£354 Million Lost To Authorised Push Payment Fraud In 2018

Financial fraud losses, both authorised and unauthorised exceeded £1 billion in 2018, and increased by 16% compared with 2017’s figures.

Staggeringly, the UK Finance report ‘Fraud the Facts 2019’ emphasises the immense power cyber criminals and fraudsters have in persuading us to hand over our money to them.

In 2018, authorised push payment fraud (APP) (a scam whereby the criminal tricks their victim into sending money directly from their account to an account which the criminal controls) volume increased by 93%.

In 2017, 43,875 attempts were made to convince individuals or businesses to part with their money. By 2018, as social engineering tactics and impersonation methods become more sophisticated, this number had grown to 84,624.

Unfortunately, the success rate of authorised push payment fraud is also on the rise with £354.3 million successfully stolen last year. This represents a significant increase from the £236 million extracted in 2017.

Even though £42.3 million that was repatriated with the customer represents an 87% in returned money, it clearly highlights the extent of the losses and difficulty in returning the money once this type of fraud has taken place.

Although malicious redirection fraud, which includes conveyancing fraud, was only the third most popular type of APP in 2018, it represented the greatest overall loss with £123.7 million being stolen in the UK last year and only £34 million being returned.

The 7,544 malicious redirection scams completed, over 9,000 payments were made with an average individual loss of £20,750. These statistics highlight the importance of ensuring the people you are communicating with are legitimate.

The use of spoofing software and compromising a company’s email communication has been lucrative business for cyber criminals last year. The 603 reported cases yielded a return of £14.8 million. When client data and business reputation has never been so important, failing to protect your domain by using DMARC technologies could be extremely detrimental to your firm or business.

Impersonation fraud using fake domain websites and email addresses very close to the legitimate source also increased with £92.7 million being stolen through these means. Almost 11,000 (10,924) individuals and businesses were affected by impersonation fraud in 2018.

Authorised Push Payments made up a third of the total money lost due to fraud in 2018.  56% involved payment card fraud, 12% were vulnerable to internet banking and 2% involved fraudulent cheques.

There are so many ways to protect your business from financial and reputational damage. Although there is no certainty that cyber criminals and fraudsters will not find a way through security defences, ensuring that your firm has a valid cyber certification to protect against viruses and DMARC to shield from spoofing and phishing attempts will ensure that your firm is doing everything possible to avoid being another tragic statistic that will make up the report in 2020.

Is your business protected from cyber criminality? Are you concerned by the increases in APP fraud?

Find the full report here.

 

X