The National Cyber Security Centre (NCSC) revealed it has thwarted over a million cases of suspected payment card fraud in the past year, according to the organisation’s third Annual Review.

The NCSC’s latest figures also revealed it dealt with 658 UK cyber-attacks during the past twelve months – taking the total to more than 1,800 over three years.

Payment fraud, which historically has been driven by card cloning, has since mitigated towards transactions where the card does not need to be present, such as purchases online.

Head of artificial intelligence at SAS UK & Ireland, Caroline Hermon, commented: “The rapid expansion of payment services over the last few years has led to consumer demands for convenience and flexibility with new payment methods.

“Banks and other financial institutions are aware that they must meet these demands, but they are also aware that these new payment systems leave them open to new forms of fraud. The challenge therefore centres around how banks can adapt to these new types of fraud, without damaging the customer experience through large numbers of false positives.

“While it is true this provides the customer with a more seamless experience, it also aids fraudsters by helping them access funds through illicit transactions and gives banks less time to detect fraudulent activity.”

The NCSC’s latest Annual Review, which has outlined the various ways the organisation has been protecting the public, drew attention to a pioneering operation to stop hundreds of thousands of people losing money to credit card fraud.

Operation Haulster, which automatically flagged fraudulent intention against more than one million stolen credit cards, has protected hundreds of thousands of people from financial loss in the last year.

"To detect instances of payment fraud, organisations need to take an agile approach as there is little time for drawn-out checks,” Hermon continued. “However, with up to 10% of rejected orders believed to be valid, they also need to ensure that their prevention systems avoid too many false positives.

"There are many actions that businesses can take to protect themselves from these security threats. For a start, moving from a rules-based to a machine learning analytics system will help to overcome the problem of false positives.

“These approaches are particularly useful to detect rare payment fraud events hidden in big data sets. Moreover, they reduce the false positive rate by learning customer behaviour over time so that normal behaviour for an individual does not raise alerts.

“Ultimately, payment fraud detection systems must be able to look at payment processes from end-to-end, and also across channels. While it is important that banks keep up with consumer expectations to ensure a positive customer experience, they cannot lose track of the privacy and fraud implications that come with seamless payments.”

Share Story: