Online banking hit by rising fraud levels

Online banking fraud has risen by 55 percent due to the impact of phishing attacks

Online banking fraud has risen by 55 percent in a year, mainly due to the impact of phishing attacks, according to new research from UK payments association Apacs.

Internet fraud incidents caused losses of £22.5m in the first six months of 2006, compared to £14.5m for the same period last year. This is almost a six-fold increase compared to losses during January to June 2004.

Apacs said the losses were mainly due to phishing incidents, which have grown dramatically. There were more than 5,000 phishing incidents in the first half of this year, compared to only 312 for the same period last year.

The study revealed that overall card fraud has fallen by five percent, from £219.5m to £209.3m, a drop Apacs attributed to the introduction of chip and Pin systems.

Losses from internet, phone and mail order fraud were £95m, a rise of 5 percent compared to last year, although the increase is at a slower rate than in previous years. However, the research indicated that card-not-present fraud is now responsible for almost half of all fraud incidents.

David Emm, senior technology consultant at Kasperksy Lab, said education played a key part in reducing online fraud. “Phishing has been around for a while, but there are new people coming online all the time who aren’t aware of it and need educating,” he said. “And the more you can use technology to filter and block threats like phishing, the more secure the internet will be.”

Emm added that while there is still money to be made from phishing, the problems will continue. “Why change a successful plan? It’s like in prohibition, the gangsters weren’t going to stop selling liquor when they were doing so well. And phishers can rake in thousands a week,” he said.

Some experts argued that two-factor authentication systems, which require a token or card and a one-off log-in code, could help tackle online banking fraud. Emm pointed out that while these systems could prove useful, “If you have something on your system and you don’t know it’s there, you end up authenticating the malicious code as well.”