Annual review 2016

Financial Fraud Action UK

Message From
The Chair

Alex Grant

Chair, Financial Fraud Action UK


Message From
The Chair

Alex Grant

Chair, Financial Fraud Action UK

Last year saw an important milestone in the financial industry’s ability to combat financial fraud. In April 2015 Financial Fraud Action UK (FFA UK) became an incorporated body limited by guarantee. With its own Board and an agreed mission, vision and strategy this will enhance the payments industry’s fraud control work so as to have even greater impact.

FFA UK’s membership includes all the main retail banks, credit, debit and charge card issuers, and card payment acquirers. We increasingly see the customer being targeted as the nature of criminal attacks constantly changes, and as such the protection of the customer sits at the heart of what we do. Our mission therefore is to work effectively and collaboratively to protect consumers and businesses from being victims of financial fraud, and in doing so create the most hostile environment in the world for financial fraud.

FFA UK is an authoritative voice in the complex landscape of financial fraud agencies and organisations with expertise built up over many years of operating at the heart of the UK payments industry, and a track record of working with partners to successfully prevent and detect fraud.

As you will see through this review of the year, FFA UK has achieved much of which we can be proud. This has included the excellent work carried out through our Financial Fraud Bureau in protecting members and the public following several significant data breaches. Similarly, the scam alerts we issue get wide coverage in the media and help forewarn business and customers about new scams that may put them at risk. The police unit we sponsor, the Dedicated Card and Payment Crime Unit continues to disrupt organised criminal gangs and bring them to justice. Working with partners we have continued to raise awareness through a number of education and awareness campaigns.

I was particularly pleased last year to attend a Ministerial Serious and Organised Crime meeting chaired by the Home Secretary and attended by ministers, law enforcement leads and senior officials from relevant departments. I was able to convey positive messages about how much the industry is doing, the role of FFA UK in facilitating collaborative work such as data breach handling, the need for a nationwide multisector campaign like Take Five (more on this later), and the appetite of the industry to engage further with government and law enforcement through the Joint Fraud Taskforce.

As a Board we have set an ambitious agenda for Financial Fraud Action UK. As Board Chair I am convinced that by working effectively and collaboratively with our partners FFA UK is best placed to protect consumers and businesses from financial fraud.

Alex Grant

Chair, Financial Fraud Action UK



Foreword

Katy Worobec

Director, Financial Fraud Action UK


Foreword

Katy Worobec

Director, Financial Fraud Action UK

If we thought 2015 was a complex and exciting year, 2016 looks to be even more of a roller coaster ride.

The launch of the Joint Fraud Taskforce in February heralds a new focus from the Home Secretary on the previously much overlooked ‘volume crime’ – typically low-value, high-quantity crimes that are most likely to affect personal customers and yet have often fallen below the radar of government and law enforcement.

FFA UK has been at the forefront of the industry input to the setting up of the Taskforce, which is intended to leverage the capacity of the three parties – banking, government and law enforcement – in order to overcome hurdles which we have each found difficult to overcome individually. One such hurdle is the perennial problem of preventing customers – both personal and business – from falling victim to the ever more ingenious tactics that fraudsters are employing to part them from their money. A particularly harmful manifestation of such cases, as we know, is when the fraudsters pretends to be from a trusted authority such as a bank or the police and dupes the customer into moving money into a ‘safe’ account – which of course turns out to be anything but. In business this often presents itself as a communication to all intents and purposes comes from the CEO asking that money be transferred urgently. The two common factors in all these scams is that the fraudster is pretending to be someone he isn’t, and that the duped customer is usually acting as a result of fear engendered by the conman without stopping to think or check first.

Enter ‘Take Five to stop fraud’ – a collaborative large scale awareness campaign, facilitated and largely funded by FFA UK, aimed at making a fundamental step change in customer behaviour in relation to fraud and scams. The ambition is for this to become an umbrella brand to provide a vehicle for unifying and amplifying fraud awareness activities by many partners, so that customers will have confidence that the advice is coming from a trusted source. The simple message is for customers to ‘Take Five’ – to stop and think before reacting to any request to give out personal or financial details or to move money to a new account.

