There was a grand bargain struck between individuals and banks when we began moving away from cash and towards electronic payments. Transactions would become faster, more efficient and more profitable for the banks, and in return individuals would be protected from fraud. That bargain is perilously close to falling apart.
Financial Fraud Action UK (FFA UK) has issued its “definitive overview” of payment fraud in the UK, and the figures make for miserable reading. Total fraud jumped by more than a quarter in 2015, with 1.5m card accounts in Britain raided by scam merchants who stole more than £750m.
To put that figure in context, it is 15 times Britain’s biggest ever single cash heist, the 2006 raid on a Securitas depot in Tonbridge in Kent, which netted £53m. Two years later the five criminals were jailed for between 15 and 20 years each.
The far more numerous victims of cyberfraud rarely see the villains locked up behind bars. FFA UK says the banks are collaborating on a “strategic threat management process” and “intelligence sharing” with the police and other agencies, but the reality is that in too many cases they do little to pursue fraud, and far more worryingly, seem happy to blame the victims.
The fastest growing area of bank fraud is crooks gaining online access to, and transferring funds from individuals’ bank accounts, often by posing as a member of staff or even the police.
In these cases, the bank’s default position seems to be that the customer has done something wrong – by answering phishing emails or by being careless with their personal data, usually over social media. In some cases they are right to apportion blame, but the sophistication of many of the scams is quite breathtaking, catching even the most savvy online consumer.
The Guardian has previously highlighted the story of a professional couple who lost £25,000 after hackers intercepted emails, issued fake invoices and convinced them to pay money into a fraudulent account.
Shockingly, Barclays, which operated the account the fraudster used to accept their money, said it does not report such crimes to the police on the grounds that “the bank is not the victim”. So much for “intelligence sharing”. Needless to say, the unfortunate couple have seen none of their money back.
Given the meteoric rise in contactless payments, Apple Pay, Android Pay, Samsung Pay, Paym, new online-only banks such as Atom, Fidor, Tandem, Mondo et al and almost daily launches of new banking apps, what customers need is a new grand bargain.
When credit cards first launched, customers were safe in the knowledge that £50 was the most they were down for if it was stolen or misused. Can we have less of the strategic threat management processes, and more simple, easy to understand protections such as the £50 limit?