UK Finance: Fraud is Down But Over £1billion is Still Stolen by Criminals – What’s Next for the UK?
Last year, UK Finance announced that over £1.2billion was stolen through fraud throughout 2022. However, in its latest report published today, the UK banking and financial services trade association announced that there was a four per cent decrease in the amount stolen to £1.17billion in 2023. While this is a step in the right direction, is this enough?
In its Annual Fraud Report 2024, UK Finance detailed the amount its members reported as stolen through payment fraud and scams, with a primary focus on authorised push payment (APP) fraud and unauthorised fraud.
Commenting on the report, Ben Donaldson, managing director of economic crime at UK Finance, said: “Nearly £1.2billion was stolen from customers in 2023 and the criminals who commit these crimes destroy lives and damage our society.
“The money stolen funds serious organised crime and victims often suffer emotional damage as fraud is a pernicious and manipulative crime.
“The financial services industry remains at the forefront of efforts to protect customers, prevent fraud and support those who fall victim. With reimbursement rules set to change we risk even more money getting into criminal hands, unless the technology and telecommunication sectors take proper action to stop the fraud that proliferates on their platforms and networks.”
Unauthorised fraud losses
Unauthorised fraud is when your card details are used by someone else without your permission. However, throughout 2023, UK Finance revealed that fraudsters did not physically need a card in order to attempt unauthorised fraud.
The report found that card ID theft increased, with losses up 53 per cent to £79.1million, as many criminals reverted to stealing ID and falsely applying for new credit cards or account takeovers, were they not able to trick someone through APP.
While this is a worrying stat, UK Finance also revealed that banks were able to prevent £1.25billion in unauthorised fraud; an increase on the previous year. Furthermore, of those impacted by unauthorised fraud, 98 per cent were fully refunded.
Looking at this type of fraud beyond card ID theft, UK Finance announced that losses due to unauthorised transactions across payment cards, remote banking and cheques were £708.7million this year, down three per cent compared to 2022.
What has caused unauthorised fraud to drop?
One of the main contributors to the overall fall in payment card fraud losses was a nine per cent fall in remote purchase losses, the fifth consecutive year of declines in this fraud space. The roll-out of strong customer authentication (SCA) over the past two years has helped to reduce this type of fraud by verifying customer’s identity.
Commenting on these findings, Worldpay’s head of business development, EMEA, Silvia Mensdorff Pouilly said: “It’s encouraging to see UK card-not-present [remote] fraud losses falling to their lowest in almost a decade in today’s figures released by UK Finance.
“While the data shows that e-commerce card fraud losses in the UK have decreased by nine per cent, thanks in part to the implementation of SCA, fraud remains an ever-present challenge with criminals continuing to evolve the ways in which they target both consumers and merchants.
“The payments industry needs to continually innovate and invest in systems to help mitigate the threat of fraud. In this regard, the industry has been leveraging AI and machine learning capabilities for more than a decade now and we are seeing a clear benefit to our customers in areas like payment authorisations, real-time fraud analysis, fraud detection and reducing false positives.”
Where crime has increased
Mensdorff Pouilly continued: “UK Finance data tells a different story at Point-of-Sale, where face-to-face card payment fraud losses have increased by a quarter. Our data indicates that card payments account for over 76 per cent of transaction value at POS. As consumer demand for convenience is leading shoppers to expect more seamless ways to pay, the industry has a fine balance to strike in ensuring that both consumers and merchant are protected to retain trust in a varied payments ecosystem.
“Here, digital wallets, with their enhanced security through biometric authentication, could hold the key to helping reduce instances of fraud. In addition to this, it’s imperative the industry comes together to educate both consumers and merchants and bolster fraud prevention without impeding innovation.”
Authorised Push Payment (APP) fraud losses
Authorised push payment (APP) fraud losses were £459.7million, down five per cent compared to last year. This comprised £376.4million of personal losses and £83.3million of business losses.
Over 81 per cent of APP fraud losses were from personal accounts, equating to £376.4million. In total, APP fraud was the cause of £459.7million being lost (including business losses too: £83.3million). Similarly to unauthorised fraud, while the figure still seems extortionate, it is down five per cent from 2022.
Purchase scams
Although less money was stolen, the total number of APP cases was up 12 per cent to 232,429. The main driver behind this was purchase scams. This is where people are tricked into paying for goods that never materialise.
The total number of these cases rose 34 per cent to over 156,000, while the amount lost rose 28 per cent to £85.9million making it the highest loss and case total ever recorded. Purchase scams accounted for 67 per cent of the total number of APP cases.
Romance scams
However, this type of scam isn’t the only cause for concern. Fraudsters abusing romance scams also utilise APP, tricking victims into believing they are in a relationship before stealing their money. This type of fraud also hit all-time highs in terms of losses and cases, which were up by 17 per cent (to £36.5million) and 14 per cent respectively.
Impersonation scams
There has been significant investment made in warning consumers that a bank will never ask someone to transfer money over the phone in a panic with the looming threat that a criminal is in their account, trying to steal funds. As a result, the number of fraud cases where criminals impersonate a bank or the police and convince someone to transfer money to a ‘safe account’ fell by 37 per cent and the amount lost to this type of fraud fell by 28 per cent.
In total, £287.3million of APP losses was returned to victims in 2023 or 62 per cent of the total loss. This has increased from 59 per cent in 2022.