Every one of our partners that we have talked to has been very keen about this campaign. We already have a number of funding partners and sponsors as well as the commitment of our Board to launch this in 2016. But we still need to build on that support, so if you would like to be involved or want to know more, please contact me at katy.worobec@ffauk.org.uk.

Finally, during 2015 the future of trade associations in the financial services industry has been under review. In December, Ed Richards, who conducted the review, recommended that several associations should be ‘integrated to create a new Financial Services Trade Association’. While FFA UK was not initially in scope for the review our Board has been considering if FFA UK should seek to join the new Trade Association if it is created. Whatever happens, we at FFA UK remain focused on combatting financial fraud and the scammers who target customers and so making sure the public is protected to the best of the industry’s ability.

Katy Worobec

Director, Financial Fraud Action UK



About Financial
Fraud Action UK


Financial Fraud Action UK (FFA UK) is responsible for leading the collective fight against fraud in the UK payments industry. Its membership includes the major banks, credit, debit and charge card issuers, and card payment acquirers.

Through industry collaboration FFA UK seeks to be the authoritative leader in defending consumers and businesses from financial fraud, by creating the most hostile environment in the world for fraudsters.

FFA UK’s primary role is to drive collaborative action to reduce the impact of financial fraud and scams both across the industry, and with partners in the public sector, private sector, and law enforcement. It operates its own data and intelligence sharing bureau and sponsors a fully operational police unit.

FFA UK's key aims are to:

  • Provide a single cohesive industry voice on financial fraud
  • Lead collaborative industry-wide activity to prevent and control financial fraud
  • Uphold the reputation of the industry by demonstrating its record on fraud prevention.

It does this by:

  • Running the Industry Strategic Threat Management Process, which provides an up-to-the-minute picture of the threat landscape
  • Sponsoring the Dedicated Card and Payment Crime Unit, a unique proactive operational police unit, with a national remit, formed as a partnership between FFA UK, the City of London Police and the Metropolitan Police Service
  • Providing the single point of contact for companies suffering data breaches to ensure that compromised account information can be speedily, safely and securely repatriated to the banks
  • Delivering UK-wide awareness campaigns to inform customers about threats and how to stay safe
  • Managing intelligence-sharing through the payments industry fraud intelligence hub (Financial Fraud Bureau) and the Fraud Intelligence Sharing System (FISS) which feeds intelligence to police and other agencies in support of law enforcement activity
  • Informing commentators and policymakers through a press office and public affairs function
  • Providing expert security assessments of new technology, as well as the impact of new legislation and regulation
  • Publishing the official fraud losses for the UK payments industry, as well as acting as the definitive source of industry fraud statistics and data
  • Formulating and implementing the industry fraud data intelligence sharing strategy.

Key partner

FFA UK works in partnership with The UK Cards Association in developing and delivering fraud strategy on credit debit and charge cards. UK Cards is the trade body for the card payments industry in the UK, representing financial institutions which act as card issuers and acquirers. FFA UK works with the Cheque & Credit Clearing Company on credit clearing and cheque fraud.



2015 Review


2015
  • Jan

    DCPCU hosts Project Sandpiper Conference celebrating the end of a two year EU funded project focussing on organised Eastern European crime gangs, and resulting in an estimated £23m of savings to the industry.

  • Feb

    The Joint Money Laundering Intelligence Taskforce (JMLIT) is launched. FFA UK advised during its planning and implementation.

  • Mar

    “Mrs Norris”, the FFA UK video as part of the government’s Cyber Streetwise Campaign aimed at small businesses that accept remote card payments, reaches over 1 million hits on YouTube after only three months.

  • Apr

    FFA UK is incorporated acquiring its own Board and strategy.

  • May

    Fraud Squad aired on ITV featuring a DCPCU investigation into a Zimbabwean organised crime gang involved in large scale cheque fraud affecting over 12 UK banks.

  • Jun

    Launch of joint FFA UK and Neighbourhood Watch National Awareness Week focused on phone scams with 173,000 volunteers seeking to reach 2 million people and leading to over 280 pieces of media coverage.

