Fighting malware and spam

UK bankers show 44% rise in online theft

APACS study records major increase in phishing fraud earnings.

UK banking payments body APACS has released its latest figures for credit card and other types of banking fraud, showing a sizeable drop in straight card fraud but a similarly large rise in funds stolen via phished online banking details. The figures compared reports for 2006 to those received in 2005.

Standard credit card fraud taking place at the point of sale in UK retailers fell by 47%, thanks mostly to the introduction of 'chip-and-pin' systems to replace signature-based authentication. A jump in card scamming abroad, with signatures still the main form of identification, brought the total back up but there was still an overall decrease of 3%. Cheque fraud was also down, by 24%, in line with a general decline in cheque usage.

Online fraud, however, went up by a massive 44%, with £33.5 million scammed from online bank accounts. This compares to £23.2 Million in 2005 and just £12.2 million in 2004. Phishing 'incidents' are recorded at 14,156, also a huge rise from the 1,713 reported the previous year. No distinction is made in the report between banking details obtained via spammed links to spoofed banking sites and login information stolen by spyware.

'These figures reflect a worrying trend which is hitting banks and their customers worldwide,' said John Hawes, Technical Consultant at Virus Bulletin. 'The phishing problem is growing in scale and sophistication, with technical advances and new social engineering techniques spotted almost daily. The banks need to shoulder some of the responsibility for this, and ensure their online systems are as secure as possible, but users will always be a weak link in the chain and need to exercise caution when carrying out financial transactions across the web, particularly avoiding responding to unexpected emails requesting personal information.'

The report from APACS is available here.

Coinciding with these fraud figures, security measures in UK banks have come under fire in a report from the Information Commissioner's Office (ICO), which criticises several major banks for disposing of sensitive customer data in an insecure manner. Its report, naming 11 banks found to have dumped paperwork with personal information in freely-accessible waste bins, can be found here (PDF format). A list of the banks, and links to their signed undertakings to improve disposal methods, is here.

14 March 2007

Tags: