November 14, 2017
November 13, 2017
Posted April 1, 2015
The latest official UK fraud figures for 2014 are out and once again it doesn’t make for particularly pleasant reading. The most obvious ongoing trend they point to is the unfettered growth of card not present and online banking fraud – the latter soaring a whopping 48% to reach losses in excess of £60 million. With the bad guys continuing to go after the lowest hanging fruit, businesses need to assume that traditional identity data has already largely been compromised.
The fight back must begin with new anti-fraud systems using passive multi-factor authentication built on shared global intelligence systems.
Another bad year?
The stats from Financial Fraud Action (FFA) UK paint the picture of an industry ill-equipped to cope with an agile, well-resourced and determined cyber foe. It’s an enemy keen to exploit under-powered fraud prevention systems and gaps in consumer knowledge about cyber threats, all the while operating under a cloak of anonymity.
Thanks to the success of Chip and PIN on the high street, the lowest hanging fruit in the UK most definitely remains card not present (CNP) fraud and online banking – where stolen credentials can be used to fraudulently purchase items, and increasingly to create and take over customer accounts. As a result, we see e-commerce fraud up 14% year-on-year to reach £217m, accounting for the majority of CNP fraud. The aforementioned large rise in online banking losses, meanwhile, equates to over 53,000 separate incidents last year – and that’s just the reported ones.
FFA UK advised consumers to protect themselves from phishing and information-stealing malware by regularly updating their security software; to be suspicious of unsolicited emails; and to only shop on secure websites. Businesses were urged to enrol in 3D Secure – which offers an extra layer of password-based authentication for customers, designed to reduce fraud. FFA UK also counselled firms to be wary of high value or unusual orders, and to sign up to the Address Verification Service – which matches billing address to delivery address.
A new way forward
This isn’t bad advice, but we’re living in an age where huge amounts of identity information are bought and sold on underground markets every day. Large scale data breaches and individual malware attacks on consumers have exposed huge amounts of data which the bad guys can use to launch follow-up fraud attempts. And with the internet to protect them they largely don’t have to worry about getting caught.
So how should firms respond?
Most don’t have the resources or expertise in-house to tackle fraud on a large scale, so it’s all about finding a specialist provider who can offer industry-leading capabilities. We believe in a form of multi-factor authentication – which combines something a user has, like the device they connect with, and something they are, like their location. Adding this context to online transactions adds extra layers of security on top of the traditional user name/password combo. This must all be done passively – in the background and in real-time – along with malware detection, so that there is no impact on the user experience.
The ThreatMetrix® platform does exactly this, using data generated by our Global Trust Intelligence Network which analyses over one billion transactions each month to allow firms to spot fraudulent transactions in real-time at a cost of less than a penny per transaction. As UK fraud levels continue to rise, there’s never been a more urgent need for protection that works every time – protecting profits and keeping your customers happy.