Financial Fraud Action UK (FFA UK) is responsible for leading the collective fight against fraud in the UK payments industry. Its membership includes the major banks, credit, debit and charge card issuers, and card payment acquirers have just issued their latest report on fraud FRAUD THE FACTS 2016 - The Definitive Overview Of Payment Industry Fraud in the UK, which shows that:

• financial fraud losses across payment cards, remote banking and cheques totalled £755 million in 2015, an increase of 26% compared to 2014
• total losses by type were:
  • 
• a 53% increase of fraud incidents compared to the same period last year, this means an incident happened in the UK every 15 seconds between January and June 2016.
• prevented fraud totaling £1.76 billion in 2015. (This represents incidents that were detected and prevented by the banks and card companies and is equivalent to £7 in every £10 of attempted fraud being stopped. It is the first time the full-year prevented fraud figure has been collected by FFA UK.)

FFA UK role in driving collaborative action

FFA UK’s primary role is to drive collaborative action to reduce the impact of financial fraud and scams both across the industry and with partners in the public sector, private sector, and law enforcement. Yet no corporates are listed as members of FFA UK which is surely a major weakness in their approach.

FFA UK offer various guides for business include how to deal with:

• data breaches - A toolkit for companies who have suffered a data breach is available on request, see
• invoice fraud
• phone scams
• protect your Internet, mobile and phone transactions
• protect your shops and stores.

You’ve been hit but: who should you tell and when?

“Companies are getting hacked more frequently but aren’t disclosing the incidents in their regulatory filings, a trend that worries investors.” writes Tatyana Shumsky in The Wall Street Journal. 

Shumsky continues, “To use the SEC’s yardstick—whether a data breach is material—company executives have to exercise judgment, seeking to strike a delicate balance.” (As to whom to tell and when.)

It is a particularly delicate balance when to tell shareholders, “Frequent disclosure of insignificant cyber incidents could overwhelm investors and harm a company’s stock price, said Eric Cernak, cyber practice leader at the U.S. division of  German insurer Munich Re.” However, it is generally agreed that Target, who had a data breach involving tens of millions of customers, left it too long before publically admitting the scale of their breach.

(See “Corporate Judgment Call: When to Disclose You’ve Been Hacked” here.)

---

CTMfile take: At least the UK’s Association of Corporate Treasurers should be members of the FFA UK, and leading retailers?