The cost of electronic fraud topped £1bn in 2021 for the UK alone. What more can be done to stem the tide? Heather McKenzie reports.
With more than £1.3bn lost in the UK through fraud and scams in 2021, how to tackle the problem remains open to question. Banking industry body UK Finance, which identified the scale of losses in its annual fraud report, has called for greater cross-sector action to tackle the problem.
However, Sean Devaney, vice-president, strategy for banking and financial markets at systems integrator CGI, says cross-sector action on fraud will be “incredibly difficult” to co-ordinate. “Even within the banking industry, sharing fraud data has always been a bit of a challenge. The big banks have a lot of the data already, so it’s mainly the smaller players who benefit, which means that the bigger players are often reluctant to share information,” he says. “Expanding that out to other sectors means that there will be an exponentially growing number of competing requirements and agendas.”
Martin Wilson, chief executive of OneID, is more confident that a cross-sector approach can work, citing successful schemes such Sweden’s BankID, which is the largest electronic identification system in the country and has more than 6.5 million active users. BankID is owned and operated by a number of Swedish and Scandinavian banks. A similar scheme, called bankID, operates in Norway as a utility, owned and operated by several banks. “The scheme has proved to be successful in reducing payment fraud from 1% to just 0.00042% of transactions,” says Mr Wilson.
He adds that it is clear banks and consumers need support to spot and prevent scams, but that the UK government and law enforcement agencies cannot tackle the billion-pound issue through creating and enforcing legislation alone. The same cross-sector action seen in other countries is needed in the UK, he says. Mr Wilson advocates for a digital identity utility that protects citizens’ data, and makes it safe and simple for users to prove their identity.
Rolling out digital identity may not be as straightforward as it sounds. Mr Devaney believes that social considerations will come to the fore. “I think it will come down to the type of society that we want to live in,” he says. “The UK has always been reluctant to implement identity cards, or their digital equivalent, and yet their use would certainly make several types of fraud considerably harder. However, there is a degree of distrust when it comes to how the operators of such a service would use the vast amount of data it would contain, as well as how secure the data itself would be.”
He also questions whether users would be comfortable with the consequences of cross-sector data sharing. “Joining the databases that the police hold, which contain copies of documents used by fraudsters in identity theft and other crimes, with the onboarding process of a bank, when it is checking your identity documents, seems like an obvious use case,” he says. “What happens if you are the legitimate owner of those documents, but they are all flagged as potentially fraudulent?”
Mounting costs
Mr Wilson notes that banks have paid out “hundreds of millions of pounds” to customers who have fallen victim to authorised push payment (APP) fraud since the APP voluntary code was introduced in 2019. “The UK government has said it will legislate in the upcoming Financial Services and Markets Bill to enable the Payment Systems Regulator to require banks to refund victims of APP fraud. Banks could be on the hook for even more than the hundreds of millions they fork out each year,” he says.
Banks need to take pre-emptive action and invest in technologies that can help prevent fraud before money changes hands, Mr Wilson believes.
Early intervention is key, says Mr Devaney. Financial institutions should look at identity verification strategies and ensure that all the parties involved in the payments value chain have undertaken the correct checks to ensure that their customers are indeed who they say they are.
While some view open banking as a vector for fraud, he thinks otherwise. Open banking overlay services such as Request to Pay go further than Confirmation of Payee by ensuring that the person requesting the money as well the person sending it are identified, using a bank’s own security. This greatly reduces the risk of impersonation fraud, and the invoice and the payment are linked, making it much harder to interfere with any details of the transaction.
“Fraud is impossible to eradicate in its entirety, especially in a system where we all appreciate smooth and convenient customer journeys, but we can do a lot to reduce fraud further,” says Mr Devaney. “It comes down to two things: first, ensure that everyone undertakes the most robust identity verification checks, and second, take advantage of new technologies, such as Open Banking, where a much more joined-up and consent-driven process will ensure that fraud is much more difficult to perpetrate.”
