Last week we saw Financial Fraud Action release their 2012 annual fraud figures for the UK banking industry. Two of the stand-out figures relate to the online channel:

  • Online banking fraud rose 12 per cent, reversing the pattern of declining losses since 2009;
  •  Losses on card-not-present transactions rose 11 per cent, the highest in three years, albeit in the context of increased online spending.

These figures represent only a partial view of the overall picture, but they are nonetheless a useful indicator of wider trends across financial services and beyond. Fraud enabled and perpetrated through online channels is once again on the rise, but what are the stories behind these numbers? I have identified four key factors:

1. Low barriers to entry

The online fraud supply chain has become increasingly commoditised. Malware code, infected devices, phishing kits, compromised credentials and mule networks are all available as services to be purchased by growing numbers of less skilled and experienced fraudsters, contributing to the rise in attacks.

2. Few deterrents

Successful prosecutions of the individuals involved in online fraud remain few and far between and stolen funds are rarely recovered. This means that online fraud remains an attractive business.

3. Sophistication and scale

2012 saw record numbers of phishing attacks targeting financial services organisations, with fraudsters seeking to compromise a wide range of personal data from customers. At the same time, malware targeting online services is becoming increasingly sophisticated, with fraudsters rapidly adapting to any changes in the control environment.

4. Wider focus, new targets

I believe that previous successes in mitigating online fraud, particularly in the large retail banks, have forced fraudsters to search for new organisations and online services that are most vulnerable to targeted attacks. In financial services, this means online banking for commercial and corporate customers; building societies and regional banks with online banking; and emerging mobile banking and mobile payments services. However, the reported rise in online banking fraud is indicative of a wider trend, impacting not just banks, but retailers and gaming businesses with online and mobile commerce channels too.

It is important to remember that financial losses are just one part of the impact of online fraud.. The British Retail Consortium estimates that retailers suffered online fraud losses of £77m in 2011-12, yet total costs, as a result of investments in improved security, the erosion of customer trust and lost revenue, were considerably higher.

The growing sophistication of digital fraud threats continues to outpace traditional fraud management controls.  This, combined with the widening focus of attacks, threatens the ability of many organisations to effectively protect themselves and their customers. Given the speed with which attacks can be perpetrated, it is essential that timely and appropriate action is taken by organisations to avoid the consequences of digital fraud, including considerable financial losses and costly reputational damage.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.