Fraud abroad drives up card losses
As phishermen pull in a meagre haul
A doubling of overseas card fraud is pushing up industry losses even as domestic fraud decreases.
Total credit card fraud losses increased by 26 per cent in the six months to June 2007 to £263.6m compared with £209m in the first half of 2006, according to figures from UK banking industry association APACS.
The increase was driven by a 126 per cent rise in fraud on UK-issued cards being used overseas. Losses in this area rose from £48.1m in the first half of 2006 to £108.8m in the first half of 2007.
By contrast, domestic card fraud continues to fall, with losses at UK retailers down 11 per cent to £37.5m and losses at UK cash machines down 57 per cent to £17.1m. APACS attributes the progress at home to the introduction of Chip and PIN.
APACS said fraudsters are being driven overseas, copying mag stripes to create counterfeit cards that they use in countries that have yet to upgrade to Chip and PIN.
Online, phone and mail order (CNP) fraud has been consolidating its position as the biggest single cause of fraudulent losses both at home and overseas. Losses in this area reached £137m in 1H07, up from £95.3m per cent in the same period last year. APACS said these figures need to be viewed in the context of increased online spending. The fraud-to-turnover ratio on online card transactions has steadily decreased since 2004, APACS argues.
Counterfeit card losses, the second biggest category of loss, grew from £52.8m to £72.3m over the same period. Lost and stolen card losses fell from £36.1m to £30.7m. Meanwhile "card ID theft" increased from £15m to £18.7m over the last year.
Online banking fraud losses fell from £22.4m in the first half of 2006 to £7.5m in the first half of 2007. Anti-phishing measures by banks, coupled with an unusually high level of online banking fraud in the first few months of 2006, explain the decline according to APACS.
"These figures show how the fraudsters have changed tack," said Sandra Quinn, director of communications at APACS. "A couple of years ago they were mainly stealing cards and card details for use in UK shops and cash machines, but today, because of chip and PIN, they have been driven overseas - using fake magnetic strip cards specifically in countries which have yet to upgrade to chip and PIN. During the interim we will continue to use fraud intelligence systems to tackle overseas losses and encourage those countries that are lagging behind on chip and PIN to follow our lead."
Cardholders also need to play their part in helping to prevent fraud. Last month APACS published a consumer advice guide, Protect Your PIN, in order to remind cardholders of the need to keep their PIN and card details safe and secure. There's plenty more top tips along these lines at the banking industry’s fraud prevention website, cardwatch.org.uk. Material on the site is aimed at consumers and retailers alike. ®
Card holder Auth
Have any of you seen the GrIDsure thing work? They can create reactive, transaction specific, one time pass-codes (PINs) to validate card not present transactions.
It can run here on ATM & PoS machines, or put an app on your mobile. You go abroad or on line, the back end quieries the transaction and sends a text which wakes the app on your mobile. It asks you if you really want to buy x from y for £z, and then creates an OTP with transaction details & their auth method.
That would solve the problem, and be less expensive than Tokens.
I had my credit card cloned a few months ago. Luckily my card company spotted some odd transactions almost immediately, and phoned me for confirmation, so it was stopped very quickly.
A week later I get an email from Amazon saying someone has tried to set up an account using a card registered to my amazon account.
Again, very commendable fraud detection.
However, Amazon wouldn't give me the details of the fraudster, as only the Police are allowed to have this, and they didn't register the fraud with the cops. My credit card company also didn't register the clone with the police either. So at the end of the day, whoever copied my card tried to get stuff, failed, and had no comeback at all!
Personally I'm a little worried about how it got cloned. I don't use the card much, and when I do it's almost always online to the same four companies. I'm a techie, I know about SSL, I run Firefox, and I check the owner of the certificate! Yet I still managed to get cloned, which concerns me.
The only new thing I had done was change ISP... Who of course get the number... and have a call centre in India... But that's an entirely different story!
This isn't something new the banks are simply formalising their position.
It appears very simple to me - if the banks don't have enough faith in their system to guarantee the transactions abroad then they shouldn't provide the facility. It reminds me of when the CD industry started making burners available to Joe Public then complained because music cd's were copied - Doh!!!!!!
They should force authorisation on the cards & block international transactions by default. This would add an additional hassle factor but ultimately would protect the consumer (that is what this is about - isn't it?)