  • Jul

    To help reduce fraud levels from social engineering over the phone such as Vishing, FFA UK publishes research into different security solutions in the market which would help customers and banks to authenticate one another over the phone and spot any fraudsters calling.

    FFA UK partners with Citizens Advice on their Scams Awareness month.

  • Aug

    FFA UK’s Financial Fraud Bureau co-ordinates the payments industry response to a data breach at Carphone Warehouse. Over 1.2m compromised records were notified to respective banks and law enforcement, minimising impact on customers.

  • Sep

    FFA UK joins the Government project on open banking standards. The work aims to identify and consider any associated fraud risks as new payment services are introduced into the market so customer security remains high.

  • Oct

    FFA UK release new fraud metrics including fraud prevention rates showing that industry prevents £7 in every £10 of fraud.

    The Recorded Crime figures published by the ONS includes, for the first time, fraud crimes reported by financial institutions and other organisations to the National Fraud Intelligence Bureau at City of London via FFA UK and Cifas.

  • Nov

    FFA UK leads industry response to the TalkTalk data breach involving 21,000 customer bank account details.

    FFA UK Chair appears at Ministerial Serious & Organised Crime meeting chaired by Home Secretary to present on industry collaborative work - the first time the private sector has attended such a meeting.

  • Dec

    A vulnerability exploited by fraudsters where telephone lines can be held open is finally closed, due to work undertaken by FFA UK, Metropolitan Police and the telecoms industry.



Snapshot
On Fraud


Since 2002, DCPCU has:

animation_a
animation_b
animation_c

In 2015:

animation_a
animation_b

animation_c
animation_a
animation_b
animation_a
animation_a

Fraud on contactless cards remains very low

animation_a

This represents just

animation_b
animation-a


Preventing
Financial Fraud


FFA UK delivers programmes of collaborative fraud prevention activity which combine education and awareness, intelligence-sharing and law enforcement.

This work is driven by the Industry Strategic Threat Management process and so is responsive to the changing patterns in fraud in the market. This integrated approach is designed to prevent avoidable fraud, to effectively identify patterns where fraud has been committed, and to support law enforcement in bringing the criminals to justice following an attack.

To ensure a coordinated response to threats, we provide expert fraud prevention advice on new initiatives pioneered by the financial services industry – for example on account switching and mobile payments. We also engage stakeholders, including regulators and government, to ensure that regulation works in step with fraud prevention programmes. The next two sections show examples of how we work collaboratively .

Remote purchase fraud

Finding the right balance between convenience and security for consumers and businesses remains a constant concern for the payments industry in what continues to be a fast changing, competitive and innovative market place. For the industry this means enhancing detection methods and processes to provide an optimum level of checks and balances that are not over intrusive or disruptive to genuine transactions over the phone, internet or via a mobile.

2015 saw a noticeable increase in the number and scale of data hack incidents in the UK and abroad. Much of this compromised data was in turn used by fraudsters to attempt e-commerce and telephone order transactions as well as enabling other fraudulent activities such as impersonation, account takeover fraud and social engineering scams. As well as handling the data breaches through its Financial Fraud Bureau, FFA UK provided targeted Education and Awareness campaigns (see E&A section below), providing vulnerable groups with clear advice of how to protect themselves from remote purchase fraud.

During 2015, FFA UK helped fund a pan EU initiative, Project Skynet, led by the DCPCU to develop law enforcement skills and capabilities to better disrupt cyber and digital enabled crime. Project Skynet's primary aim is to improve the response to e-crime in the payments sector and follows the success of Project Sandpiper, the DCPCU led European Commission funded project targeting Romanian Organised Crime Groups (OCG's) impacting on the UK.

The project commenced in January 2015 and will conclude after a two year period. It focuses on the ever increasing cyber threat to the UK payments industry and more specifically the area of remote payments which was responsible for 70% of the £567.5m fraud losses on UK cards in 2015.

The project has the support of Europol’s European Cyber Crime Centre (EC3) and has secured commitment from law enforcement in Belgium, Finland, France, Holland, Hungary and Romania who are recognised as full partner organisations.

