UK e-commerce fraud hit nearly £400m in 2018, accounting for the vast majority (78%) of all card not present (CNP) fraud and fueled by an ongoing epidemic in data breaches and social engineering, according to UK Finance.
The banking industry group’s annual roundup, Fraud the Facts 2019, claimed that £393 million of e-commerce fraud amounted to 59% of total card fraud and represented a 27% increase on 2017 figures.
“Data compromise, including through data hacks at third parties such as retailers, is a major driver of these fraud losses, with criminals using the stolen card details to make purchases online,” the report noted.
“There were several high-profile data breaches occurring in 2018, with significant brands affected, alongside a number of lower-level incidents. The data stolen from a breach can be used for months or even years after the incident. Criminals also use the publicity around data breaches as an opportunity to trick people into revealing financial information.”
UK Finance also claimed the increase came as a result of phishing emails and scam text messages as well as social media scams advertising the sale of discounted ‘goods.’
“When a customer goes to buy the product, the criminal uses their card details to purchase the item from a legitimate source and then keeps the payment from the customer,” it claimed.
CNP fraud — which includes phone and mail order as well as internet-based scams — accounted for 76% of the total losses last year, versus 61% in 2009. It rose 24% from 2017-18 to top £506m, with over two million cases recorded — a 47% increase from 2017.
Authorized push payment (APP) scams are also growing fast. They soared 90% in volume and 50% in value to reach £354m in losses last year, although this could be down in part to more UK Finance members reporting APP fraud.
“Criminals’ use of social engineering tactics through deception and impersonation scams is a key driver of authorized push payment scams,” the report claimed.
“Typically, this involves the criminal posing as a genuine individual or organization and contacting the victim using a range of methods including via the telephone, email and text message. Criminals also use social media to approach victims, using adverts for goods and investments which never materialize once the payment has been made.”
APP fraud also hit businesses, which accounted for nearly 36% of total losses.