Financial fraud in the first half of 2016 in the UK grew by a quarter, totalling £399.5 million, according to figures from Financial Fraud Action UK. Published on 12 October, the study refers to online attacks and scams using payment cards, remote banking and cheques. However, it also estimates that the cost of financial fraud would be much higher if banks' security system weren't preventing about 60 per cent of all attempted frauds. It's estimated that bank security prevented an additional £678.7 million being stolen.

Is six out of 10 good enough?

The question is, if bank security systems are preventing just over 60 per cent of financial fraud attempts, is that good enough? It means that bank systems fail to pick up the fraudulent transaction in just under 40 per cent of cases. Should we expect more from bank security technology?

One of the biggest areas for fraudsters are credit and debit cards. The Financial Fraud Action UK study found that losses on payment cards, including remote purchase fraud, lost and stolen cards, card not received, counterfeit card and card ID theft, stood at £321.5 million, compared to £244.6 million in the first half of 2015, an increase of 31 per cent. The prevented loss for cards stood at £475.7 million.

Answers to a 'growing crisis'

Howard Berg, of Gemalto, describes card-not-present (CNP) fraud as “a growing crisis”, which has cost the UK economy £1.7 billion since 2010. CNP accounts for 70 per cent of EMV card fraud. In his blog post Berg also says this is a serious problem for the US. The main weakness identified by Berg is static security on cards. Unlike some online services (email accounts, shopping sites) that require customers to change their security data periodically, the security data for payments cards doesn't change until the card expires. This gives criminals ample time to gather information and execute a fraudulent transaction (or series of transactions). Dynamic Code Verification (DCV) is one answer to this problem, allowing consumers to receive a temporary security code each time they want to buy something. In future the temporary security code could be transmitted to the consumer onto the back of the payment card or through a mobile-based application.

---

CTMfile take: DCV sounds like a step in the right direction. What's clear is that banks need to do something to improve payment security. After all, if we think of security technology as a gate that only stops six out of 10 criminals from entering, then we begin to wonder just how safe our bank accounts really are.