The three phases of the project are:

  • An academic study to improve understanding of e-crime in the payments industry and identify opportunities for law enforcement to achieve maximum impact;
  • Building law enforcement capacity and capability to tackle e-crime;
  • And then focusing on disrupting organised crime groups.

FFA UK is now working with the telecommunication companies to look at preventing the misuse of SIM swapping, whereby fraudsters are able to obtain a new sim card for a mobile phone so being able to pretend to be a victim if a bank contacts them.


Work with telecommunication companies

FFA UK continues to work with the telecommunications industry as part of its collaborative efforts towards reducing the opportunities for fraudsters to misuse telecommunication company services such as SIM swap, number redirection or number spoofing to defraud bank customers.

This effort includes:

  • Regular intelligence sharing between telecommunication companies and financial institutions
  • Improving customer authentication by telecommunication companies
  • Ensuring telecommunication companies are aware of the increasing fraud levels and the role they could play in reducing it.

FFA UK is now working with the telecommunication companies to look at addressing other techniques used by fraudsters. This includes preventing the misuse of Calling Line Identification (CLI) and SIM swapping whereby fraudsters are able to obtain a new SIM card for a mobile phone so being able to pretend to be a victim if a bank contacts them.

Work is also currently underway to develop a multi-industry declaration to assist raising consumer awareness.



Education and
Awareness


A key strand of activity for FFA UK is raising awareness amongst consumers and businesses about how to protect themselves from fraud and scams. This is achieved by delivering impactful national awareness campaigns, often in partnership with like-minded organisations.

Annual Neighbourhood Watch Awareness Week

In June FFA UK partnered with Neighbourhood Watch and Neighbourhood Watch Scotland to deliver a national awareness week with a focus on phone scams. Some 173,000 Neighbourhood Watch volunteers helped to warn their communities of the dangers of these particular scams.

HM Government’s Cyber Streetwise campaign

At the start of the year, as part of the Government’s Cyber Streetwise campaign, FFA UK funded and launched an online film, “Mrs Norris”, setting out the steps businesses can take to protect themselves when accepting card payments online. The 40 second online animation, which has had over 1 million views since its launch, emphasises the importance of ‘Knowing Your Customer’ and using online authentication when taking card payments over the internet.

Out of Your Hands

FFA UK continues to work in partnership with the Telecommunications UK Fraud Forum (TUFF) to deliver ‘Out of Your Hands’ (www.outofyourhands.com), a teaching resource aimed at teachers and students, which is aligned with the National Curriculum and features examples of typical fraud scams, mobile phone crime and guidance on how to stay safe when making online transactions. The website includes real-life victim and perpetrator case studies and short films and is focused on raising awareness of scams and helping young people to consider the risks of sharing their personal information with others.


‘Out of Your Hands’ (www.outofyourhands.com) is a teaching resource aligned to the National Curriculum which features examples of typical fraud scams, mobile phone crime and guidance on how to stay safe when making online transactions.


Scam Alerts

Using intelligence gained through the Industry Strategic Threat Management Process, FFA UK regularly issues Scam Alerts to the media, warning the public of newly emerging fraud threats. Scam alerts issued during 2015 have covered issues such as email invoice malware, farmer fraud and spoof text messages (smishing). We have also seen a move to businesses being targeted and issued a scam alert warning businesses they were being targeted by fraudsters hiding malware inside fake invoices emailed to them, which then stole online banking credentials.

Other Partnership Campaigns

During 2015 FFA UK worked in partnership with Citizens Advice and its Scams Awareness Month, providing detailed advice on financial frauds and scams. We also worked with law enforcement and Get Safe Online on a range of awareness campaigns including ‘Not In My Name’, providing advice on how people can protect their personal information, and ‘Think Twice Before You Act’, a campaign raising awareness of social engineering scams.

Take Five

In 2016 FFA UK intends to launch with its partners, including Government and law enforcement, a step change national awareness initiative on fraud and scams called ‘Take Five to Stop Fraud’. It will call on Britain to Take Five – to simply have the confidence to stop and think when faced with a potential fraud, whether it be a an unsolicited approach by telephone or by e-mail. It is based on the premise that if everyone remembers they have the right to Take Five, we will stop fraud in its tracks.



