Online banking fraud losses fell by more than a third in the first half of the year compared to the same period last year, a welcome decline following a spate of Zeus-related arrests in the U.S., U.K. and Ukraine.
U.K. banks reported £24.9 million (US$39.3 million) lost due to online bank fraud from January through June, a 36 percent drop from the £39 million lost in the first six months of 2009, according to the U.K. Cards Association and Financial Fraud Action U.K.
But the agencies warned that cybercriminals are a determined bunch. “Over the past five years fraud losses in this area have been fairly volatile over a six-month period so this decrease is not necessarily the start of an ongoing trend. Given this and the fact that fraudsters are still focusing on this type of fraud, the industry will continue to advance its crime prevention initiatives,” the U.K. Cards Association and Financial Fraud Action U.K. said in a statement.
The latest figures showed other bright spots. Card-not-present fraud — where payment card details are used to purchase goods from the Internet or phone or mail-order services — fell 12 percent to £118.2 million for the first six months of the year. It is the fourth year in a row that the type of fraud has fallen and represented the lowest figure since 2006.
The drop was attributed to the increased use by online retailers of 3-D Secure (3DS), better known under the names Verified by Visa and MasterCard SecureCode. Implemented and paid for by e-commerce vendors, the systems require a person to enter a password or portions of a password to complete an online purchase. It does that by showing an iframe before a purchase is completed that is used to connect to the purchaser’s bank and verify a separate password for the payment card used.
Losses from cloned payment cards also fell to the lowest level in five years. Banks reported £28.2 million in losses, a 39 percent drop over the first six months of 2009 when those institutions lost £46.3 million.
Clone cards are created by copying the magnetic stripe on the back of payment cards and then encoding that on a dummy payment card. Russia’s Interior Ministry said on Tuesday it had a detained a Ukrainian national who led a gang that specialized in that trade, also known as “carding.”
But banks reported a significant increase in phishing attacks, where people are tricked into divulging sensitive details either on a Web site or through deceptive e-mail. For the first six months of the year, banks saw 31,448 attacks — a five year high and up 21 percent over the first six months of last year.
Send news tips and comments to jeremy_kirk@idg.com