cases. Compensation rates were higher for fraud cases involving losses of £10,000 or more, and for impersonation scams in which criminals imitate the police, banks or other organisations.

Katy Worobec, Managing Director of Economic Crime at UK Finance, said:

?The banking and finance industry is taking action on all fronts to protect its customers from fraud and crack down on the criminal gangs responsible. The introduction of the voluntary Code last May has meant more victims of authorised push payment fraud are receiving compensation, particularly in cases involving higher value losses and more sophisticated scams.

?However, criminal gangs are continuing to exploit online platforms to target customers directly and trick them into handing over their money or information. This shows why fraud and other economic crime should be included within the new regulatory framework for online harms, to ensure all sectors play their part in tackling the threat posed by fraud to our society. Only by working in partnership with the public sector and other industries can we protect innocent victims and prevent money getting into the hands of criminals.

?We would also urge the public to be vigilant against criminals using the publicity around the Coronavirus as a chance to target their victims with fraudulent emails, phone calls, text messages or social media posts. Always follow the advice of the Take Five to Stop Fraud campaign and take a moment to stop and think before parting with your money or information in case it's a scam.?

The data published today by UK Finance covers both unauthorised and authorised fraud.

Unauthorised fraud

In an unauthorised fraudulent transaction, the account holder themselves does not provide authorisation for the payment to proceed and the transaction is carried out by a third-party. Customers are legally protected against losses caused by unauthorised fraud. Industry research indicates that customers are fully refunded in over 98 per cent of unauthorised fraud cases.

Total losses due to unauthorised fraud across payment cards, remote banking and cheques in 2019 were £825 million, down two per cent compared to 2018. There were a total of 2,792,297 cases of unauthorised financial fraud, up five per cent on the previous year. Included within the overall total:

Losses due to unauthorised transactions on payment cards totalled £620.6 million in 2019, down eight per cent compared to 2018. The industry prevented £999.2 million in attempted unauthorised card fraud, equivalent to £6.17 in every £10 of attempted card fraud being prevented. Three-quarters of card fraud losses (£470.2 million) were due to remote purchase fraud, where stolen card details are used to buy something online, over the phone or via mail order.
Losses due to unauthorised remote banking fraud totalled £150.7 million in 2019, one per cent lower than the previous year. This category covers unauthorised fraud through internet banking, telephone banking and mobile banking. The industry prevented £268.8 million of attempted unauthorised remote banking fraud, equivalent to £6.41 in every £10 of fraud attempted being prevented.
Cheque fraud losses totalled £53.6 million in 2019, an increase of 161 per cent compared to 2018. This increase was largely driven by high-value transactions on counterfeit cheques targeting business accounts, with personal customers only accounting for a small fraction of total losses. £550.8 million of attempted unauthorised cheque fraud was prevented, equivalent to £9.11 in every £10 of attempted cheque fraud being stopped.

Authorised push payment (APP) fraud

In authorised push payment (APP) fraud, a customer is duped into authorising a payment to another account which is controlled by a criminal. This is sometimes referred to as bank transfer fraud.

APP fraud data for 2019 shows:

A total of £455.8 million was lost to APP fraud, split between personal (£317.1 million) and business (£138.7 million) accounts.
In total there were 122,437 APP fraud cases, split between personal (114,731) and non-personal (7,706 cases) accounts.
Financial providers were able to return a total of £116 million of the losses to victims, split between personal (£82.2 million) and business (£33.8 million) accounts.

APP fraud losses continue to be driven by the abuse of online platforms used by criminals to scam their victims. These include investment scams advertised on search engines and social media, romance scams committed via online dating platforms and purchase scams promoted through auction websites⁶. The banking industry-funded Dedicated Card and Payment Crime Unit (DCPCU) has seen some notable success in this area, taking down over 1,600 social media accounts linked to fraudulent activity in 2019. UK Finance is now calling on the government to add economic crime to the scope of online harm in its upcoming legislation, to ensure a coordinated approach is taken across sectors to tackling the threat posed by fraud⁷.

Voluntary Code on APP fraud

An industry voluntary Code was launched on 28 May 2019 that has introduced significant new consumer protections against authorised push payment (APP) fraud. Since this date, customers of a payment service provider that is signed up to the Code receive compensation if they fall victim to APP fraud, provided they meet the standards expected of them. Intelligence suggests that increased public awareness of the Code led to an increase in reporting by customers who fall victim to this type of fraud in 2019.