Promoting Data and
Intelligence Sharing


Pulling together fraud intelligence is like holding pieces of a jigsaw puzzle. Organisations may hold individual pieces which mean little on their own. However, when they are pieced together, the picture can be built quickly, preventative action can be taken and organised criminal gangs can be identified for disruption and law enforcement activity.

A key strand of FFA UK’s programme is to act as a conduit for data and intelligence sharing across the payments industry, and beyond with partners including the police.

The coordination that is made possible through our Fraud Intelligence Sharing System (FISS) also allows us to share insights, where appropriate, with other agencies, including the National Crime Agency, the National Fraud Intelligence Bureau (NFIB) and the Cabinet Office's Counter Fraud Checking Service.

Critical aspects of FFA UK’s intelligence sharing work include the following:

Financial Fraud Bureau (FFB)

Established in 2010, the Financial Fraud Bureau (FFB) leads the payments industry’s collective initiatives on fraud data-sharing.

Its key roles are:

  • Disseminating intelligence directly from, and to, banks, card schemes, card issuers and acquirers, and a wide number of stakeholders including police forces and other law enforcement organisations
  • Gathering, collating and analysing the intelligence that informs the Industry Strategic Threat Management Process
  • Being the single point of contact for companies suffering data breaches to ensure that compromised account information can be speedily, safely and securely repatriated to the banks
  • Managing the Fraud Intelligence Sharing System (FISS) database
  • Coordinating intelligence alerts from the payments industry and other key players ensuring that alerts are issued as required.

FFB_stats_1
FFB_stats_2
FFB_stats_3

Through the FFB, the industry can be alerted immediately of any known compromise of bank or card data through a series of designated Single Points of Contact (SPOCs). A significant example of this in 2015 was the Carphone Warehouse data breach. The Carphone Warehouse data breach put the team to the test with 1.2 million card records believed to be at risk of compromise.

In breaches such as this, the dissemination of data is not the most time consuming part of the work. Rather, it is being able to expertly manage external stakeholders to get the data securely in the required format, instilling confidence in using the FFB to act as the conduit at a time when the company who has suffered the breach is under extreme pressure.

The unit had to work closely with the acquirer, card schemes and Carphone Warehouse in order to establish and co-ordinate the details of the differing aspects of the breach to provide the best information to members. Once the data was received the FFB processed and securely disseminated the data in a few hours.

Financial Fraud Desk within the National Fraud Intelligence Bureau

During the year the FFB has been working with the NFIB within the City of London Police to identify the organised crime groups attacking across the industry, with a view to disrupting their activity.

Working alongside the NFIB has increased the level of analytical material available to the FFB, and has widened access to intelligence sources. This has helped the team identify viable lines of enquiry which would not otherwise have been available to the FFB. The effect of this has been an increase in police investigations being taken forward.

Fraud Intelligence Sharing System (FISS)

Sharing data and intelligence to tackle fraud, the Fraud Intelligence Sharing System (FISS) is a central payments industry database – an extremely secure, flexible and cost effective intelligence system which is used to identify linkages and patterns in frauds, playing an important role in protecting consumers and businesses.

Members share a range of information on fraud. This helps industry and police identify patterns and strengthen defences. Importantly, the industry supplies its fraud data and intelligence to the National Fraud Intelligence Bureau to assist in wider fraud analysis and prevention and the data is then also included in the recorded crime figures.

Your browser does not support SVG

Case Study

A member bank referred a small, but high value, series of lottery fraud victims who had lost their life savings to an organised criminal group to the Financial Fraud NFIB Desk. They had duped the susceptible victims into paying substantial advance fees to release non-existent lottery winnings and had also convinced them unwittingly to act as money mules, laundering funds from other victims.

Access to NFIB databases enabled the Desk to identify more victims and a number of suspects, a few of who were still in the UK and thought to be laundering the proceeds at the cash-out stage.

The Desk instigated a number of ‘safeguarding’ interventions, causing local police to visit victims to prevent further losses and to stop victims engaging in money laundering themselves. Enforcement packages were sent to appropriate police forces and separate arrests of Nigerian and Polish nationals have been made. Enquiries are ongoing to identify other members of the organised criminal group.

