As we squeeze the fraud balloon in one area it simply pops up elsewhere. Like a virus, as criminals become aware of the treatments being applied, fraud mutates and migrates.
That’s clear from the latest report from the UK’s Fraud Prevention Service, CIFAS. Although fraud reported to them has decreased overall by 13% year-on-year, underlying exposure and fraud loss levels remain high, and the constitution of the UK domestic fraud numbers has changed.
The predominant type of fraud recorded by CIFAS members (60%) is identity theft and facility takeover. Criminals are aware that the weak link in the chain for both the public and private sector is the protection of customer credentials and robust authentication. I presented and blogged on this last year, and the need for consumer awareness, education, understanding and vigilance remains paramount.
The CIFAS figures need to be understood in context. Organizations report cases where they have enough evidence of fraud to support, if necessary, a criminal prosecution. Therefore the numbers, whilst indicative in proportional terms, are lower than the actual fraud taking place, some of which is not so clear-cut. This is borne out by the preponderance of social engineering attacks that dog all channels, as criminals seek to leverage access and solicit information to their advantage.
As with our approach to health, there is a need to ensure that customers understand enough to be their own best protection. They should know about the risks and how to avoid them; recognize the symptoms and know how to treat them; and can be part of the cure should they become compromised. Is enough being done to meet this three-factor approach? Many would argue not, especially given the rapid changes in fraud attacks.
Education of customers is often seen as a double-edged sword — talking about the risks can scare customers away from new channels and technologies that are ultimately in the banks’ and customers’ best interests to use. Many of the older generation have been reluctant to embrace new technologies because of their unfamiliarity and uncertainty about it, and the risks they have seen publicized. Many parents are concerned about the risks posed to their children through the accessibility of technology, which they do not feel they know enough about. But for consumers, knowledge is power. The more we all do to promote information about what is, and is not, accepted and good practice, the greater the chance we have of stopping the criminals in their tracks.
In the fight against fraud, we should all take it personally!