Fraud follows consumers to digital channels

By Toby Carlin, Director – Fraud, Cyber & Compliance at FICO.

Consumers are more frequently choosing digital as their preferred financial channel and the COVID-19 pandemic has increased this trend. The rise in digital interaction, however, has brought with it a surge in fraud, both digital and non-plastic. Toby Carlin, Director – Fraud, Cyber & Compliance at FICO, a global leader in analytics software, takes a look at the latest data on how banks are confronting the threat.

In the UK, figures for August revealed a 51.6% year-on-year rise of total online retail sales, significantly higher than last year. Global, internet retail giant Amazon announced an increase of 40% in net sales to $88.9 billion in the second quarter, compared with $63.4 billion in the second quarter of 2019.

A consumer research study FICO commissioned at the start of 2020[1] shows millennials prefer to work with their bank through a phone via a mobile app; 25% of millennial consumers connect with their bank daily via mobile applications. But these demands for more digital channels open further potential avenues for criminals to cash in.

A problem intensified

The pandemic has intensified an issue that was already on the rise, as our European Fraud Map for 2019 demonstrates.

For years, CNP (card-not-present) fraud has been the largest and fastest growing segment of card fraud in most European countries, including the UK. In 2018, data compromises drove up CNP fraud in the UK, prompting UK banks to strengthen and improve their systems to better control future compromises. To do so, several UK banks have been the first to trial new tools to flag fraud attacks and data compromise significantly earlier to minimise losses and better protect customers. This has resulted in greater cooperation between the banks, with early results revealing significant improvement in CNP losses.

These efforts showed in the UK’s significant card fraud reduction in 2019, by 8% or £52 million over 2018. It was not only the UK that announced strong progress. Overall, the 18 countries covered in our European Fraud Map reduced card fraud by 2% in 2019. It was a successful year for many European countries in reducing basis point fraud losses (a ratio of fraud losses to card sales), against the backdrop of increased transactional volume and value in 2019.

But there were also some worrying increases last year. Most notably, France and Italy saw the largest value increases. Together they were responsible for 71% of the monetary loss increases across the 18 countries studied.

Many other European countries, such as Germany, the Netherlands and Spain, continued to see a reduced attack in 2019 as a result of a lower than average digital adoption, which has kept them out of the headlines. COVID-19 has, however, changed this, with all of these countries seeing significant spikes in e-commerce and digital adoption through 2020. Threat levels increase the more adoption takes place.

COVID-19 changes the picture

This picture of card fraud in 2019 may be somewhat reassuring, as it shows many banks’ ability to adapt to new fraud trends at a faster rate. But that ability is being tested by COVID-19, which is leaving similar results on the transaction mix and threat. This has exposed many frameworks that were already pressured, with fraudsters now attempting to make up for lost time with increased volume and ferocity of their attacks.

This doesn’t just affect card fraud. The biggest threat today comes from digital fraud and scams, which continue to increase exponentially across all markets. For fraudsters, it’s all about opportunity – a remote workforce, combined with remote operations, makes banking and finances more vulnerable. This means there has never been a more urgent time for banks across Europe to transform their fraud ecosystems, to go beyond previous expectations.

Relying on usernames and passwords to secure digital accounts is no longer enough. When a criminal has those details for one account, the chances are they will have them for several. Our survey reveals that only 40% of Brits have separate passwords for each of their financial accounts.

One-time passcodes can help, but this method also has its limitations if the correct current mobile and/or landline number isn’t provided. Indeed, we also found that less than half of Brits say their bank has their correct home phone (landline) number. So what is the solution to safety? Banks must consider a wider range of methods for customer identity management, including biometrics.

Biometrics have the last password

Our survey of 5000 people across 10 countries found biometric methods are now being widely accepted for security, with 71% happy to provide their bank with a biometric. And for logging into a banking app, 48% said they would be happy to use a fingerprint scan, 25% a facial image and 23% a voiceprint.

Most people (78%) also accept banks’ analysing their device settings for security purposes. 70% accept the use of behavioural biometrics such as analysis of the way they hold their phone or type in their password.

Since face-to-face interactions are likely to be reduced for the foreseeable future, it is imperative for consumers and financial institutions to have mutual respect for the benefits biometrics deliver – not just for security but also in terms of removing the delay and friction from financial transactions. And, combined with the commitment being made by financial institutions to identify fraud attacks and data compromise events as early as possible, that means the successes achieved in 2019 should be sustained and even extended through 2020 and beyond.

[1] An independent survey of 5,000 people in 10 countries, carried out for FICO in February 2020. To find out more visit https://www.fico.com/blogs/fico-digital-banking-study-security-and-authentication-digital-world