Today’s UK card fraud figures show some good news but also highlight areas where there is room for improvement. In other words it’s a case of some swings, some roundabouts.
First of all, there has been an increase in online banking fraud, growing 14% from £52.5M to £60M, which would seem to indicate that the improvements in reducing on-line banking fraud which were seen two years ago have stalled. At that time three major UK banks introduced Chip&PIN card CAP readers, adding two-factor authentication to their customers’ online banking security, but there have been no further moves by the other UK banks since then. Many banks rely on back-end analytics to protect their customers from on-line banking fraud, and while this certainly plays an important part in protecting them, relying on back-end analytics without strong authentication of users is like installing a burglar alarm but leaving the front door wide open. We have all heard the complaints that it’s inconvenient having to have a card reader to hand to do online banking, but other forms of two-factor authentication are now surfacing that help overcome this hurdle. Mobile phone based two-factor authentication, for example, is an effective alternative because most people carry their mobile phone with them pretty much all of the time.
On the good news side, card-not-present fraud, usually associated with online retailing, has fallen by almost 20%. Perhaps as the UK Card Association says, this can be attributed to the increased use of Verified by Visa and MasterCard SecureCode. However, here too there is potentially room for improvement. As has been shown by people’s reluctance to use card readers, anything that requires extra hardware or extra passwords is always going to struggle to get off the ground. MasterCard SecureCode and Verified by Visa passwords could actually be replaced with the same strong authentication that is used for online banking – hence cutting down the number of devices or passwords consumers need, improving security, and meaning the same form of strong authentication is used for both channels. This would mean not only further progress in combating fraud but would also make things easier for the customer. Now wouldn’t that be something?