Online fraud continues to soar

Online banking fraud has risen sharply this year mainly because phishing attacks remain successful.

Figures released today from APACS, the UK payments association show these losses have risen by 55 per cent, from £14.5m in the first six months of 2005 to £22.5m in the same period this year.

Cash machine fraud has also risen by 37 per cent to £39.6m mainly because criminals create counterfeit cards using skimming devices at ATMs. These devices copy the information held on a card's magnetic strip and capture PINs at cash machines using hidden cameras.

Losses from online, phone and mail order fraud have also grown but APACs said only slowly compared to the growth in the number of online transactions.

It said more than 26.4 million people now shop online with an estimated 372 million transactions being undertaken last year. The majority of the fraud involves a criminal obtaining genuine card details in the real world that are then used to shop online.

However, APACs research shows consumers are in part to blame for this rise in fraud. The online security messages do not appear to be hitting home with more than half of online shoppers (51 per cent) never checking that a website address changes from http to https before making a purchase.

APACs said this indicates awareness of advice about secure shopping is low. It also backs up security firms' warnings that people are still falling for increasingly sophisticated phishing attacks.

David Emm, of Kaspersky Lab said: "Phishers use social engineering techniques and people will fall for this so we are seeing this rise. However it shows that consumers also aren't really clued up to how serious this problem is."

People are also still lax about keeping personal information safe. APACS found a quarter of all Britons (25 per cent) have disclosed their PIN to someone else - exposing them to a heightened risk of fraud and potentially making them liable for any card fraud losses they may suffer.

More than a quarter of people (27 per cent) use the same PIN for all their cards - which makes life easier for the fraudster given that each cardholder in the UK has, on average, four cards each. Four in 10 Britons still let their cards out of their sight (in restaurants and bars for example) putting them at greater risk of fraud.

However, it is not all doom and gloom. Chip and PIN has lead to a continued decrease in fraud in face-to-face retail environments. This is down by 43 per cent and follows on from a 35 per cent fall the year before.

However, the association warned that card fraud abroad has increased by 16 per cent as fraudsters, thwarted by the introduction of chip and PIN in UK shops and cash machines, target countries that have not yet upgraded to the more secure technology. To help tackle this, the European banking industry has set itself the target of completing its chip card rollout by 2010.

The association also said new initiatives and technologies will help drive down internet card fraud. Increased take up by banks, retailers and consumers of the Verified by Visa and Mastercard Securecode initiatives will make it easier to validate transactions. Additionally there are two factor authentication initiatives.

APACS is also liaising with banks, card schemes, retailers and systems vendors on an authentication system for potential use in both online and telephone shopping scenarios, and is working towards a trial in 2007.

The system would work via a cardholder inserting their chip and PIN card into a hand-held card reader, and entering their PIN. On validating the PIN entered, the reader generates a unique, one-time-only pass code, which the cardholder provides to the retailer for authentication with the cardholders bank.

A further announcement is anticipated in the early in 2007.