Article by Luke Christou – Verdict
21 March 2019
While physical credit card fraud continues to decline, last year saw a sharp increase in the amount of money stolen through online financial fraud incidents.
According to a new report titled Fraud: The Facts 2019 published by financial services trade association UK Finance, consumers in the United Kingdom lost £393.4m in 2018 to internet and ecommerce fraud.
That was an increase of more than £80m or 27% on the previous year, when £310.4m was lost. This is the second biggest annual increase in a decade, topped only by a 36% increase in 2013.
The sharp rise is likely a result of the increase in data breaches that was seen in 2018, as a number of major companies suffered high-profile breaches, as well as countless numbers of small businesses and websites. This was highlighted by the Collection #1 breach data dump that was discovered in January, which contained records of 773m compromised online accounts.
“Some of this is well publicised; like when a major retailer is hacked or suffers a data breach or loss. Some is not reported; for example smaller breaches, individual thefts and more,” said cybersecurity expert Malcolm Taylor, Director Cyber Advisory at ITC Secure. “The end result is the same in both cases; our credit card details in the hands of criminals, and these criminals using them to make fraudulent purchases online.”
Much of the data stolen in these data breaches ends up for sale on the dark web, where cybercriminals can purchase huge data sets using untraceable cryptocurrencies at a relatively small price, and begin stealing money from their victims’ accounts.
Consumers need to do more
While businesses are increasingly spending on cybersecurity with regulators increasingly breathing down their necks, Taylor feels that many still lack the cybersecurity practices needed to adequately protect their users:
“Corporations are increasingly taking steps to prevent hacks and breaches, by recognising the threat from cyber criminals and putting in place appropriate levels of training, the necessary governance, and the essential technical security controls; although many need to do more, and more quickly.”
Short of shunning ecommerce altogether, there is little that consumers can do to protect themselves from data breaches involving large retailers. Yet, consumers can still aim to defend themselves as best as possible. Notably, Taylor feels that consumers should be more cautious where they are entering their payment information:
“There are also some steps we can take ourselves; recognise the value of our cards and protect them online as we do in our wallets. Don’t give them out unthinkingly. Only use websites from reputable dealers and with a secure web page (the green padlock, top left). Be aware of the risk presented by phishing emails; learn how to spot them, don’t click on anything in them, and in particular with fraud in mind don’t fall for the scam where we are asked to “re-confirm” credit card details – for re-confirm, read ‘give away’.”