Brits who have been victims of online fraud usually get a raw deal from their banks when it comes to financial protection against fraudulent scams, a new report from online payment service Shieldpay has revealed.
Back in August, Caroline Wayman, the chief ombudsman, said that considering how sophisticated today's financial scams and fraudulent operations have become, banks need to do more to help their customers who have been victims of online fraud, rather than blaming the latter for gross negligence.
Banks must do more to protect victims of online fraud
Bank fraud and financial scams involve criminals setting up domain-spoofing and identical websites to lure victims into filling up their banking information on such sites, sending phishing texts and emails to victims by claiming to be banks themselves, and asking victims to share their OTP under the guise of offering genuine services.
Wayman said that banks need to investigate scams thoroughly before arriving at a conclusion to ensure that innocent customers are adequately compensated.
"Unlike most other complaints we see, complaints about fraud and scams involve – whether it’s accepted or suspected – the actions of a criminal third party. So it’s understandable that, in many cases, both the bank and their customer tell us in strong terms that they’re not responsible for what’s happened.
"This makes it harder for us to reach an answer both sides are happy with. But it doesn’t mean usual standards don’t apply. As our case studies illustrate, we’ll expect to see clear evidence that banks have investigated thoroughly – and reflected hard on what more might have been done to protect their customers and their money.
"We also often hear from banks that their customers have acted with “gross negligence” – and this means they’re not liable for the money their customer has lost. However, gross negligence is more than just being careless or negligent. And as our case studies show, the evolution of criminals’ methods – in particular, their sophisticated use of technology and manipulative “social engineering” – means it’s an increasingly difficult case to make," she said.
Wayman's concerns were recently confirmed by a report from online payment service Shieldpay which revealed that even though victims of online fraud lose £608 on average, the amount offered to them by banks as compensation is only £55. Only 37 percent of victims have been fully compensated by their banks.
Online fraud victimised one in four Brits
The Fraud Tracker report added that almost 23 percent of online shoppers in the UK have been victims of online fraud, with eight percent falling victim to online scams more than once. In 14 percent of all incidents, shoppers have lost more than £1000 to online fraudsters.
"Banks, businesses and consumers all have a role to play in taking every possible precaution against fraudulent activity online. With scams rampant, however, this is easier said than done. More responsibility needs to be taken by banks and businesses in protecting customers online, adoption of technology is one solution that can help to eliminate the risk," said Peter Janes, founder and CEO of Shieldpay.
According to Ryan Wilk, vice president at NuData Security, even though figures revealed by Shieldpay's Fraud Tracker report are alarming, they are not surprising at all.
"Fraudulent transactions, particularly when payment information is so easy to access on the dark web, are incredibly common. Additionally, the fact that password re-use is so widespread among users means that if one online account is compromised during a data breach or another type of security incident, a multitude of other online accounts can be at risk," he said.
"It is also possible that, in some cases, the information used to defraud a victim is also enough to steal an identity altogether. For this reason, we are seeing many organisations moving away from the outdated model of passwords and usernames as the primary method of account and transaction access and identifying users based on their behaviour. This type of authentication method that doesn’t rely on credentials is rendering the data stolen by cybercriminals valueless," he added.
According to James Romer, Chief Security Architect at SecureAuth + Core Security, fighting fraud effectively requires a joint effort between banks and consumers, with identity and authentication at the centre of the strategy. Banks need to implement the most comprehensive cybersecurity technology which considers different factors (such as device recognition and geolocation) at the login phase and consistently apply multi-factor authentication(MFA) if risk is detected, to address the threats at the identity level efficiently.