Last month UK Finance together with Financial Fraud Action UK published 2017 annual fraud update, highlighting different types of fraud along with some pretty incredible statistics (total number of incidents and value) indicating the extent of the losses. The good news is that in 2017 unauthorised fraud losses from payment cards, remote banking and cheques fell by 5%. The bad news is that the scope and types of fraud are increasing. Please refer to the shared links for full report and details, in this post i summarise the 11 types of fraud that are described. Keep in mind this is a UK based report.
Types of Fraud:
The types of fraud fall into the following broad categories:
- Debit, credit and other payment card fraud
- Face to face card fraud
- Cash machine fraud
- Remote banking fraud
- Cheque fraud
1. Authorised Push Payment (APP) Scams
Authorised Push Payment (APP) scams are where the account holder authorises the payment to be made to another account. UK finance statistics capture for the first time figures for APP scams – a total of £236 million was lost due to APP scams. Methods used for both authorised and unathorised payment scams include:
- Social engineering – scammers manipulate people to reveal their personal and financial information
- Impersonation scams, such as CEO fraud or business email compromise
- The infamous – your account details need to be updated email or phone call
- Data breaches
2. Card Not Present (CNP) Fraud
Card Not Present (CNP) fraud or remote purchase fraud is where the bad guy uses a stolen credit, debit or payment card to buy something over the internet, phone or through mail order.
UK finance data shows that remote purchase fraud is initiated mainly from card details stolen from data hacks, through phishing emails and scam text messages.
3. Lost and Stolen Fraud
This type of fraud is where a criminal uses a lost or stolen debit, credit or other payment card to buy something (remotely or face to face), or where he/she withdraws money from an ATM or at a bank branch
4. Card Not Received Fraud
This fraud is where a credit, debit or payment card is stolen while in transit – so, after it has been sent by the card company but before it reaches its intended recipient. This is prominent in buildings where there are multiple residents (i.e. flats) where the post may not be securely stored.
5. Counterfeit Card Fraud
As the name suggests, a fake credit, debit or payment card is created by getting the banking details from the magnetic strip of a genuine card. Hackers will use a device to steal details from a valid card at an ATM or unattended payment terminal (car park, perhaps) and copy the details across to a fake magnetic card, which is often used in countries aboard where chip and PIN has not been introduced.
6. Card ID Theft
This credit, debit or payment card Id theft can happen in 2 ways:
- Third Party Applications – Where a fraudster uses stolen or fake documents to open an account in someone else’s name
- Account Takeover – Where a criminal takes over someone else’s genuine debit, credit or other payment card account
Both of the above involve the scammer understanding their victim through social media, data hacks and/or social engineering attacks. The scammer then uses the information to impersonate the genuine cardholder
7. UK Retail Face-to-Face Card Fraud
This refers to fraudulent transactions, that happen by stealing both the card and PIN and using the stolen card/PIN details, to make in person purchases in a UK store. The payment card and PIN information are obtained by:
- Distracting potential victims
- Using card entrapment devices at ATMs and using PIN pad cameras or just watching the ATM user enter their PIN
- Tricking victims into handing over their payment cards
8. UK Cash Machine Fraud
Somewhat related to the above, this is where the fraudster has access to the genuine debit, credit or payment card and PIN. The card is extracted as indicated above by distracting potential victims at ATMs/during purchases, using card entrapment at ATMs/during purchases at shops and bars and using the stolen card/PIN to make fraudulent cash withdrawals at ATMs.
9. Internet Banking Fraud
This is where the criminal is able to get access to the victims online bank account and make fraudulent / unauthorised transfers from it.
Typically social engineering tricks are used to dupe unsuspecting victims into sharing their online banking security details through scam phone calls, text messages and emails. The acquired information is subsequently used to access the victims online bank account and make unauthorised payments from it.
10. Telephone Banking Fraud
Similar to the above. With telephone banking fraud the criminal gets access to the victims phone banking account and makes unauthorised payment transfers.
11. Mobile Banking Fraud
Mobile banking fraud is where fraudulent or unauthorised payments are made through mobile banking services accessed via a banking app that has been downloaded to a mobile device. It does not refer to frauds that happened via mobile web browser banking and browser based banking apps.
12. Cheque Fraud
There are 3 types of cheque fraud:
- Counterfeit Cheques – Printed on non-bank paper and made to look like ‘real’ cheques, and drawn by a scammer on genuine accounts
- Forged Cheques – Genuine cheques that have been stolen and used by a scammer with a forged signature
- Fraudulently Altered Cheques – Genuine cheque that has been written out by the genuine customer, but modified in some way by a scammer to for example change the beneficiary name or amount
Be careful out there!
Pingback: When a Financial Hacker Comes to Call… Who is Liable for Bank Fraud?
Thanks for the very relevant information – ignored by banks in the haste to close branches and make people redundant, save costs and remove ATMs.
The latest WFH due to Covid is being eagerly implemented by banks – where the lonely bank employee using a VPN is vulnerable to bribes and threats to steal customer information from banks databases. Bank CEO should be held responsible for the loss of data and customers money.