By Andy McCue, 8 March 2005 16:00
NEWS Phishing scams and Trojan keystroke loggers were behind UK online bank fraud totalling £12m last year, according to the latest official figures.
It is the first year the online fraud figures have been collected but total UK card fraud losses rose 20 per cent to £504.8m in 2004 as revealed in the annual figures by UK payments body APACS.
APACS put some of this down to thieves targeting the high volumes of new chip and PIN cards sent out in the post with fraud on cards stolen before cardholders received them in the post shooting up 62 per cent to £72.9m.
APACS claims the introduction of chip and PIN technology will lead to a reduction in card fraud but this still leaves question marks over how the industry plans to tackle card-not-present fraud for phone, internet and fax transactions, which increased 24 per cent to £150.8m in 2004 and is still the single biggest type of card fraud.
ID theft on cards has also shot up 22 per cent to £30.2m in 2004, although it still remains a small proportion of overall losses.
The area that chip and PIN is set to have the biggest impact is counterfeit card fraud, which rose 17 per cent to £129.7m in 2004.
Sandra Quinn, director of corporate communications at APACS, said fraud forecasts showed that without the introduction of chip and PIN, card fraud losses would top £800m by 2005.
"As more of us use a PIN the harder the criminal's life becomes. But clearly they are going to keep targeting cards," she said in a statement.
But business intelligence and anti-fraud technology vendor SAS claims chip and PIN will simply lead criminals down the identity theft route instead, while online anti-fraud firm Early Warning claims chip and PIN will lead to further rises in card-not-present fraud where liability for losses rests with merchants and not the card issuing companies.
Comments
There is 1 comment. Join the discussion
1. Brian Burkill
The way to tackle "Card Not Present" transactions is to have the purchaser physically validate and authorise the purchase.
This could be done on line, via the internet banking site, or via the phone.
For instance, if I purchase an item from a vendor either over the phone or via the web, and give my card details, the funds are not released until such a time as I log on to my internet banking site and authorise the purchase. Or I use my telephone banking service and authorise the payment that way. The vendor ships the goods once payment has cleared.
This means that, if someone stole my card details and used them, then the payment would not be authorised by me, consequently the vendor would not get his money and as such would not ship the goods.
Its an extra step for everyone, but not difficult to implement. The criminals my have my card details, as they are publicly available, but they havent got my online account details and passwords.