In the never-ending cat-and-mouse game between those looking to defraud consumers and others looking to protect them, the advent of enhanced Strong Customer Authentication (SCA) for payments has equipped consumers with a key weapon.
In the U.K., for example, new SCA rules for eCommerce came into effect in March and have been aimed at reducing fraud by verifying a customer’s identity when they make certain higher-value online purchases.
The good news is that recent data from UK Finance shows that in the first half of 2022, almost 610 million pounds (about $690 million) was stolen by criminals through authorized and unauthorized fraud, representing a 13% decrease compared to the same period last year. The bad news, however, is that criminals have quickly adapted their tactics to circumvent the new SCA requirements.
The group, which represents some of the U.K.’s largest banks and payment service providers, found that criminals are using social engineering methods to convince consumers to share the one-time passwords that are used to authenticate payments — a type of fast-growing scam known as Authorized Push Payment (APP) fraud.
While overall APP fraud declined in H1 2022, two subtypes, romance scams and advance fee scams, surged both in the number of cases and the total value of losses.
In a romance scam, which typically takes advantage of social media and dating websites, the victim is persuaded to make a payment to a person they believe they are in a relationship with.
Advance fee scams, on the other hand, are when fraudsters claim to require advance payment in order to release a larger sum of money. Examples include claiming that the victim has won an overseas lottery or received an inheritance.
In some of the most costly cases of APP fraud, criminals have been known to target real estate transactions. In these instances, fraudsters will sometimes monitor home buyers, estate agents and property lawyers over a period of months using hacked credentials, malware and compromised accounts.
With the information gathered, these criminals intervene at the point when buyers are ready to make payment and manipulate people into transferring money to fraudulent accounts, convincingly posing as the legitimate payee.
The Return of Face-to-Face Scams
In general, UK Finance puts the reduction in fraud cases down to British consumers returning to pre-pandemic routines. As a result, the record fraud levels that occurred in 2021, when APP fraud alone jumped by 39% to £583 million ($659 million), have somewhat declined.
But now that criminals have less opportunity for digital scams, there’s been a notable increase in non-digital payments fraud, especially as the UK economy has opened up and more and more people have returned to in-store retail and cash transactions.
For example, ATM fraud, which includes distraction theft and entrapment devices, is up 8% Year-on-Year (YoY), per the report. And as spending via contactless cards increased by 76% in H1 2022, fraud on contactless cards and devices more than doubled in the first six months of the year.
Across all in-person fraud types, which also include scams in which criminals convince their victims to willingly hand over their cards, there was a 72% YoY leap in gross losses to UK consumers, a strong indication that the fight against fraud is far from over.
For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.