Banks must educate consumers about fraud says Aite

Consumers still don’t understand the risks of card fraud, according to Aite

Banks need to do more to educate consumers about the ways in which they may be exposing themselves to fraud risks, according to a new report by Aite Group and ACI Worldwide, which notes that one in four consumers has been victimised by card fraud in the past five years.

Aite’s Global consumers: losing confidence in the battle against fraud, compares ACI data from 20 countries on 6,159 consumers’ experiences and attitudes towards fraud. Of all cardholders, 27% have experienced card fraud in the past five years, a percentage unchanged since 2012, while 14% had experienced fraud multiple times. In general, debit cards were safer than credit cards, with 25% of consumers in the UK experiencing credit card fraud in the last five years compared to 15% experiencing debit card fraud

During 2013, there were 1,367 confirmed data breaches in financial services according to data provided by Verizon. The frequency of attacks and high-profile incidents in which customer details were stolen have led to concerns that financial institutions may not be doing enough to protect consumers – a view shared by 18% of consumers in the Aite study. Examples include the Luuuk banking fraud attack in January, in which a Trojan program was used to steal €500,000 from 190 victims, mostly in Italy and Turkey. The problem was discovered by Kaspersky Lab one week after it had begun, but the criminals were able to remove all traces of evidence that might be used to trace them.

Notably, the report states that 49% of consumers exhibit at least one risky behaviour which puts them at higher risk of financial fraud. Risky behaviours include leaving smartphones unlocked, throwing documents with bank account numbers into the bin, and using online banking or shopping without security software or on a public computer. Mexicans and Brazilians were the most likely to act this way, at 33% and 21% respectively for leaving smartphones unlocked and 27% and 30% for throwing bank account numbers in the bin. By comparison, these behaviours were reported by 11% and 13% of consumers in the US and 12% each in Canada.

In Europe, the Middle East and Africa, consumer behaviour is arguably even worse. In Italy and Russia, 20% of consumers actually make a note of their PIN and carry it with their cards, as do 17% of consumers in the UAE. Across EMEA collectively, between 13% and 31% of consumers throw papers containing bank account numbers into the bin. With the exception of the Netherlands (4%), the UK (9%) and France (10%), consumers in high percentages (14%-37%) use computers without security software or public computers for online banking or online shopping. Failure to lock smartphones varies between 9% to 25% in different countries across the region, according to Aite. In general, the trends in EMEA are similar to the Americas, with no significant decline in risky behaviour by consumers and with replacement cards often used less than the cards they replaced (49% in Poland, for example).

“In order for financial fraud to decrease, consumers must play a role,” said Shirley Inscoe, senior analyst at Aite Group. “Unfortunately, data available from prior surveys do not demonstrate consistent downward trends in risky behaviour; this indicates that consumers really don’t understand risky behaviour and the negative impact it can have on them. Consumers are not changing their behaviour in a way that indicates an understanding of risk and a desire to protect themselves.”

On a country by country basis, the United Arab Emirates has the highest level of fraud overall at 44%, followed by China at 42%, and India and the US at 41% each. The safest countries were Sweden at 10% and the Netherlands at 12%, followed by Germany at 16%. The figure for the UK was 28%, down from 34% in 2012. In total, some 55% of respondents are “very concerned” about reclaiming their financial identity if they become a victim of identity theft – a level of concern double what it was in 2011.

The figures also suggest that banks in some countries stand to lose customers after a fraud incident. In Mexico and Brazil, 33% and 21% of consumers respectively change providers after an experience of fraud. In Poland, 40% of consumers change their bank after a fraud, while in Russia the figure is 25% and the Netherlands 21%. Other countries in EMEA reported rates less than 20%. In the US, only 9% of consumers switch providers, and in Canada only 6% do so.

However, even in countries where consumers do not switch, the reduction in card usage that often follows a fraud incident can hit the revenue streams of card issuers. Aite notes that after experiencing fraud, 63% of consumers overall used their card less than they had done previously – a figure that was higher in some countries. In Brazil and Mexico, 60% and 78% of consumers use their cards “much less” than they did prior to the fraud experience. Close to or over half of consumers in all but one country in EMEA use cash or an alternative payment method instead of a card following fraud. The UK is the only country where a majority (63%) of consumers use their card just as much after fraud as they did before.

Aite concludes with four main recommendations to financial institutions to better protect consumers against fraud:

• Educate and help consumers to understand how they can protect themselves against fraud
• Provide specific examples of risky behaviour, such as shopping online on a public computer or not securing their smartphone when it is not in use
• Communicate more effectively so that consumers understand that replacement cards are safe to use and make fraud protection protocols easy to understand and widely available
• Improve customer service by ensuring agents are sympathetic and helpful as far as possible to avoid losing customers

Incidents of fraud, typically involving stolen bank account details, are thought to be on the rise. Last month a PwC survey in the US found that 75% of businesses surveyed had detected a security breach in the last year, while the average number of security intrusions was 135 per organisation. A separate study by security firm Trustwave in May found that 96% of applications have one or more serious security vulnerabilities.

Earlier this month, a major new effort spearheaded by the Bank of England and the UK Treasury was launched to shore up the cyber defences of the UK financial services industry, amid rising concerns that testing has exposed serious unaddressed weaknesses. The initiative, called CBEST, was created together with regulator the Financial Conduct Authority and non-profit security organisation Crest – not to be confused with Crest the central securities depositary – as well as cyber intelligence company Digital Shadows. It sets out a blueprint for controlled cyber security testing, the aim of which is to ensure key financial assets are protected against cybercrime. The tests mimic the actions of threats such as sophisticated cyber-attacks against financial services assets.