Cross-sector cooperation needed to tackle rise in authorised push payment fraud
The banking and finance industry prevented over £1.8bn of fraud in 2019, up 9% on the previous year, the latest UK Finance Fraud the Facts report has revealed.
£824.8m was stolen by criminals through unauthorised card, remote banking and cheque fraud during the same period, a fall of 2% compared to the previous year. In addition, £456m was lost to authorised push payment (APP) scams in 2019, where customers are tricked into authorising a payment to an account controlled by a criminal, up from £354m the previous year.
UK Finance has also published separate figures for the first time on compensation for customers under the voluntary Code on APP fraud introduced on 28 May 2019. This data shows that customers have so far received £41m in compensation in cases assessed under the Code since it was introduced, accounting for 41% of the total losses in these cases. Compensation rates were higher for fraud cases involving losses of £10,000 or more, and for impersonation scams in which criminals imitate the police, banks or other organisations.
Katy Worobec, managing director of economic crime at UK Finance, said:
“The banking and finance industry is taking action on all fronts to protect its customers from fraud and crack down on the criminal gangs responsible. The introduction of the voluntary Code last May has meant more victims of authorised push payment fraud are receiving compensation, particularly in cases involving higher value losses and more sophisticated scams.
“However, criminal gangs are continuing to exploit online platforms to target customers directly and trick them into handing over their money or information. This shows why fraud and other economic crime should be included within the new regulatory framework for online harms, to ensure all sectors play their part in tackling the threat posed by fraud to our society. Only by working in partnership with the public sector and other industries can we protect innocent victims and prevent money getting into the hands of criminals.
“We would also urge the public to be vigilant against criminals using the publicity around the coronavirus as a chance to target their victims with fraudulent emails, phone calls, text messages or social media posts.
Always follow the advice of the Take Five to Stop Fraud campaign and take a moment to stop and think before parting with your money or information in case it’s a scam.”
The data published today by UK Finance covers both unauthorised and authorised fraud.
Unauthorised fraud
In an unauthorised fraudulent transaction, the account holder themselves does not provide authorisation for the payment to proceed and the transaction is carried out by a third-party. Customers are legally protected against losses caused by unauthorised fraud. Industry research indicates that customers are fully refunded in over 98% of unauthorised fraud cases.
Total losses due to unauthorised fraud across payment cards, remote banking and cheques in 2019 were £825m, down 2% compared to 2018. There were a total of 2,792,297 cases of unauthorised financial fraud, up 5% on the previous year. Included within the overall total:
- Losses due to unauthorised transactions on payment cards totalled £620.6m in 2019, down 8% compared to 2018. The industry prevented £999.2m in attempted unauthorised card fraud, equivalent to £6.17 in every £10 of attempted card fraud being prevented. Three-quarters of card fraud losses (£470.2m) were due to remote purchase fraud, where stolen card details are used to buy something online, over the phone or via mail order.
- Losses due to unauthorised remote banking fraud totalled £150.7m in 2019, 1% lower than the previous year. This category covers unauthorised fraud through internet banking, telephone banking and mobile banking. The industry prevented £268.8m of attempted unauthorised remote banking fraud, equivalent to £6.41 in every £10 of fraud attempted being prevented.
- Cheque fraud losses totalled £53.6m in 2019, an increase of 161% compared to 2018. This increase was largely driven by high-value transactions on counterfeit cheques targeting business accounts, with personal customers only accounting for a small fraction of total losses. £550.8m of attempted unauthorised cheque fraud was prevented, equivalent to £9.11 in every £10 of attempted cheque fraud being stopped.
Authorised push payment (APP) fraud
In authorised push payment (APP) fraud, a customer is duped into authorising a payment to another account which is controlled by a criminal. This is sometimes referred to as bank transfer fraud.
APP fraud data for 2019 shows:
- A total of £455.8m was lost to APP fraud, split between personal (£317.1m) and business (£138.7m) accounts.
- In total there were 122,437 APP fraud cases, split between personal (114,731) and non-personal (7,706 cases) accounts.
- Financial providers were able to return a total of £116m of the losses to victims, split between personal (£82.2m) and business (£33.8m) accounts.
APP fraud losses continue to be driven by the abuse of online platforms used by criminals to scam their victims. These include investment scams advertised on search engines and social media, romance scams committed via online dating platforms and purchase scams promoted through auction websites. The banking industry-funded Dedicated Card and Payment Crime Unit (DCPCU) has seen some notable success in this area, taking down over 1,600 social media accounts linked to fraudulent activity in 2019. UK Finance is now calling on the government to add economic crime to the scope of online harm in its upcoming legislation, to ensure a coordinated approach is taken across sectors to tackling the threat posed by fraud.
Voluntary Code on APP fraud
An industry voluntary Code was launched on 28 May 2019 that has introduced significant new consumer protections against authorised push payment (APP) fraud. Since this date, customers of a payment service provider that is signed up to the Code receive compensation if they fall victim to APP fraud, provided they meet the standards expected of them. Intelligence suggests that increased public awareness of the Code led to an increase in reporting by customers who fall victim to this type of fraud in 2019.
For the first time, UK Finance is publishing statistics relating to the cases assessed using the voluntary Code, covering the period from the introduction of the Code on 28 May 2019 until 31 December 2019. This data shows:
- A total of £101.1m was lost to APP fraud in cases assessed under the Code during this period, of which £41.3m was reimbursed to victims (41% of the total). This is a significant increase on the 19% of APP losses that were reimbursed before the Code was introduced.
- In total 50,311 cases have been assessed and closed since the Code was introduced. Of these, three-quarters involved values of less than £1,000, whilst only 4% of cases involved losses of £10,000 or more. 43% of losses were reimbursed in those cases involving values of £10,000 or more, compared to 30% of losses reimbursed for cases involving values of less than £1,000.
- For impersonation scams in which criminals impersonate other organisations to target their victims, 57% of losses were reimbursed, the highest out of all eight scam types.
- For purchase scams, 27% of all losses were reimbursed, the smallest proportion of across all eight scam types.
Staying safe
UK Finance is urging customers to be aware of criminals using the publicity around coronavirus as a chance to pose as a genuine organisation, including banks, police officers, government, the World Health Organisation or other health service providers. This follows a warning from the National Cyber Security Centre that criminals are exploiting fears over the coronavirus outbreak to target victims online.
Fraudulent emails, phone calls, text messages or social media posts often claim to be able to help customers by providing a safe haven for their money, investment opportunities or even provide medical guidance.
Using coronavirus as a cover story, the criminal will then attempt to get recipients to disclose personal or financial information or click on links that may contain malware which they will then use for their own fraudulent purposes.
To stay safe from fraud and scams, customers are advised to follow the advice of the Take Five to Stop Fraud campaign:
Stop: Taking a moment to stop and think before parting with your money or information could keep you safe
Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
