to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News
- Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID

You Tell Us:

We use SSL Technology for web data entry points:

What is SSL?

Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Phorm, Webwise and OIX
- BCS Security Forum

'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use

basel 2 sarbanes oxley
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

Card fraud losses continue to fall

compliance and privacy

Current News Updates

Card fraud losses continue to fall 

  • Total card fraud losses fall from £439.4m in 2005 to £428.0m in 2006
  • Card fraud losses at UK retailers fall by 47%
  • Online banking fraud increases from £23.2m in 2005 to £33.5m in 2006
  • Cheque fraud losses fall from £40.3m in 2005 to £30.6m  

2006 fraud figures released today (14 March 2007) by APACS, the UK payments association, show total card fraud losses fell by three per cent in the past year to £428m – a decrease of nearly £80m over the past two years. This fall has been driven by a 13 per cent decrease in UK domestic fraud and the combined reduction of more than £45m in mail non-receipt and lost and stolen fraud.

Credit and debit card fraud losses on UK-issued cards split by fraud type

Fraud Type

2006 (+/-change on 2005)



Counterfeit (skimmed/cloned) card fraud

£99.6m (+3%)



Fraud on stolen or lost cards

£68.4m (-23%)


£114. 5m

Card-not-present fraud (phone/internet/mail)

£212.6m (+16%)



Mail non-receipt

£15.4 m (-62%)



Card ID theft

£31.9m (+5%)




£428.0m (-3%)



Contained within this total:




UK retailer (face-to-face transactions)

£72.1m (-47%)



Cash machine fraud

£61.9m (-6%)



Domestic/International split of total figure:




UK fraud

£309.8m (-13%)



Fraud abroad

£118.2m (+43%)



The introduction of chip and PIN has made it more difficult for fraudsters to commit card fraud in the UK , with losses at UK retailers falling by £146.7m over the past two years. However, criminals are still targeting our cards with the aim of copying the magnetic stripe data. They use this data to create counterfeit magnetic stripe cards that can potentially be used in countries that haven't upgraded to chip and PIN. This has caused the increase in fraud abroad losses over the last 12 months.

Over the same time period, card-not-present fraud losses have increased by 16 per cent and now account for just under 50% of all card fraud losses. To put total fraud losses further into context, however, losses as a percentage of plastic card turnover equated to 0.095% in 2006 – significantly less than the 0.141% figure in 2004.

Sandra Quinn, director of communications at APACS, says :

“These figures clearly show that there is no one-size-fits-all approach to dealing with fraud. Chip and PIN has had a hugely positive effect on fraud losses over the counter in UK shops and stores, but we are seeing more fraud on transactions that do not use chip and PIN – such as over the internet and phone, by mail order and abroad in countries that have not yet fully upgraded to chip and PIN.

“Fighting fraud is never going to succeed with a single-layered approach. It requires different sectors – including public and private – to work together on developing and implementing strategies, sharing best practice and, most importantly, sharing data. We need Government intervention to remove the current barriers to this and we welcome improvements proposed in the Fraud Review and the Serious Crime Bill.”

A number of measures are currently in place to tackle card-not-present and online fraud, such as an automated cardholder address verification and card security code system, and MasterCard SecureCode and Verified by Visa ( and ). APACS urges online shoppers to register with Verified by Visa and MasterCard SecureCode whenever they are given the option of doing so. Cardholders simply need to register a private password with their card company for use when shopping online at participating retailers.

The banking industry is working on the next generation of fraud prevention solutions to help tackle fraud in non face-to-face transactions (i.e. e-banking and internet and telephone shopping). APACS is liaising with banks, card schemes, retailers, trade associations and systems vendors on the implementation of a trial of one such solution that builds upon chip and PIN technology and will enhance the online protection already offered by systems such as MasterCard SecureCode and Verified by Visa.

On top of this, the payments industry continues to commit and invest funds in programmes and initiatives to fight fraud. Over the past five years, the industry has:

  • Invested £1.1 billion in the rollout of chip and PIN
  • Established the Dedicated Cheque and Plastic Crime Unit (DCPCU) – the special police unit that specifically tackles plastic card and cheque fraud – a funding commitment of £3m per year by the banking industry

Promoted retailer take-up of the Industry Hot Card File (IHCF) – an electronic database that enables retailers to check whether a card is being used fraudulently. Over 335,000 cases of attempted fraud were prevented by this system in 2006. The system is now being used successfully at motorway tollbooths in France to combat the use of stolen UK cards at road tolls.

In the past year APACS has extended its fraud reporting beyond cards to include other payment industry fraud losses, including fraudulent encashments - the fraudulent withdrawal of cash over a branch counter and losses due to forged instructions - fraudulent requests to transfer funds from a bank account. . These non-card related payment fraud losses in total amounted to £72.2m in 2006. Contained within this figure are online banking fraud losses (the majority of which were forged requests), which totalled £33.5m in 2006. This is an increase of 44% year-on-year and has been driven by an increase in phishing incidents, which went up from 1,713 in 2005 to 14,156 last year.

Cheque fraud continues to fall due to the industry's continuing success in identifying most fraudulent cheques as they go through the cheque clearing process, coupled with better public awareness of the issue and declining cheque use. Losses fell from £40.3m during 2005 to £30.6m last year – a decrease of 24%.

To increase transparency across all payment industry fraud types APACS has started work to establish industry-wide fraud figures for lending fraud losses (which includes personal loan, mortgages and unauthorised overdraft losses). This involves expanding the number of organisations that report figures. APACS is working with these organisations to collect more robust data for 2007, although early data collected suggests that lending fraud losses in 2006 may be in the region of £160m to £180m.

Other UK fraud losses split by fraud type

Fraud Type

2006 (+/-change on 2005)



Cheque fraud

£30.6m (-24%)



Online banking fraud

£33.5m (+44%)




This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.