Card payment fraud trends in the UK: What banks need to know

Those of us working in the payments industry need to be aware of the shifting trends in fraud. These crimes affect our customers and our institutions in a way that goes beyond mere financial loss, diminishing trust and impacting reputation. It's vital that we recognise and understand what's going on and how criminal tactics are evolving in order to protect ourselves and our customers.

And the bad news is that payment fraud in the UK is on the rise. In the first half of 2024, losses due to unauthorised transactions across payment cards, remote banking and cheques grew year-on-year by 5%, according to figures from UK Finance.

They way criminals target payment cards is changing

When it comes to payment cards, there are a number of different ways criminals can target cardholders. Card ID theft, where a bad actor uses a fraudulently obtained card or card details, along with stolen personal information, to open or take over a card account held in someone else’s name, actually decreased by 12% in the first half of 2024.

Counterfeit card fraud, which involves criminals creating fake cards from information stolen from magnetic stripes on a card, fell to less than 7,500 cases during the same period, representing the lowest total since the start of data collection on such incidents. There was also a drop in the number of lost and stolen card fraud cases, though the amount lost due to these crimes increased by 4% year-on-year.

But in other areas, there's been a concerning rise in fraud cases. For example, Card Not Received statistics show a 13% growth to £1.9m between January and June 2024. These cases involve stolen cards being intercepted after they've been issued by the bank but before they reach the genuine cardholder.

Worrying rise in Card Not Present fraud

And there's another particularly worrying trend. UK Finance's research pinpoints a 26% increase in CNP (Card Not Present) fraud as one of the major reasons for an overall rise in payment card fraud losses. This particular type of card fraud involves criminals using stolen card details to buy goods over the internet, the telephone or mail order. It cost the UK economy £193.7m in the first six months of 2024.

SCA (Strong Customer Authentication) requirements have been implemented across ecommerce since March 2022 and initially seemed to be having a positive impact, but there's growing evidence that criminals are using social engineering-based tactics to trick victims into divulging one-time passcodes to authenticate online transactions.

Authorised Push Payment fraud still causing concern

Authorised Push Payment or APP fraud has been a hot topic in the industry for the past couple of years. The total number of APP fraud cases in the first half of 2024 cases was down 16% to 97,344, and losses totalled £213.7m, down by 11%. Again, social engineering plays a big part in these scams – criminals tempt unwitting victims with promises of high-return investments, romance or bargain deals. They persuade them to make payments directly from their bank account, but may also trick them into handing over personal details and passwords too, increasing the chances of a successful scam.

Nearly three-quarters (72%) of APP fraud cases originate from online sources, while email and text message are other attack vectors. One of the big reasons for banks needing to be aware of APP fraud – and to implement measures to reduce it – is that the Payment Systems Regulator (PSR) applied new reimbursement protections for customers late last year. These rules are designed to increase the likelihood of victims being able to recover their losses and not only put the victim's bank on the hook for reimbursement, but the fraudster's bank too.

Mobile banking fraud reaching record levels

The growing preference for mobile banking has also sparked a rise in the number of crimes targeting people using these services. Six in 10 UK adults used a mobile banking app in 2024, and gross losses in H1 2024 to these crimes were at £22.6m, up from £20.6m in H1 2023. There were 9,590 reported cases in this time period – a record for the first half of a year since UK Finance began collecting data on mobile banking fraud.

These frauds occur when scammers use compromised bank account details to gain access to a victim’s bank account through a banking app and are distinct from scams that target online banking conducted via a web browser. While biometric information is increasingly used to verify the identity of people using mobile banking apps, the rise in this kind of crime should serve as a warning to banks that cybercriminals’ tactics are evolving.

The role of AI in fraud

The rise of Artificial Intelligence has changed the fraud scene in several ways. Increasingly sophisticated criminal gangs have been exploiting this technology to not only create more persuasive scams involving deepfake videos, but to also automate their processes to attack at scale.

However, AI is also helping the fight against fraud. Machine learning is a technology that is powering fraud detection engines, meaning vast numbers of transactions can be examined in just a few seconds, suspicious patterns and transactions flagged for further investigation, and many scams – AI-generated or not – can be stopped in their tracks as a consequence. The lesson is that as criminals get smarter, so must the banks.

Combatting card payment fraud requires innovative solutions

And as well as utilising AI in the fight against fraud, there are other innovative solutions that issuing banks can use to protect their customers. Tokenization – the practice of replacing sensitive card data with secure tokens in both physical and online transactions – is a way of not only reducing the possibility of fraud but gives cardholders the ability to use digital wallets that make purchases even more seamless and convenient.

Issuing digital or virtual cards rather than physical cards is also another way to protect cardholders as they are hard to steal and can easily be managed and replaced. Additionally, numberless cards remove visible card details, making it harder for fraudsters to misuse stolen cards. These cards rely on tokenization and biometrics for secure transactions, enhancing overall security.

How Paymentology can be your crime-fighting superhero

Mastercard plans to eliminate physical card numbers by 2030, and tokenization is becoming more common in the payments industry. It’s a question of when – not if – tokenization becomes a regulatory requirement too, so banks and fintechs that want to future-proof their payment cards and protect their customers from fraud, need to act now.

Paymentology can be your crime-fighting superhero. We provide numberless cards, virtual cards compatible with all major digital wallets and tokenization solutions that can help your institution bring its payment cards into the modern age. To find out more about how we can help you, get in touch today.

Found this interesting? Why not check out The Evolution of Cards, from our CEO Jeff Parker which explores the changing face of the payments industry.