UK Banking Fraud Losses on the Rise
In the U.K., remote banking fraud losses have risen 42 percent, while online banking fraud has increased 48 percent, according to the Financial Fraud Action UK (FFA UK). The FFA UK is an industry group comprised of banks, credit, debit and charge card issuers, as well as card payment acquirers in the UK.
Telephone banking fraud losses have also risen 20 percent, showing that social engineering tactics still work - after cold calling a victim and posing as a bank employee, criminals get them to hand over card and PIN details, as Infosecurity-Magazine.com reported.
In response to these threats, the FFA UK is launching a security awareness campaign that includes a phone scam public service announcement, which they refer to as a joint declaration of UK banks, card issuers and building societies.
The declaration explains the type of information that UK banks will never ask for over the phone of UK bank customers, including your 4-digit PIN number, online banking password, or to withdraw and transfer your money to another account for safekeeping. View the full list here.
One of their recommendations to avoid becoming a fraud victim is to ensure you have the most updated security software on your computer, including antivirus. Unfortunately, antivirus isn’t enough to detect many types of banking malware, including Dyre, a well-known trojan that can evade antivirus software, according to IBM security researchers.
This trojan, as well as many other similar banking trojans, seeks out bank account credentials that allow criminals to log in and transfer your money into their accounts. It’s also used by attackers in their latest fraud campaign that uses social engineering aided by call centers to steal bank account passwords and money. Learn more in Banking Malware Targets Wire Transfers; Evades Antivirus.
Recognizing an increase in EU data breaches, the European Banking Authority released guidelines for securing online payments across the European Union (EU) last December, which should include the UK. The use of strong authentication is required, and defined as the use of multifactor authentication. Learn more in August 2015: Deadline for Two-Factor Authentication in the European Union.
Another way to protect against remote attacks on your personal or corporate bank account is to use transaction-level two-factor authentication. Linking authentication to a specific amount and payee means you can secure wire transfers of large amounts by requiring the use of another device to carry out the second authentication process.
The FFA UK provides useful resources for both retailers and consumers. Learn more about the latest threats in our Modern Guide to Retail Data Risks. Ideal for CISOs, security, compliance and risk management officers, IT administrators and other professionals concerned with information security, this guide is for IT decision-makers that need to implement strong authentication security, as well as those evaluating two-factor authentication solutions for organizations in the retail industry.