For the first time, UK Finance is publishing statistics relating to the cases assessed using the voluntary Code, covering the period from the introduction of the Code on 28 May 2019 until 31 December 2019. This data³ shows:

A total of £101.1 million was lost to APP fraud in cases assessed under the Code during this period, of which £41.3 million was reimbursed to victims (41 per cent of the total). This is a significant increase on the 19 per cent of APP losses that were reimbursed before the Code was introduced.
In total 50,311 cases have been assessed and closed since the Code was introduced. Of these, three-quarters involved values of less than £1,000, whilst only four per cent of cases involved losses of £10,000 or more. 43 per cent of losses were reimbursed in those cases involving values of £10,000 or more, compared to 30 per cent of losses reimbursed for cases involving values of less than £1,000.
For impersonation scams in which criminals impersonate other organisations to target their victims, 57 per cent of losses were reimbursed, the highest out of all eight scam types.
For purchase scams, 27 per cent of all losses were reimbursed, the smallest proportion of across all eight scam types.

Staying safe

UK Finance is urging customers to be aware of criminals using the publicity around Coronavirus as a chance to pose as a genuine organisation, including banks, police officers, government, the World Health Organisation or other health service providers. This follows a warning from the National Cyber Security Centre that criminals are exploiting fears over the Coronavirus outbreak to target victims online.

Fraudulent emails, phone calls, text messages or social media posts often claim to be able to help customers by providing a safe haven for their money, investment opportunities or even provide medical guidance. Using Coronavirus as a cover story, the criminal will then attempt to get recipients to disclose personal or financial information or click on links that may contain malware which they will then use for their own fraudulent purposes.

To stay safe from fraud and scams, customers are advised to follow the advice of the Take Five to Stop Fraud campaign:

Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.

Challenge: Could it be fake? It's ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.

Protect: Contact your bank immediately if you think you?ve fallen for a scam and report it to Action Fraud.

Ends

For more information please call the UK Finance press office on 020 7416 6750 or email press@ukfinance.org.uk

