Fraudsters Are Adapting: Takeaways from UK Finance's 2024 Fraud Report

Words by
Charlotte Russell
July 17, 2024
July 17, 2024

It's not all bad news. In comparison to 2022, the total number of confirmed fraud cases decreased by 1%, and the total amount stolen decreased by 4%. According to UK Finance, £1.2 billion in unauthorised fraud was prevented in 2023, marking a 7% improvement over the previous year.

But fraud is still a huge problem, and fraudsters are evolving. £1.17 billion was stolen in 2023, with a total of 2.97 million confirmed cases.

Contents:

What do you need to know?

Fraudsters are focusing on compromising your personal data

It's part of a 'recurring theme'. As some methods of fraud become more difficult, fraudsters are evolving to discover new and more efficient tactics—often involving a compromise of your personal data via social engineering.

Social engineering is a deceptive technique used by fraudsters to manipulate individuals into revealing confidential information or performing actions that can lead to a security breach.

Common tactics include phishing emails, fraudulent phone calls, and malicious text messages. These tactics often leverage trust, fear, or a sense of urgency to coerce you into divulging sensitive information such as passwords, banking details, or personal identification numbers.

Social engineering isn't new, but the tactics employed by fraudsters are evolving.

Debit and Credit Card ID theft

Debit and Credit Card ID theft is when your card (or card details) and your personal information are obtained by fraudsters, with these details being used to open or take over a card account.

In 2023, Card ID theft was the biggest growing category with a 74% increase in cases, increasing losses by 53%, hitting the highest levels ever reported.

Telephone banking

Accounting for 12% of remote banking losses, telephone banking fraud increased for the first time in 4 years (after declining previously) in 2023.

This happens when fraudsters obtain personal information from individuals or data breaches, and use the information to imitate the account holder over the phone.

Authorised payment fraud

This is when the account holder is tricked into sending money. Although total losses for this category decreased by 5% (£459.7 million), the total number of cases increased by 12% (232,429).

Remote purchase fraud isn't going anywhere

Remote purchase fraud happens when fraudsters acquire your card details. They achieve this through either:

  • Data theft: Third-party data breaches, phishing emails, scam text messages.
  • Digital skimming: Card details are often obtained through code on retailers' websites or deceptive advertising, particularly on social media, that misleads consumers.

Remote purchase fraud has declined for five consecutive years, including a 9% drop in 2023. However, it continues to comprise half of all unauthorised fraud.

To clarify, there's a difference between authorised and unauthorised payment fraud.

  • Authorised: The account holder themselves is tricked by a fraudster.
  • Unauthorised: A third-party party (not the account holder) is tricked by a fraudster.

Here are two examples which would be considered unauthorised:

  1. An accountant is tricked into making a fraudulent payment on behalf of a client, using the client's bank account.
  2. An assistant that regularly makes payments on behalf of a director, using the director's bank account, is tricked into making a fraudulent payment.

UK Finance reports that the fall in remote purchase fraud indicates the effectiveness of SCA (Strong Customer Authentication). You might know this as two-factor or multi-factor authentication.

How can you protect your money and your team?

Relying solely on secure software is insufficient. As highlighted in the insights above and reported by UK Finance, criminals are shifting their focus from system breaches to targeting individuals. Here are some tips to safeguard your finances and support your teams:

Activate two-factor or multi-factor authentication on all software

Two-factor or multi-factor authentication (2FA/MFA) is an essential security measure that provides an additional layer of protection beyond just a username and password. By requiring a second form of verification, such as a code sent to your mobile device, a fingerprint scan, or a security token, it significantly reduces the risk of unauthorised access to your accounts.

This extra step ensures that even if your password is compromised, the attacker would still need the secondary authentication factor to gain access. In an era where cyber threats are increasingly sophisticated, adopting 2FA/MFA is crucial for protecting sensitive information and financial assets, making it more challenging for fraudsters to exploit personal data.

Never give out your two-factor authentication code, even to your software providers.

Educate your teams

Educating your teams about fraud and what to watch out for is critical in building a robust defence against financial scams. It's essential to make fraud awareness a core component of ongoing training, ensuring that all employees understand the various tactics criminals might use. This includes recognising phishing emails, understanding the signs of social engineering attempts, and being aware of suspicious requests for information.

By regularly updating and reinforcing this knowledge, you empower your team to act as the first line of defence, spotting and reporting potential threats promptly. Continuous education fosters a culture of vigilance and response readiness, which is vital in an environment where fraud methods are constantly evolving. Moreover, well-informed employees are less likely to fall victim to scams, thereby protecting not only the company’s finances but also its reputation.

In 2023:

  • £50.3 million was lost in Invoice & Mandate scams.
  • £11.6 million was lost in CEO scams.
  • £78.9 million was lost in Impersonation scams of police/bank staff.
  • £57.3 million was lost in Impersonation scams of other individuals.