Following this initiative, the level of reported lottery fraud in this series dropped by almost 100%.


“The City of London Police’s National Fraud Intelligence Bureau (NFIB) continues to work in close collaboration with FFA UK. The data from the Fraud Intelligence Sharing System into the NFIB creates a tangible difference to the enhanced crime packages sent to UK law enforcement while the FFA UK/NFIB Banking desk is an important partnership which allows industry threats to be seen and acted upon.

“Overall our relationship has been vital in the past 12 months in delivering gateways between industry and law enforcement, and as members of the Joint Fraud Taskforce, we look forward to further strengthening the ties that make us together a very effective force against fraud and cyber crime.”

DCI Matt Bradford

Head of Crime at National Fraud Intelligence Bureau


Sharing intelligence with public agencies

FFA UK has extended this collaborative data-sharing beyond our sector, in the wider national interest, joining with others who share our strategic concern in eliminating fraud. A major priority for the government, driven by the Cabinet Office, is to create a step change in the amount of intelligence shared between the public and private sectors, with a view to coordinating joint action against fraudsters. FFA UK has led the industry’s response to this agenda by contributing to the national Intelligence Sharing Roadmap, the aim of which is to tackle criminals who work in an organised way to exploit the vulnerabilities across different systems and industries.



The Dedicated
Card and Payment
Crime Unit


The Dedicated Card and Payment Crime Unit (DCPCU) is a unique pro-active police unit, with a national remit, formed as a partnership between Financial Fraud Action UK, the City of London Police and the Metropolitan Police Service together with the Home Office.

It is fully sponsored by the cards and banking industries, with an on-going brief to investigate, target and, where appropriate, arrest and seek successful prosecution of offenders responsible for card, cheque and payment fraud crimes.

It is headed up by a Detective Chief Inspector and comprises officers from the Metropolitan and City of London police forces who work alongside banking industry fraud investigators and support staff. Established in April 2002, the unit is fully sponsored by the payments industry which invests nearly £3.2 million per year in its operation.

The DCPCU’s national remit is to identify and target the organised criminal gangs responsible for card and payment crime. Since its inception in 2002, the unit has:

Your browser does not support SVG

Operation Hamlet

Two Moldovan card skimmers who travelled to the UK to steal money from ATMs were jailed for a combined total of more than 12 years in November, following an international police operation. The duo had harvested enough bank card data to expose banks to a potential loss of more than £3.4 million.

The men were caught after police officers working in the DCPCU received intelligence that a number of Moldovan men would be travelling to the UK with card skimming equipment to commit ATM fraud.

Stefan Mereacre and Oleg Borta were arrested in the car park at Stanstead Airport after arriving in the UK in May 2015.

At the same time, officers acted on intelligence to execute a search warrant at a house in Purfleet, Essex. They seized two bags containing a variety of skimming equipment, computers and mobile phones.

During the search, 8,096 compromised bank card numbers were recovered from the computers and memory cards. The cards had a street value of £3.4 million, based on the amount stolen on average from a compromised card.

Borta was sentenced to seven years’ imprisonment while Mereacre was given a sentence of five-and-a-half years. They had both previously pleaded guilty to conspiracy to defraud.


Your browser does not support SVG

Operation Chocolate

A persistent fraudster who attempted to steal more than £650,000 from a number of banks across England was jailed for six years and nine months in June.

David Mendes, 56, of Kilburn, London, used forged documents, including passports and driving licences, to siphon off funds from customer savings accounts at seven banks.

Between November 2010 and October 2014 Mendes visited a number of banks where he used a range of forged ID made out in different names but bearing his photo. He then made fraudulent transfers of large sums of money and opened new accounts.

In total, Mendes obtained £355,400 from accounts during the four-year period, having targeted £667,100 in total.

Mendes was caught when he tried to use a stolen debit card to withdraw £4,700 from an account. Bank staff became suspicious when the signature he used did not match another on their system and was detained by police.

CCTV showed Mendes undertaking the transactions in the banks, while he was also linked to the transfers through forensics.


