NEW RESEARCH SHOWS CONSUMERS CAN STILL DO MORE TO PROTECT THEMSELVES

• Total card fraud down by 5% in first six months of 2006
• Slower growth of internet, phone and mail order fraud
• Online banking fraud increases to £22.5m

New figures released today by APACS, the UK payments association show that overall, card fraud continued to decline in the six months to June 2006. Total card fraud fell by 5% during this period, from £219.5m to £209.3m, mainly thanks to chip and PIN. Internet, phone and mail order fraud (card-not-present or CNP fraud) has increased but at a much slower rate than seen previously. CNP fraud now accounts for 46% of all losses but grew by just 5% year-on-year, compared to a 29% increase between 2004 and 2005.

UK PLASTIC CARD AND ONLINE BANKING FRAUD LOSSES

Type of fraud	Jan to June 2004	Jan to June 2005	Jan to June 2006	+/-% (05/06)
Online, phone and mail order fraud (CNP) fraud	£70.2m	£90.6m	£95.3m	+5%
Counterfeit	£66.1m	£45.6m	£53.0m	+16%
Lost/stolen	£60.5m	£44.3m	£36.1m	-19%
Mail non-receipt	£36.5m	£22.8m	£9.8m	-57%
Card ID theft	£19.2m	£16.1m	£15.0m	-7%
Total	£252.6m	£219.5m	£209.3m	-5%
Contained within this total:
Fraud abroad	£46.0m	£41.8m	£48.5m	+16%
Retailer (face-to-face)	£112.8m	£73.2m	£42.1m	- 43%
Cash machine fraud	£36.9m	£28.8m	£39.6m	+37%

 

	Jan to June 2004	Jan to June 2005	Jan to June 2006	+/-% (05/06)
Online banking fraud	£4m	£14.5m	£22.5m	+55%
Phishing incidents	126	312	5,059	+1,471%

Sandra Quinn, director of corporate communications at APACS, said

“These latest fraud figures show that the industry’s efforts are making their mark. However, each and everyone of us can also help defeat the fraudsters, and protect our cards and online accounts, by keeping our PINs, passwords and personal information safe and secure.”

New research commissioned by APACS shows that millions of Britons are still not aware of some basic security pitfalls:

• ·         One quarter of all Britons (25%) have disclosed their PIN to someone else - exposing them to a heightened risk of fraud and potentially making them liable for any card fraud losses they may suffer.
• ·         More than a quarter of people (27%) use the same PIN for all their cards - which makes life easier for the fraudster given that each cardholder in the UK has, on average, four cards each.
• ·         44% of Britons still let their cards out of their sight (in restaurants and bars for example) putting them at greater risk of fraud.
• ·         More than half of online shoppers (51%) never check that a website address changes from http to https before making a purchase – indicating that awareness of secure shopping advice is low.

Increases in counterfeit card fraud losses were mainly driven by fraudsters copying magnetic stripe details and using hidden miniature cameras to capture PINs at cash machines. Criminals would then create fake magnetic stripe cards for use at cash machines and tills that had not been upgraded to chip and PIN. (The magnetic stripe still appears on chip and PIN cards to enable cardholders to pay in shops that do not use chip and PIN, both in the UK and overseas.) However, these losses are expected to decline in the UK in the second half of the year as all UK cash machines and the vast majority of tills are now upgraded.

Home Office Minister Vernon Coaker said:

 "Fraud is not something that can be tackled in isolation - the best results can only be obtained by working together.  The Government takes fraud very seriously whether the victim is a multi-million pound organisation or a single individual. That is why we provide over £1 million a year, matched by the Corporation of London, to allow the City of London Police to expand its Economic Crime Department to tackle the problem.  The Fraud Bill, currently before Parliament, will clarify the law of fraud to better equip law enforcers and prosecutors with a modern legislative framework."

Chip and PIN has made significant inroads in protecting consumers from fraud in the UK face-to-face retail environment, where losses have decreased by 43%, following on from a 35% fall the year before. However, card fraud abroad has increased by 16% as fraudsters, thwarted by the introduction of chip and PIN in UK shops and cash machines, target countries that have not yet upgraded to the more secure technology. To help tackle this, the European banking industry has set itself the target of completing its chip card rollout by 2010.

Losses from online, phone and mail order fraud have grown slowly compared to the growth in the number of online transactions. More than 26.4 million people now shop online with an estimated 372 million transactions being undertaken last year. The majority of internet card fraud, however, involves a criminal obtaining genuine card details in the real world that are then used to shop online.

A number of initiatives are in place to tackle this type of fraud, such as an automated cardholder address verification and card security code system and the systems introduced by the schemes (Verified by Visa and MasterCard SecureCode) to enable cardholders to better authenticate themselves with a password when shopping online, thus making online transactions safer.

APACS is also liaising with banks, card schemes, retailers and systems vendors on an authentication system for potential use in both online and telephone shopping scenarios, and is working towards a trial in 2007. The system would work via a cardholder inserting their chip and PIN card into a hand-held card reader, and entering their PIN. On validating the PIN entered, the reader generates a unique, one-time only passcode, which the cardholder provides to the retailer for authentication with the cardholder’s bank. A further announcement is anticipated in the New Year.