One reason more users have been able to be reimbursed is due to the Contingent Reimbursement Model (CRM) Code launched in 2019.
A spokesperson from the Lending Standards Board, the UK regulatory body, said: “The Contingent Reimbursement Model (CRM) Code has been instrumental in driving up reimbursement rates for Authorised Push Payment (APP) fraud and building a consistent approach to preventing and detecting scam across its signatory firms.
“Overall reimbursement rates for APP fraud have more than doubled since the Code was introduced, while the Financial Ombudsman Service has said it receives more complaints about APP fraud from non-Code firms – partly because Code signatories have better prevention measures in place.
“We’re proud of the role the Code has played in improving outcomes for people if they do fall victim to APP fraud – and in stopping people from becoming victims in the first place.”
Authorised Push Payment enablers
APP fraud losses continued to be driven by the abuse of online platforms and telecommunications. Not only do criminals take advantage of these platforms to encourage the transfer of money through investment, romance or purchase scams but criminals also use scam phone calls, text messages and emails to trick people into handing over personal details and passwords.
Over the past year, criminals have fallen into a pattern. They will initially focus on obtaining personal information from their victims, and then try and persuade them into sending money. If this initial APP scam doesn’t work, they will then utilise the data they have gathered and attempt to take control of the victim’s existing accounts or apply for credit cards in their name.
UK Finance data on the sources of APP fraud shows:
- 76 per cent of APP fraud cases originated from online sources. These cases tend to be lower-value scams, such as purchase scams, and so account for 30 per cent of total losses.
- 16 per cent of cases originated in telecommunications and these tend to include higher value cases, such as impersonation fraud, and so account for 43 per cent of total losses.
What’s next?
Pedro Barata, chief product officer at Feedzai, the fraud section solution provider, who have sponsored the report, said: “Scam mitigation has never been more important and although it’s promising that there’s been a slight decrease in the amount stolen through fraud compared to last year – there’s clearly more that can be done to protect consumers.”
This sentiment was shared across the industry. Silvija Krupena, director of the financial intelligence unit at paytech. RedCompass Labs, commented: “While the small reduction in fraud over the past year might seem like a move in the right direction, it’s nowhere near enough. Losing nearly £1.2billion to criminals is a major problem.
“To tackle this scourge holistically, we need to see more action from social media platforms where most of the fraud originates. This is in addition to payment firms tracking the money movements, and law enforcement bringing criminals to justice.”
The Payments System Regulator’s (PSR) APP reimbursement scheme
Krupena continued: “The PSR’s reimbursement scheme has the potential to add further fuel to this fire by requiring payment firms to pay for the problem while criminals keep the stolen money. Instead, the industry should leverage the latest technologies and an integrated approach to detecting and investigating fraud and money laundering to identify the criminals behind these scams and prevent them from happening again.
“If tackled holistically and proportionally, this could save hundreds of millions of pounds from being stolen and, most importantly, protect more people from having their savings disappear and lives turned upside down by criminals.”
Kate Frankish, chief business development officer at Pay.UK, the retail payments authority also highlighted the importance of the upcoming APP fraud reimbursement scheme saying: ‘To make the best impact for the UK we have to come together to provide an even better detection and prevention around fraudulent activity, and to ensure equal outcomes for banking customers through reimbursement – the incoming APP fraud reimbursement is a step in the right direction.
“We have to work together across industries to ensure all customers are protected against fraud, regardless who they bank with.”
Figures are set to grow
Ignatius Adjei, UK financial services head of anti-fraud services, KPMG UK noted how the new reimbursement scheme, while a good thing will lead to higher fraud figures: “Over the past year, banks have seen a continued uptick in innovative digital tactics used by fraudsters. AI, in particular, is starting to make it harder for consumers to identify when fraud is happening.
“For example, AI-generated images and deep fake video technology are being used as part of romance and ‘get rich quick’ investment scams to persuade people to part with their money. Mobile banking fraud has also soared as a result of fraudsters taking advantage of the growing number of people enjoying the convenience of banking apps.
“Whether or not the actual number of crimes committed changes, there will probably be an increase in reported fraud over the coming year. This is due to new APP fraud reimbursement rules by the Payments Systems Regulator, encouraging more victims to report, as currently, according to the National Crime Agency, 86% of fraud goes undocumented.”
The government has a role to play in ensuring firms are doing the right thing
Rocio Concha, Which? director of policy and advocacy, added: “This is another shocking set of fraud figures and underlines the huge amount of work the government and businesses in different sectors must do to get a grip on this crisis as a new generation of AI-powered scams emerges.
“The Online Safety Act should finally mean accountability and multi-million pound fines for tech firms that fail to stamp out scams on their platforms – but these companies must act ahead of new rules taking effect, as every day that passes means more lives devastated by fraud.
“Fraudsters can only operate where banks and payment providers fail to put effective security measures in place so ministers must resist calls from finance firms to slash the scam reimbursement limit for victims of authorised push payment fraud by more than 90 per cent and instead tell them to get their houses in order. The government rightly prioritises growth, but growth built on the backs of scam victims and financial crime is not acceptable.
“The next government must make fraud a national priority and appoint a dedicated Fraud Minister tasked with working across departments and with industry to develop and deliver a clear strategy to stop organised crime so people are less likely to be targeted by scammers or face devastating financial and emotional consequences if they do become victims.”