Fraud sector charter: retail banking (accessible version)
Fraud risks specific to the Retail Banking Sector
Fraud loss by type (2020)
Authorized push payment fraud (APP)
Loss of £ 479million.
A criminal tricks his victim to send money directly from his account to an account controlled by the criminal. This covers ‘malicious beneficiary’ type fraud, such as investment and purchase scams, as well as ‘malicious redirect’ type frauds, such as identity theft and bill forwarding scams. . This is currently the main concern of the banking sector. (See actions 1 – 3), (5 – 7).
Unauthorized card fraud
Card not present (CNP): loss of £ 453 million.
Other: loss of £ 122 million.
Captures fraud committed using payment card information issued in the UK. The most important element relates to “card not present” (CNP) fraud, where a criminal uses the details of a stolen card to purchase something over the Internet, over the phone or by mail order. The adoption of strong customer authentication is expected to significantly reduce the prevalence of this type of fraud. (See actions 2, 3), (5 – 7).
Remote banking fraud
Loss of £ 197million.
A criminal accesses an individual’s bank account through remote banking channels, usually by manipulating the potential victim and their device, and performs an unauthorized transaction on the account. (See actions 2, 3), (5 – 7).
Key Fraud Facilitator
Silver mule activity
Accounts receivable are used by criminals to receive and launder the proceeds of illegal activity. (See action 4), (5 – 7)
Actions to combat the risks of fraud in the retail banking sector
Action (1) – Stimulate cross-sector engagement against fraud to fight APP fraud – by creating an evidence base (January 2022)
Goal: Develop an evidence base to illustrate the points of origin of fraud suffered by bank customers.
action: UK Finance will coordinate the banking industry to capture a consistent set of data points as fraud is reported or identified. This data will be used to produce an analysis of fraud suffered in the banking sector that illustrates points of origin, which will be shared with the Home Office to help in an intersectoral fight against fraud.
Results: Evidence base established to support intersectoral engagement.
Action (2) – Develop a cross-sectoral data breach response plan to protect consumers against fraud (December 2021)
Goal: Improve coordination between law enforcement and the private sector on fraud prevention measures in the event of a data breach.
Data breaches can lead to fraud through:
- no-show card fraud using stolen bank details; and
- Fraud at APP and remote banking by social engineering from stolen personal data
action: To complement existing guidance on mandatory reporting responsibilities, the government will explore the development of a set of actions that the data loser, law enforcement and other relevant public and private sector bodies should take in the event of a data breach.
Results: Reduction of the risk of fraud thanks to the implementation of a playbook of standardized actions.
Action (3) – Leverage technology to increase fraud detection and prevention controls (June 2022)
Goal: Balancing the efficiency of the customer journey with fraud prevention.
action: UK Finance will support the ongoing review of the existing payments architecture, promoting the changes that could be most effectively adopted by the industry to help prevent fraud. The banking industry will also explore promoting better use of existing account features that could be better used to help protect customers.
Results: Increased use of account features that protect customers from fraud.
Action (4) – Take action to reduce the impact of Money Mules in facilitating fraud (June 2022)
Goal: Increase the effectiveness of the deterrents for the “Money Mule” activity and apply them consistently.
action: The banking industry will develop a strategy to enable it to respond consistently and subsequently reduce Money Mule activity levels across the industry. This will include government and law enforcement support to increase the effectiveness of the deterrents for the identified Money Mules.
Results: A coordinated public-private strategy that reduces the impact of the Money Mule activity.
Action (5) – Explore possibilities to improve fraud prevention and repatriation of funds to victims (December 2021)
Goal: The banking industry, government and regulators are working together to prevent fraud.
action: The banking sector will work with a wide range of partners including law enforcement, regulators, government and other sectors to identify and address identified vulnerabilities based on a common understanding of the threat. This will include identifying and evaluating potential options for operational or policy changes to address vulnerabilities, taking into account legislative and regulatory changes where appropriate and feasible. In addition, the government will explore the necessary mechanisms (legislative or otherwise) to allow more efficient repatriation of stolen funds to the identified victim, and to enable the release of untraceable funds currently held in suspended accounts.
Results: A collaborative approach between regulators, government and the banking sector for fraud prevention.
Action (6) – Increase awareness of fraud and change customer behavior (March 2022)
Goal: Plan and execute education campaigns to educate consumers and reduce their vulnerability.
action: The banking sector will support the police in the conduct of an intersectoral communication strategy that delivers a coherent message in several different sectors.
Results: Increased awareness of fraud through a cross-sector communication strategy, changing customer behavior to reduce fraud.
Action (7) – Support for victims
Goal: Encourage the reporting of victims and improve consistency in the treatment of victims.
action: The banking industry will work with victim support groups to ensure that victims are properly and consistently informed of where they can get help in the event of fraud. The banking sector will also support the Joint Fraud Taskforce in developing a plan for better sharing of victim data among other applicable sectors.
Results: Consistent victim support to reduce re-victimization.
This voluntary charter is supported by UK Finance on behalf of its members:
- Allied Irish Bank (GB)
- Bank of Ireland UK PLC
- Barclays Bank Plc
- Capital One (Europe) plc
- Citigroup Global Markets Limited
- Clydesdale Bank plc
- Cooperative bank plc
- Coventry Construction Company
- Danske Bank
- Hampden & Co
- Handelsbanken plc
- HSBC Bank Plc
- Investec Bank Plc
- Limited loanable transactions
- Lloyds Banking Group
- Metro Bank Plc
- Modulr ICB Limited
- Monzo Bank Limited
- National construction company
- NatWest Group Plc
- Nedbank private heritage
- NewDay Ltd Cards
- Railsbank Technology Ltd
- Revolut SA
- Sainsbury’s Bank plc
- Santander United Kingdom Plc
- Plc Secure Trust Bank
- Starling Bank Limited
- Tesco Personal Finance Plc
- TSB Bank
- Yorkshire Building Society