Cifas Report – Fraud trends from over 325,000 fraud cases recorded in 2016
Cifas, the UK’s leading fraud prevention service, yesterday released a new report detailing the fraud trends from over 325,000 fraud cases recorded in 2016. The data, from 387 organisations, including many major UK brands, is one of the most comprehensive pictures of fraud and fraudulent attempts made in the UK. The research discovered fraudsters’ takeovers of customer accounts has soared by 45% in the last year, and that hackers were moving from online to phone, to target not only the consumers themselves but also gain access to facilities such as banks.
Raj Samani McAfee Fellow, Chief Scientist, said “The news from Cifas demonstrates that scammers are becoming ever more intelligent when it comes to who they plan to target and how. Criminals are wise to the rapid improvements in online security, and are instead going to targets directly through their phones. People need to be just as wary when sharing their personal details as they are with locking up their home so that they protect their online information. For example, if they receive a legitimate call from their bank, they have the ability to call them back to double check they are who they say they are. In moments of panic, it’s easy to share crucial personal information but it is key that consumers take the time to step back and consider who they are talking to.”
“It is safest to assume that people are not who they say they are and people should feel confident in giving them a call back. Now that fraudsters are targeting the elderly and other vulnerable members of the community, younger relatives have a responsibility to make sure they know what to watch out for, to keep their details from being compromised.”
Nick Gaubitch, Head of EMEA Research at Pindrop, added “This report highlights the need for organisations to arm their call centre agents with the tools they need to identify and eliminate fraud on the phone channel . Cifas notes that more than 50% of the facility takeovers recorded were carried out over the phone, typically to call centre staff.
“Fraudsters are getting better at their craft, honing their skills and becoming more confident at using techniques to bypass current defences on the phone channel. Our own research shows that fraudsters are using a number of freely available tools such as spoof caller ID and voice distortion apps to disguise their voices and conceal their location to manipulate centre agents to thinking they are genuine customers.
“Organisations need to be just as vigilant on what happens on the phone channel as they are with online channels, because this rise in phone fraud serves as a stark warning – organisations are leaving their customers vulnerable to attack. A better line of defence on this channel is needed. One that allows a multi-layered approach to authenticate genuine customers quickly and accurately, to identify the risk factors that can better track fraud attempts.”
Robert Capps, VP of business development at fraud mitigation specialists, NuData Security, concluded “This rise in recorded fraud figures is astounding, and bad news for consumers who often bear the brunt of many direct costs, especially in account takeover and new account fraud. The increasing volume of attacks globally has also been attributed to more fraudsters willing to commit the crime, more data available on the black market, and more financial institutions and merchants that are vulnerable to attacks. It’s incumbent upon companies to secure their customers’ trust by keeping their accounts safe from hackers. They can’t afford to hear their customers say, ‘My account got hacked again.’
To detect out of character and potentially fraudulent transactions before they can create a financial nightmare for consumers, we must adopt new authentication methods that they can’t deceive. Solutions based on consumer behaviour and interactional signals are leading the way to provide more safety for consumers, and less fraud in the marketplace.
There are solutions on the market now that can identify machines from humans, then separate good machines from bad, selects known humans from unknown humans, and finally sorts unknown humans demonstrating low-risk signals from unknown humans demonstrating high-risk signals. This process lets organisations fast track the known and low-risk users for an optimal experience, saving the friction and traditional authentication methods for the highest risk users.
We too are seeing in our Consortium of 80 billion annual behavioural transactions, that attackers are rapidly evolving their methods to more complex, evolved schemes. Organisations must be ever vigilant as fraudsters leverage the mass of freely available data on the dark web for cybercrime. Expecting consumers to maintain strong, non-reused passwords isn’t realistic, which means retailers and FIs need to shoulder an even larger responsibility to protect their consumers. It is more important than ever, as seen in this report, for online merchants to use technology that can help them effectively differentiate good customers from bad.”