Digital is a channel of choice for consumers, accelerated by COVID-19. But digital interaction isn’t the only thing that has accelerated – fraud has too. Toby Carlin examines the latest data on how banks are tackling the threat.
In the UK, official figures for August show year-on-year total online retail sales increased by 51.6 percent, significantly higher than the previous year. Worldwide, internet retail giant Amazon announced an increase of 40 percent to $88.9 billion in the second quarter for net sales, compared with $63.4 billion in the second quarter of 2019.
No surprise really as from the end of March much of the world was in lockdown. However, even before COVID-19, there was an increasing shift towards the digital experience, not just for retail, but for finance and banking too. And particularly among the younger generations who are more comfortable with living much of their daily lives online.
A consumer research study FICO commissioned at the start of 2020 shows millennials prefer to work with their bank through a phone via a mobile app; 25 percent of millennial consumers connect with their bank daily via mobile applications. But with the public demanding more digital channels to suit their working practices and lifestyle, it stands to reason criminals will look for ways to cash in on these new opportunities too.
An issue amplified
The pandemic has amplified an issue that was already on the rise, as our European Fraud Map for 2019 has illustrated.
For years, CNP (card-not-present) fraud has been the largest and fastest growing segment of card fraud in most European countries, including the UK. In 2018 data compromises drove up CNP fraud in the UK prompting UK banks to focus on strengthening and improving their systems to better control future compromises.
Several UK banks have been the first to trial new tools to flag fraud attacks and data compromise significantly earlier to minimise losses and better protect customers. And this has resulted in greater collaboration between the banks, with early results from these trials showing significant improvement in CNP losses.
These efforts showed in the UK’s strong card fraud reduction in 2019, by 8 percent or £52 million over 2018. And the UK was not alone in marking success. Overall, the 18 countries covered in our European Fraud Map reduced card fraud by 2 percent in 2019. It was a strong year for many European countries in reducing basis point fraud losses (a ratio of fraud losses to card sales), against the backdrop of increased transactional volume and value in 2019.
But there were also some worrying increases last year. Most notably, France and Italy saw the largest value increases, together being responsible for 71 percent of the monetary loss increases across the 18 countries studied. With France and Italy taking much of the headline, there are many other European countries such as Germany, the Netherlands and Spain that had benefitted from a reduced attack as a result of a lower than average digital adoption. However, COVID-19 has changed this, with all of these countries seeing significant spikes in e-commerce and digital adoption. With increased adoption comes increased threat.
This picture of card fraud in 2019 may be somewhat reassuring, as it shows many banks’ ability to adapt to new fraud trends faster. But that ability is being tried by COVID-19, which is having significant impacts on the transaction mix and threat. This has exposed many frameworks that were already pressured, with fraudsters now attempting to make up for lost time with increased volume and ferocity of their attacks.
And this doesn’t just affect card fraud. The biggest threat today comes from digital fraud and scams, which continue to increase exponentially across all markets.
It’s all about opportunity – a remote workforce, combined with remote operations simply make banking and finances more vulnerable. This means there has never been a more urgent time for banks across Europe to invest in fraud systems that go wider.
“Since face-to-face interactions are likely to be reduced for some time to come, it is crucial for consumers and financial institutions to have mutual respect for the benefits biometrics deliver”
Relying on usernames and passwords to secure digital accounts isn’t enough. Once a criminal has usernames and passwords for one account, the chances are they will have them for several. Our survey reveals that only 40 percent of Brits have separate passwords for each of their financial accounts.
One-time passcodes can help, but this method also has its limitations if the correct current mobile and/or landline number isn’t provided. Indeed, we also found that less than half of Brits say their bank has their correct home phone (landline) number. So what’s the answer? Banks need to consider a broader range of methods for customer identity management, including biometrics.
Biometrics have the last password
Our survey of 5000 people across 10 countries found biometric methods are now being widely accepted for security, with 71 percent happy to provide their bank with a biometric. And for logging into a banking app, 48 percent said they would be happy to use a fingerprint scan; 25 percent a facial image and 23 percent a voiceprint.
Most people (78 percent) also accept banks’ analysing their device settings for security purposes. 70 percent accept the use of behavioural biometrics such as analysis of the way they hold their phone or type in their password.
Since face-to-face interactions are likely to be reduced for some time to come, it is crucial for consumers and financial institutions to have mutual respect for the benefits biometrics deliver – not just for security but in terms of removing the delay and friction from financial transactions.
And, combined with the commitment being made by financial institutions to identify fraud attacks and data compromise events as early as possible, that means the successes achieved in 2019 should be sustained and even extended through 2020 and beyond.
by Toby Carlin, Director – Fraud, Cyber & Compliance at FICO.