Home Affairs CommitteeSupplementary written evidence submitted by Financial Fraud Action UK [EC 15a]

I write to thank you for inviting me to appear before the Home Affairs Committee this week, and for the opportunity to discuss the work of Financial Fraud Action UK with your members.

Refunds for Fraud Victims

During the evidence session I promised to provide further information to the Committee on the figures I cited during my submission concerning the number of refunded fraud claims. Financial Fraud Action UK and our partner organisation, The UK Cards Association, conducted a survey of our major UK retail banking members (list below) in advance of this session. The survey ran between 13 March 2013 and 12 April 2013 and collected data on the length of time taken to process fraud refunds during 2012. Our study found that between 96% and 98% of all fraudulent transactions were refunded on either the same day or the following day. On the basis of these findings, no more than 2% of customers receiving refunds have had to wait longer than two days. These figures corroborate that of the Which? survey published in January which found that 98% of fraud claims were refunded, but gives a more up to date picture of the landscape than the Which? survey, which included cases as long as up to five years ago.

Members surveyed:

Bank of America.

Danske Bank.

Bank of Ireland.

HSBC.

Bank of Tokyo Mitsubishi.

Lloyds Banking Group.

Barclays.

National Australia Group.

Capital One.

Nationwide Building Society.

CitiBank.

Royal Bank of Scotland Group.

Co-operative Banking Group.

Santander.

Coventry Building Society.

Tesco Bank.

E-Crime

I would also like to take this opportunity to reinforce some of the other statistics I shared with you during the session on the changing pattern of e-crime in the UK, from the perspective of e-commerce and online banking.

E-commerce fraud losses (that is, losses on cards used fraudulently over the internet) peaked in 2008 at £181.7 million, a year when total online card spending reached £41 billion. During 2012 e-commerce fraud losses stood at £140.2 million, a year when total online card spending reached £68 billion. Fraud losses for e-commerce have therefore dropped 23% since their peak in 2008, despite a 66% increase in online card spending.

Online banking fraud losses peaked in 2009 at £59.7 million, a year when there were 22.4 million registered users of online banking. During 2012 online banking fraud losses stood at £39.6 million, a year when there were 26.8 million registered users of online banking. Fraud losses for online banking have therefore dropped 34% since their peak in 2009, despite a 20% increase in the number of registered users of online banking.

The National Fraud Authority (NFA) estimates that all types of fraud cost the UK £73 billion in 2011, of which less than 1% consists of banking and card fraud. Total plastic fraud stood at £388 million in 2012, down 36% from its peak at £609.9 million in 2008. Fraud accounts for just 7p in every £100 spent on cards in the UK, against the backdrop of a total of 9.9 billion card transactions in 2012.

Solutions

I feel these figures demonstrate that the broader picture is that we are winning the fight against fraud, notwithstanding a constant need for vigilance in the light of changing modus operandi and developing technologies both on the provider side and in relation to the “attack tools” used by fraudsters.

The banking industry has invested heavily in fraud prevention and detection activity, including £1 billion spent on the roll-out of Chip and PIN and full sponsorship of the Dedicated Cheque and Plastic Crime Unit (DCPCU) which has prevented fraud to the value of £433 million over 10 years. The banking industry has also pioneered new ways of working with the public sector to address fraud, including work with government on public-private fraud intelligence-sharing, and with the National Fraud Authority on consumer campaigns.

The figures around financial fraud, despite progress, remain higher than we would wish and, as the Committee has heard in previous evidence sessions, there is a real concern among our law enforcement partners that stolen funds are being used to bank-roll terrorist groups and support organised criminal gangs involved in the trafficking of people and drugs.

I’d like to reiterate the point I made about the need to streamline ways to share intelligence between law enforcement and the banking industry, and for data to be shared more effectively across borders. If we are to be even more effective in the fight against financial crime then intelligence-sharing across industries and between public and private sector (as well as internationally) is crucial. This should be reflected in the decisions taken around the new data protection regulations stemming from Europe, as well as decisions to be taken on existing Justice and Home Affairs measures.

There is also a need for a greater and more concerted effort from government, the police, and the private sector on consumer education and awareness raising to encourage small changes in consumer behaviour so that we are not “leaving doors and windows open” to online fraudsters, to use the analogy of ACPO’s DAC Martin Hewitt. To this end, having successfully run a number of campaigns jointly with the NFA and other sectors, we would ask for the Government to help in bringing other players to the table.

Chip & PIN

Finally, I would like to supplement my response to Dr Huppert’s questions on Chip & PIN to state for the record that the use of PIN to authorise a transaction will not in itself preclude a cardholder from receiving a full refund. Victims of card and banking fraud benefit from a legal and regulatory guarantee of being refunded for any losses in a timely manner, irrespective of the nature of the transaction. In general, card payments are a safer way to do business, attracting much greater protections than traditional payments such as cash or cheque.

We are confident in Chip & PIN as a system and believe it is largely responsible for the substantial decline we have seen in card fraud. While we would never be complacent enough to claim that any system is infallible, the evidence our police colleagues are seeing is that cards most commonly become compromised when consumers unwittingly reveal their PIN, for example through common “shoulder surfing” and distraction thefts at ATMs, or by telephone frauds where a criminal posing as a bank staff member or police officer dupe the customer into disclosing his or her details.

I look forward to reading the Committee’s e-crime inquiry report, and please do not hesitate to contact me if I can be of any further assistance.

Katy Worobec
Head of Fraud Control
Financial Fraud Action UK

April 2013

Prepared 29th July 2013