Online Banking Fraud Hits Three-year High

[Peaches]

October 8, 2009

Online banking fraud hits three-year high

Sophisticated software beating banks' defences

Jeremy Kirk

Online banking fraud in the UK has risen to the highest level in at least three years while card-related losses fell in most categories, according to new industry figures.

Online banking fraud increased 55 percent to £39 million in the first six months of the year compared to the same period a year ago, said Financial Fraud Action UK (FFA), formerly known as APACS. FFA collects data reported by UK financial institutions.

FFA attributed the rise to sophisticated malicious software programs that infect vulnerable consumer computers. FFA also counted 26,000 phishing sites, which are fraudulent websites designed to trick people into divulging their log-ins and passwords.

The rise in banking fraud comes as UK banks have taken more rigorous measures to combat online fraud. While banks in the US, for example, often only require a log-in and password to get access to online banking, UK banks often have several more steps.

For example, NatWest - owned by the Royal Bank of Scotland Group - requires customers to enter their birth date plus a unique four digit code. During the second step, a person is prompted to enter some digits of a separate four-digit PIN (Personal Identification Number), which is not the same as the person's ATM card.

Then, the website asks for another password, but only specific parts of it, such as the second, four and seventh letter. NatWest asks for a different combination every time. If you fail to log in successfully, the account can't be accessed online.

Nonetheless, most bank security measures are defeatable if a person falls victim to a phishing scam and sends a fraudster their authentication credentials.

Card fraud, however, remains more costly. For the first half of this year, it amounted to £232.8 million, but that was down 23 percent compared to January to June 2008. It's the first time that the overall card fraud figure has declined, said Michelle Whiteman, FFA spokeswoman.

FFA attributes that decline to the use of chip-and-PIN technology. Point-of-sale card readers and ATMs check for the presence of a microchip that uses cryptographic keys to enable a transaction, and a person must enter a four-digit PIN.

Unless the fraudster knows the PIN, the cards can't be used to make in-person purchases.

It doesn't stop a fraudster, however, from trying to use chip-and-PIN cards to buy goods online, known as card-not-present fraud. But that kind of fraud also dropped this year by 18 percent to £134 million.

The reason, the FFA believes, is increased enrollment in Verified by Visa from Visa and SecureCode from MasterCard. For retailers that implement those programmes, customers must enter a unique password before completing a purchase online. The measure is still defeatable by a successful phishing attempt, however.

Other categories of fraud that saw significant declines included counterfeit cards, fraud on lost or stolen cards and non-receipt of cards through the mail. The only category that rose was card ID theft, which increased 23 percent to £23.9 million.

Story PC Advisor - http://www.pcadvisor.co.uk/news/index.cfm?newsid=3203567