Notes to editor

<ol><li align="left">
UK Finance is the collective voice for the banking and finance industry. Representing more than 250 firms across the industry, we act to enhance competitiveness, support customers and facilitate innovation. 
</li>
<li align="left">
UK Finance only began collating data on APP fraud from 2017 onwards. Figures for 2019 are not directly comparable with those for previous years, as intelligence suggests that increased public awareness in the build-up to the introduction of the industry voluntary Code has led to an increase in reporting by customers who fall victim to this type of fraud. 
</li>
<li align="left">
Figures on cases assessed under the APP voluntary Code are already included in previous figures relating to all reported APP cases, and so these two data sets should not be added together. 
</li>
<li align="left">
The finance industry is committed to tackling fraud and scams by:</li>
</ol><ul class="rteindent1"><li align="left">
Investing in advanced security systems to protect customers, including real-time transaction analysis, behavioural biometrics on devices and technology to identify the different sound tones that every phone has and the environment that they are in. 
Delivering the Banking Protocol ? a ground-breaking rapid response scheme through which branch staff can alert police and Trading Standards to suspected frauds taking place. The system is now operational in every police force area and has <a href="https://www.ukfinance.org.uk/press/press-releases/%C2%A3100-million-fra…; over £100 million of fraud and enabled 664 arrests since it began being rolled out in 2016.</li>
<li align="left">
Helping customers stay safe from fraud and spot the signs of a scam through the <a href="https://takefive-stopfraud.org.uk/">Take Five to Stop Fraud</a> campaign. 27 major banks and buildings societies have signed up to the new <a href="https://takefive-stopfraud.org.uk/news/eight-in-ten-brits-would-be-emba… Five Charter</a>, bringing the industry together to give people simple and consistent fraud awareness advice. Signatories are required to use the Take Five campaign?s clear information on their websites, digital banking facilities, ATMs, social media, in branch displays and staff communications. 
Sponsoring a specialist police unit, the Dedicated Card and Payment Crime Unit (DCPCU), which tackles the organised criminal groups responsible for financial fraud and scams. In 2019, the unit <a href="https://www.ukfinance.org.uk/press/press-release/banking-industry-funde…; an estimated £31 million of fraud, secured 75 convictions and disrupted 23 organised crime groups.</li>
<li align="left">
Hosting and part-funding the government-led programme to reform the system of financial crime information sharing, known in the industry as Suspicious Activity Reports, so that it meets the needs of crime agencies, regulators, consumers and businesses. This forms part of the national <a href="https://www.gov.uk/government/news/criminals-to-face-fresh-crackdown-in… Crime Plan</a>, an ongoing partnership between the government, law enforcement and private sector.</li>
</ul><ol><li align="left" value="5">
Voluntary Code on authorised push payments (APP) fraud</li>
</ol><ul class="rteindent1"><li>
A new industry voluntary <a href="https://www.lendingstandardsboard.org.uk/wp-content/uploads/2019/05/CRM…; was launched in 28 May 2019 that has introduced significant new consumer protections against authorised push payment (APP) scams. The Code was developed by a Steering Group comprising of representatives from consumer groups and payment service providers (PSPs).
<ul><li>
Customers of a payment service provider that is signed up to the Code will be fully compensated if they fall victim to an APP scam, provided they did everything expected of them under the Code. </li>
<li>
Nine financial institutions, representing 19 consumer brands and over 85 per cent of authorised push payments, have signed up to the Code so far. A list of signatories can be found <a href="https://www.lendingstandardsboard.org.uk/contingent-reimbursement-model…;
<li>
In situations where both the customer and their payment service provider meet the required standards set out in the Code, a customer of a signatory firm who falls victim to an APP scam will still receive their money back. As an interim arrangement a number of the launch signatories of the Code established a dedicated fund to provide compensation in such cases from implementation until a new long-term funding arrangement is in place. In February, the seven launch signatories <a href="https://www.ukfinance.org.uk/press/press-releases/app-scams-voluntary-c…; to extend this funding until 31 December 2020 while the industry, regulators and government continue to discuss and agree a long-term funding solution.</li>
</ul></li>
</ul><ol><li align="left" value="6">
Behind the changing fraud figures: How criminals are abusing online platforms to commit fraud</li>
</ol><ul class="rteindent1"><li align="left">
Investment scams accounted £95.4 million of losses to APP fraud in 2019, the highest out of all eight scam types, with an average of £14,000 lost per case. FCA <a href="https://www.fca.org.uk/news/press-releases/fca-warns-public-investment-…; suggests that the rise in investment fraud is being driven in part by criminals targeting consumers online, for example through adverts on search engines or social media channels.</li>
<li align="left">
Purchase scams remained the most prevalent form of APP fraud in 2019, accounting for 60 per cent of all cases. These scams take place when a victim pays in advance for goods or services that are never received, and usually involve criminals abusing an online platform by placing adverts on an auction website or social media.</li>
<li>
Romance scams accounted for £18.1 million of losses to APP fraud in 2019. In a romance scam, the victim is convinced to make a payment to a person they believe they are in a relationship with, often having met online through social media or dating websites.</li>
<li>
Impersonation scams in which criminals imitated police or bank staff accounted for £84.1 million of losses to APP fraud in 2019. To commit this type of fraud, criminals will often research their victim first, including using information gathered from social engineering and data breaches in order to make their approach sound genuine. UK Finance is urging customers to follow the advice of the <a href="https://takefive-stopfraud.org.uk/">Take Five to Stop Fraud</a> campaign, and remember that criminals are experts at impersonating people, organisations and the police. Your bank or police will never contact you out of the blue to ask for your PIN, full password or to move money to another account.</li>
<li align="left">
Money mules: The number of children acting as ?money mules? has risen by 73 per cent in two years as criminals target youngsters on social media, according to <a href="https://www.ukfinance.org.uk/press/press-releases/parents-urged-help-st…; from Cifas. The banking industry-sponsored Dedicated Card and Payment Crime Unit (DCPCU) has worked with social media platforms to <a href="https://www.ukfinance.org.uk/press/press-release/banking-industry-funde… down</a> over 1,600 accounts linked to fraudulent activity in 2019, of which just under 500 were used to recruit people as money mules.</li>
</ul><ol><li align="left" value="7">
Online harms legislation: The need for a cross-sector approach to tackling fraud</li>
</ol><ul class="rteindent1"><li align="left">
The increasing use of social media and other online platforms as a vehicle to commit fraud underscores the importance of introducing an online harms regulatory framework that protects consumers to the best extent possible.</li>
<li align="left">
UK Finance is calling for economic crime to be included within the scope of the new regulatory framework. This would help to ensure that all sectors undertake efforts to remove vulnerabilities in their systems that can be exploited by criminals to commit fraud.</li>
<li align="left">
The government published its initial <a href="https://www.gov.uk/government/consultations/online-harms-white-paper/pu… response</a> on its Online Harms White Paper in February 2020, which acknowledged that a number of organisations suggested that economic harms such as fraud should be in scope.</li>
</ul>