“The National Crime Agency continues to work closely with FFA UK as a valued and trusted partner to tackle economic crime. Law enforcement cannot effectively tackle the threat from fraud and wider economic crime without engaging with industry. We remain committed to working collaboratively with FFA UK and its members to detect, prevent and disrupt economic crime affecting the UK.”

Donald Toon

Director of the National Crime Agency Economic Crime Command


“The announcement of a Joint Fraud Taskforce by the Home Secretary demonstrates the crucial importance of cooperation across sectors to combat financial fraud. The close working relationship between City of London Police and Financial Fraud Action UK has long been an essential part of this fight, through shared intelligence, joint awareness campaigns and the vital work of the industry-funded Dedicated Card and Payment Crime Unit.”

Commander Chris Greany

City of London Police



Public Affairs and
Communications


FFA UK seeks, wherever possible, to complement initiatives led by other partners, including government. There are common aspects to fraud affecting different sectors, and joining up activity can help deliver the step change we need to protect customers. The following are examples of recent collaborative initiatives.

Engaging with regulators and policy-makers

A major public affairs objective has been to achieve the best possible regulatory and public policy environment for fraud data-sharing. To this end, FFA UK is working with the Cabinet Office to facilitate more effective intelligence-sharing on known fraud.

FFA UK worked alongside the BBA and supported the setting up of the Joint Money Laundering Intelligence Taskforce (JMLIT) – a 12 month pilot project launched in February 2015 to improve intelligence-sharing arrangements to support the fight against money laundering and other criminal activity.

FFA UK has also been leading the banking industry input to a Joint Fraud Taskforce, working with the Home Office and law enforcement, with ultimate responsibility to the Home Secretary. As well as driving greater industry benefit from law enforcement, the Taskforce will also address the unintended consequences of legislation in terms of impacting industry ability to fight fraud. The Taskforce was launched with the support of FFA UK and the banking industry in February 2016.

The Home Office Minister Karen Bradley spoke at a special DCPCU conference in January 2015 to praise the unit for its hugely successful work as part of an EU funded initiative. Project Sandpiper targeted Romanian Organised Criminal Gangs (OCGs) operating in the UK by facilitating collaboration between the DCPCU, Europol and the Romanian National Police (RNP). The project delivered strong results leading to 32 prosecutions, 17 convictions and the disruption of five OCGs.

In conjunction with The UK Cards Association and Payments UK, FFA UK responded to a consultation on the new Payments Service Directive (PSD2) which is coming into force January 2018. The response took into account the views of UK banking institutions towards the impact on fraud the new directive is expected to have.

The FFA UK response highlighted issues around one of the key aims of PSD2 which is to mandate minimum standards for customer authentication over the internet and, allowing TPP (Third Party Payments) service providers access to consumers banks accounts.

Allowing TPPs access to their bank accounts can provide benefits such as account aggregation services whereby accounts across different banks can be presented in one place for ease. However, as is the case with so many other new payment services they also attract criminals who will look to defraud customers of these services. These are just some of the issues FFA UK highlighted in its response to the consultation.


“The new Joint Fraud Taskforce will see Government, law enforcement and the financial sector working closer than ever before to protect the public from becoming victims and catching those who commit fraud. I’m pleased that FFA UK is playing a leading role in developing the work programme for the Taskforce.”

Richard Riley

Director of the Strategic Centre for Organised Crime, Home Office


Media relations

The press office delivers coverage for awareness campaigns and publicity for FFA UK and DCPCU operations, as well as providing a full reactive service dealing with enquiries from national, local and specialist media.

During the year the office responded to 797 requests from journalists, secured over 210,000 column centimetres of coverage and featured in 18 hours of TV and radio. The office also issued 46 press releases and media alerts. Coordinated and conducted 230 broadcast interviews and delivered £7,480,170 of positive news coverage.