Online bank fraud losses rose by 55% from £14.5m in the first six months of 2005 to £22.5m in the same period this year. These losses primarily involved phishing scams - typically where customers receive an email that seems to come from their genuine bank but is in fact from fraudsters who try to dupe them into disclosing personal banking security information.

There are several straightforward steps consumers can take to protect themselves against online banking fraud, such as being wary of unsolicited emails requesting personal information, and installing up-to-date anti-virus software and a personal firewall. Similarly, consumers can minimise the chances of becoming a victim of card fraud by simply keeping cards and card details as secure as possible and not letting their cards out of their sight.

Cheque fraud continues to fall due to the industry’s continuing success in identifying most fraudulent cheques as they go through the cheque clearing process coupled with better public awareness of the issue. Losses fell from £21.6m during January to June 2005 to £16.0m in the same period this year – a decrease of 26%.

APACS has published its Ten Top Tips to help consumers fight card crime and stay safe when shopping or banking online. They can be found at www.cardwatch.org.uk and www.banksafeonline.org.uk.

ENDS

For further information:

Proof PR                         

Telephone: 020 7713 0008

Email: sue@proofpr.co.uk

Notes to Editors:

1 Ten Top Tips to Foil the Fraudsters

• Don’t let your cards or your card details out of your sight when making a transaction.

• Destroy, preferably shred, any documents or receipts that contain personal financial information when you dispose of them.

• Do not keep your passwords, login details and PINs written down.

• Do not disclose PINs, login details or passwords in response to unsolicited emails claiming to be from your bank or the police.

• When entering your PIN in a shop or a cash machine use your spare hand to shield the number from prying eyes or hidden cameras.

• Only divulge your card details in a telephone transaction when you have instigated the call and are familiar with the company.

• Make sure your computer has up-to-date anti-virus software and a firewall installed.

• If you have registered your card for online protection via Verified by Visa and MasterCard SecureCode ensure your password is kept safe and secure.

• Access internet banking or shopping sites by typing the address into your web browser. Never go to a website from a link in an email and then enter personal details.

• Shop at secure websites by ensuring that the security icon (locked padlock or unbroken key symbol) is showing in the bottom of your browser window.

2 Online, telephone and mail order card fraud - card-not-present (CNP) fraud

A CNP transaction is one made when neither the card nor the cardholder is present at a till point in a shop, such as transactions made over the internet, telephone, fax or by mail order. APACS has produced best practice guidelines for preventing CNP fraud, available in a number of formats. The publication Spot & Stop Card-not-Present Fraud is available to download from www.cardwatch.org.uk. This site also contains an e-learning version of the guide, which is also available to order as a CD-Rom.

3 Verified by Visa and MasterCard SecureCode

These are e-commerce solutions that enable cardholders to authenticate themselves when shopping online at participating merchants through the use of a private password or code. More information is available at www.visaeurope.com and www.mastercard.com/uk

4 APACS

APACS is the UK payments trade association and the authoritative voice on issues such as cards, cheques, cash, clearing systems and payment fraud. Card Watch is the UK banking industry's fraud awareness body that works with police, retailers and organisations including Crimestoppers to fight plastic card fraud.

5 Phishing

Phishing is the name given to the practice used by fraudsters who send emails at random that seem to come from a genuine online bank or business, in an attempt to trick customers of those companies into disclosing personal security information, typically at a bogus website operated by the fraudsters.

You can prevent yourself from becoming a victim of phishing by being wary of all unsolicited emails, even if they appear to originate from a trusted source. Although your bank may contact you by email, it will never ask you to reconfirm your login or security password information by clicking on a link in an email and visiting a website. For more information, visit www.banksafeonline.org.uk

6 Phishing incidents

In a phishing incident fraudsters set up a website that is a fake version of a genuine bank website, and then send out thousands or even millions of spam emails trying to convince people to click on a link that will send them to that fake site. The objective is to fool people into then entering their online banking security information – such as user names, PINs and passwords – onto the fake site.

7 About Crimestoppers

• Crimestoppers is the only charity dedicated to solving crimes and taking criminals off the streets. Around 17 people are arrested and charged every day as a result of information given to Crimestoppers.

• Since Crimestoppers began in 1988, it has had over 850,000 calls. There have been over 75,000 arrests, over £95m property has been recovered and over £130m worth of drugs has been seized.

8 APACS’ Consumer Research

• Tickbox.net carried out research commissioned by APACS to investigate how securely Britons keep their PINs, passwords and personal information.

• The research for APACS was carried out online by Tickbox.net between 20/09/2006 and 05/10/2006 amongst a nationally representative sample of 1,618 UK adults aged 16+.

• Tickbox.net is a leading market research organisation, carrying out consumer, corporate and niche market surveys online amongst a 50,000+ member panel.

• Tickbox.net is a member of the BMRA (British Market Research Association), follows the codes of the MRS (Market Research Society) and is fully registered and compliant with the Data Protection Registrar, as well as being the preferred research supplier of the PRCA (Public Relations Consultants Association).