UK Fraud Report 2024: Progress, challenges and future solutions

The UK Finance Annual Fraud Report 2024 contained some good news and some bad news when it comes to how the UK is continuing to deal with the fraud pandemic.  

 Starting with the good news: 

• Total losses were down 4% compared to 2022, including a 5% decline in APP Fraud losses 
• Investment scam losses dropped 5% in the last 12 months along with decreases in losses associated to impersonation fraud involving the impersonation of police and bank staff (down 28%) and CEO scams (down 14%) 
• 62% of all victims were refunded their losses by their banks, an increase from 59% in 2022 

 Then the not so good news: 

• £1.17bn was still lost through fraud in 2023 – a staggering number 
• Total scam cases are up by 12% to over 230,000 in 2023 – an extra 25,000 victims from fraud (or 500 per week) 
• Purchase scams are a rapidly growing issue with £86m in losses (up 28%) and 156,000 cases (up 34%) 
• Romance scams losses also climbed 17% to £37m from over 4,000 cases (up 15%). 

 So what does this tell us? Primarily that efforts being made around customer education and bank fraud prevention and operational processes are combining to address some of the key challenges facing the UK on fraud. Decreases in losses have been seen in scam types that involve a form of impersonation – for example where the fraudster impersonates an investment opportunity, bank staff or the police. It’s worth spending some time thinking about how these scam types are being prevented.  

Consumers today are being constantly exposed to evolving and increasingly sophisticated forms of impersonation fraud.For banks it is key to make customer education a part of their fraud prevention strategy. It’s important to understand what channels do your customer engage with, to ensure your messages are personalised to the risk that the customer is facing and that they are engaging with the message.  

Secondly through financial institutions having strong outbound payment risk detection that identifies whether the individual is making a payment which does not match their usual behaviour, especially to a new beneficiary for them. This is based on fraud risk being identified on the behaviour of the person sending the money. Are they behaving abnormally. This alerts the bank to the risk of the payment being fraudulent allowing them to slow the payment down and contact the victim, using information they have to ‘decode’ the fraud and understand why the victim could be at risk. Because these fraud typologies involve impersonation there are ‘facts’ that can be used to decode the fraud – including stating that the payment behaviour matches other similar scam types, they are asking for a large sum of money for example, and that the new beneficiary details are highly suspicious. 

 Where these existing protections are seemingly proving less effective are in preventing romance and purchase scams. These scam typologies are not based on impersonation of a specific individual – anyone could be selling their car or dating online. They also don’t rely on mismatches in pattern behaviour of the person sending the money. Regarding purchase scams, victims typically use their bank account to pay for items online – even using account-to-account payments for this has become common – and the sums involved are comparatively low as the average purchase scam is £548 (however that still brings with it both a financial impact for the victim and the sense of guilt and loss that comes with being a victim of a fraud). Romance scams operate differently with relationships being built up over a long time between the fraudster and the victim and on average the fraud involves 10 payments. Again this makes identification based on sending account behaviour a significant challenge. Customer education is also of limited benefit as making an online purchase has become second hand nature to many individuals and romance scams spend a very long time emotionally manipulating their victims to remove any impact of education. 

 So how can banks have an effective impact on these scam types and provide even better protection for their customers? We believe the two keys here are Collaborative Intelligence and Inbound Payment Screening. 

 Collaborative Intelligence are fraud risk models built on network data so rather than relying on identifying pattern behaviour associated with known frauds based only on the person sending the money, they also identify risks based on the beneficiary and the relationship between the two as well as using pattern behaviour from across a network rather than a single bank’s data. 

 Inbound Payment Screening is using the same technologies and techniques on the receiving side of the transaction as on the sending side. Identifying risk associated with the incoming payment and intercepting the payment while you engage with the recipient to confirm the legitimacy of the payment – or slowing down any means of the beneficiary using those funds. 

 Why are these key for purchase and romance scam prevention? Collaborative Intelligence gives risk scoring and explainability on the beneficiary as well as the sender by training the model on confirmed fraud behaviour on outbound and inbound payments across a network. A fraudster who is using a previously dormant account for committing the fraud, for example – or one that lacks the normalised account behaviour of a beneficiary – will be identified more effectively by a Collaborative Intelligence solution. Fraudsters may utilise mule accounts to overcome this but using Collaborative Intelligence in conjunction with Inbound Payment Screening will ensure that the bank responsible for the beneficiary can combine the risk score with their own account details to review the risk of the payment – so for example a student account suddenly receiving tens of thousands associated with romance scams can be better identified, or a high risk purchase scam behaviour being identified on an account which has not been identity verified becomes easier to block. Crucially these also alert the receiving bank operations team to the risk, giving them the chance to block the account and reach out to the account holder asking them to, for example, identify themselves or explain the nature of the incoming payment to clear the funds. By stopping the fraudster from using the funds for 7 days – for example – you provide the victim with more of an opportunity to realise they have been the victim of a scam and request the money to be returned to them. The money only becomes a liability once the fraudster is able to move the money out of the commercial banking network and it can no longer be returned to the victim. By working together the sending and receiving bank can both support the victim and prevent the funds clearing for the criminal to benefit. 

 Form3’s APP Fraud Prevention solution is in production now and provides a Collaborative Intelligence risk score for all participating banks enabling them to manage their outbound and inbound risk across the range of scam typologies. This model has already demonstrated an exceptionally high level of effectiveness at being able to identify previously missed fraudulent transactions, including being able to identify 90%+ of all missed fraud between two participants of the consortium that participated in our model development, and uses explainability to not only provide a risk score but also share key details on what triggered that score which banks can use in their operational processes to improve investigations and better support customers.