FFA UK Members as
at 31 December 2015


  • Allied Irish Bank Group (UK) plc
  • American Express Services Ltd
  • MBNA Ltd
  • Bank of Ireland UK
  • Barclays Bank plc
  • Capital One (Europe) plc
  • C Hoare and Co
  • Citi Bank
  • Clydesdale Bank
  • The Co-operative Bank plc
  • Coventry Building Society
  • Danske Bank (trading name of Northern Bank Ltd)
  • Elavon Financial Services
  • First Data Europe Ltd
  • Global Payments UK Ltd
  • HSBC Bank plc
  • Investec Bank plc
  • Lloyds Banking Group plc
  • Metro Bank plc
  • Nationwide Building Society
  • NewDay Ltd
  • Royal Bank of Scotland Group plc
  • Sainsbury’s Bank plc
  • Santander UK plc
  • Tesco Bank plc
  • TSB Bank plc
  • Vanquis Bank Ltd
  • Virgin Money UK
  • Worldpay (UK) Ltd
  • Yorkshire Bank
  • Yorkshire Building Society


Glossary


Account Takeover

ACTO (Account Takeover) This involves a criminal fraudulently using another person’s credit or debit card account, first by gathering information about the intended victim, then contacting their bank or credit card issuer whilst masquerading as the genuine cardholder. The criminal will then arrange for funds to be transferred out of the account, or will change the address on the account and ask for new or replacement cards to be sent to the new address.

ATM (automated teller machine)

A computerised self-service device permitting the holders of an appropriate card and personal identification number (PIN) to withdraw cash from their account and access other banking services.

Charge card

A payment card, enabling holders to make purchases and to draw cash up to a pre-arranged ceiling, the terms of which include the obligation to settle the account in full at the end of a specified period. Cardholders are normally charged an annual fee.

Cifas

Cifas is a United Kingdom fraud prevention service. It is a not-for-profit membership association representing the private and public sectors. Cifas operates two databases: the "National Fraud Database" and the "Staff Fraud Database".

Contactless

Contactless is a fast, easy and secure way to pay, for purchases costing £30 and under. Contactless payments are becoming increasingly common on a range of devices. The underlying technology for all contactless payment devices is the same. The contactless device contains an antenna so that when it is touched against a contactless terminal, it securely transmits purchase information to and from the terminal.

Counterfeit card

A card which has been printed, embossed or encoded so as to purport to be a legitimate card but which is not genuine because the issuer did not authorise the printing, embossing, or encoding.

E-commerce

Transactions which are conducted over an electronic network where the buyer and merchant are not at the same physical location e.g. payment card transactions via the Internet.

Malware

Malware includes computer viruses that can be installed on a computer without the user's knowledge, typically by users clicking on a link in an unsolicited email, or by downloading suspicious software. Malware is capable of logging keystrokes thereby capturing passwords and other financial information.

Money Laundering

The action of "washing" or "laundering" money from illegal activities. This can be done in various ways e.g. buying and re-selling of goods or gambling.

National Crime Agency

The UK’s, lead national law enforcement agency against organised crime; human, weapon and drug trafficking; cybercrime; and economic crime that goes across regional and international borders. UK point of contact for foreign agencies such as Interpol, Europol and other international Law Enforcement Agencies.

National Fraud Intelligence Bureau

The City of London Police’s National Fraud Intelligence Bureau uses millions of reports of fraud to identify serial offenders, organised crime gangs and established and emerging crime types.

Organised Crime Group

Defined in the Serious Crime Act 2015 as a group which has at its purpose, or one of its purposes, conduct of criminal activities and consists of three or more people who agree to act together to further that purpose – s.45(6).

Remote purchase

A transaction where the merchant, retailer or other service provider does not have physical access to the payment card; examples are transactions by telephone, mail order or Internet.

Skimming

Copying the magnetic stripe details of a payment card usually with a card reader, for use in counterfeiting.

Smishing

Smishing involves a fraudster sending text messages (also known as an SMS) at random to mobile phones. The text messages claim to come from a reputable organisation such as a bank or mobile phone company. The message will try to trick the customer into clicking on a link to a bogus website or calling a phone number, usually by claiming they need to verify or update details or reactivate an account. The criminal will then attempt to get the customer to disclose personal or financial information, which they will use for their own fraudulent purposes.

Vishing

Vishing involves a fraudster phoning  a potential victim and posing as someone from a bank or building society, the police or another legitimate organisation such as a telephone or internet provider.