Create a procedure

Establishing a clear procedure for fraud prevention to be shared with teams is pivotal for mitigating risks and ensuring a coherent and swift response to potential threats. A well-documented procedure provides a standardised approach that every team member can follow, reducing confusion and delays during critical moments.

The procedure should outline specific actions an individual should take if they do not believe something is legitimate, such as reporting the suspicious activity to a designated fraud prevention officer or using a secure, confidential communication channel.

This may also include steps for verifying the identity of requestors, cross-referencing information, and immediately flagging any abnormal or unexpected requests. By having a systematic approach in place, organisations enhance their ability to respond effectively to fraud attempts, thus safeguarding their assets and maintaining trust with clients and stakeholders.

At a minimum, if something appears suspicious, ensure team members verify it through a different channel. For instance, if they receive an email that seems to be from the Director requesting a payment, they should call the Director to confirm its authenticity.

Test out your procedures

Here at Telleroo, we send out mock fraudulent emails at random to team members to see how they respond to these potential threats. This approach serves as an excellent practical method for reinforcing fraud prevention measures within the organisation. We also use Albert to train team members.

By simulating real-world scenarios, it allows the team to practise identifying and responding to fraudulent activities in a controlled environment. These mock drills can be instrumental in identifying gaps in the current processes and recognising areas where additional training might be required.

Consequently, this proactive testing helps to bolster the overall security framework and ensures that every team member is adequately prepared to handle genuine threats.

Make the most out of your software's fraud prevention features

Leveraging the fraud prevention features available within each software used by the team is crucial for maintaining robust security protocols. These integrated tools often provide advanced monitoring, real-time alerts, and automatic blocking of suspicious activities, which collectively enhance the organisation's ability to thwart potential fraud attempts effectively.

With Telleroo, your bulk payments solution, you can:

  • Verify payee information: With Confirmation of Payee (CoP), you can verify your payee information matches the recipient's account details.
  • See new and updated payee details: We'll flag when new payees are added, or existing ones have been updated so you can check with your team.
  • Scan sort code and account number from Xero invoices: No manual data entry, we'll scan the Xero invoice directly in Telleroo.
  • Multi-factor authentication: Add additional layers of security by requiring team members to verify their identity with a second method, such as a one-time password, before making payments.
  • Set multiple layers of approval: Assign different roles to users. Those who can create pay runs, those who can approve them, and those who can do both. Additionally, you can enable Dual Approval, requiring two separate team members to approve a pay run before it is sent, adding an extra layer of security.

And so much more! Discover more about Telleroo and fraud prevention:

Last but not least, what's the good news?

It's not all doom and gloom, let's have a quick look at the positives from 2023:

  • Card not received fraud (where debit or credit card was intercepted in the post before the genuine cardholder received it) was the lowest it's been since 1991.
  • Remote purchase fraud was the lowest it's been since 2014.
  • Internet banking fraud was the lowest it's been since 2014.
  • Authorised investment scams are at their lowest levels since 2020.

Read the full 2024 UK Finance Fraud Report here.

Categories
Accounting
Banking
Bacs payments
Bookkeeping
Faster payments
Share this post
About the author
Charlotte Russell
Marketing Manager
With pen to paper, Charlotte creates your go-to resources for accounting, bookkeeping and payments! Also Telleroo's meme-ologist (making you laugh on Telleroo's LinkedIn).
Related posts.
Payroll for triple-digit teams: How FAB Accountants offers speedy and effective payroll management using FreshPay and Telleroo
November 6, 2024
Accounting
Payroll
Payment Security
Xero
Case studies
Reimbursement for APP Fraud: A Guide on Your Rights
October 7, 2024
Accounting
Faster payments
Payment Security
Reconciling payments in Xero: A Step by Step Guide
September 4, 2024
Bookkeeping
Xero
Company & Products
AccountantsAPICostsIntegrationsBlogSign upBusiness owners & FDsAccountants & BookkeepersAccounting Resource Hub
Contact & Support
Contact usHelp SiteComplaintsLinkedinTwitterFacebook

Telleroo (Firm Reference 902767) is an agent of Moorwand (Firm Reference 900709). Moorwand is authorised by the Financial Conduct Authority (FCA) Firm Reference 902767, under the Electronic Money Regulations 2011 and the Payment Services Regulations 2017. Telleroo distributes electronic money issued by Moorwand and can provide other payment services on behalf of Moorwand. Moorwand holds all relevant client funds in a safeguarded account at ClearBank Ltd (Firm Reference 754568), regulated by the Prudential Regulation Authority and the FCA.

Give us a call: 0203 6334 810

St Mary's Court, Amersham, Buckinghamshire,
England, HP7 0UT

Privacy PolicyTerms & ConditionsAPP Fraud Reimbursement