was on the increase in 2008, card identity theft displayed the most
dramatic rise and prompted the greatest concern among security
experts. Fortunately, banks are harnessing cutting-edge technology
to counter the tough challenge this type of theft represents.
Notching up its second double-digit increase in two years,
payment card fraud in the UK jumped by 14 percent in 2008, data
released by payments industry body APACS reveals.
Putting a positive spin on the data, APACS noted that, although
card fraud losses increased, as a percentage of payment card
turnover they amounted to 0.12 percent, down from 0.14 percent of
turnover in 2004. APACS attributed the decline in part to the
positive effect of chip and PIN security.
Largest cause of losses in 2008 was again card-not-present (CNP)
fraud, at £328.4 million ($482 million), up 13 percent compared
with 2007 and accounting for 54 percent of total card fraud. Losses
were incurred on internet, phone and mail order transactions.
APACS stressed that increased CNP fraud should be seen alongside
growing use of online and phone shopping channels, as well as
increasing numbers of businesses accepting cards remotely.
APACS also noted that from 2001 to 2008, CNP losses increased by
243 percent while total online shopping transactions increased 524
percent from £6.6 billion in 2001 to £41.2 billion in 2008.
Gaining ground on CNP fraud in 2008 were losses sustained as a
result of counterfeit fraud which rose 18 percent to £169.8
million. APACS said the vast majority of this fraud is due to
criminals stealing card details in the UK to make counterfeit
magnetic stripe cards for use in countries yet to upgrade to chip
“The industry continues to apply pressure on those countries
such as the US where chip and PIN has still to be rolled out,”
However, it was neither CNP nor counterfeit fraud that drew most
attention from payments security experts. Of greatest concern was a
39 percent rise in card identification (ID) theft to £54.1 million
in 2008. In essence, card ID theft relates to a situation where
someone fraudulently obtains card and PIN details and uses them on
an ongoing basis.
“The increase in card identity theft is the most alarming trend
outlined in the APACS 2008 fraud figures,” said David Dix,
electronic payments expert at security specialist Cryptomathic.
Serious and complicated crime
Although CNP fraud, for example, offers attention-grabbing
headlines its overall contribution to UK fraud is more or less
stable, Dix continued.
“In comparison, card ID theft rose from 6 to 8 percent of total
fraud – up by a third. This represents a frightening rise of a very
serious and complicated crime,” said Dix.
Card ID fraud also caught the attention of Michelle Weatherhead,
manager of payments software vendor ACI Worldwide’s EMEA Risk
“The one statistic that was immediately notable was the increase
in card ID theft,” said Weatherhead.
One consideration in the fight against card ID theft is consumer
education, said Weatherhead. This includes encouraging consumers to
shred card statements when disposing of them, changing PINs
regularly and carefully checking statements, she explained.
However, she continued, there are techniques banks can use to
help prevent fraud.
One approach many banks are adopting is to monitor all activity
on an account, financial and non-financial, and combining
intelligence about how a customer uses all their cards and
accounts, not just an individual one, said Weatherhead.
“This helps banks build up a complete profile of that individual
– how often they travel, where they tend to shop, how much they
usually spend – so that as soon as a transaction occurs that is
outside that customer’s usual spending patterns, alarm bells start
ringing and that transaction can be flagged as suspicious,” she
“What is important is that the banks detect suspicious activity
as soon as the account is taken over, otherwise the fraudster will
build up their own ‘profile’ so activity may appear genuine,” she
The logical step forward from customer profiling is use of tools
such as short message service (SMS) alerting, which banks are
starting to implement to help them stop fraud early, said
“SMS alerting means that if suspicious activity occurs, over a
certain value, or in a type of outlet the customer hasn’t used
before, the bank can send a text message to the customer
immediately, informing them of the transaction and asking them to
respond if it isn’t genuine,” she explained.
This approach, she added, can also be used to confirm with
customers that they have changed their address or requested a new
PIN for example, which can be a first sign of account takeover.
“This combination of activity can enable banks to block
compromised cards quickly, protecting themselves from losses, and
also building confidence with members of the public that they are
protected too,” Weather-head explained.
Unfortunately, she fears when APACS’ statistics for 2009 come
out they will show similar trends to those seen in 2008.
“But as banks embrace the latest technology, just maybe some of
these numbers will start to come down,” she concluded.
Card fraud losses in the UK –
Change 2007-08 (%)
Card ID theft
* Phone, internet and mail order Source: