top of page
Search

2025: UK Mobile banking fraud losses set to overtake internet banking for the first time

office69370

 

By Jason Costain, January 2025



 

Mobile banking was a relatively new thing in 2015 - so much so, that fraud loss data wasn’t even collected by UK Finance before this point.

 

In the 10 years since then, thanks to the growth in smart phone usage and the development of mobile banking apps, fraud losses via mobile have been gradually growing as more users sign up, or switch from internet banking. Mobile banking fraud losses are likely to exceed those of internet banking users for the first time in 2025. 

 

The reduced Internet Banking fraud losses we are seeing mirrors a reduction in customer use of internet banking, which is fast becoming a “legacy channel”.   

 

Smartphones place customers within arm’s reach of their banks fraud team in a way that the PC or laptop never did.

 

What does the changing usage of digital banking mean for Fraud Prevention teams?:

 

  • It will probably become harder to secure investment for improving internet banking fraud controls, as focus will be diverted to developing the mobile banking channel


  • Ever-increasing functionality within mobile banking apps needs thoughtful fraud controls baked in, rather than added as an afterthought once losses occur


  • Banks can deploy their own ‘in app’ authentication solutions, combining device profiling and customer biometrics and, in doing so, begin to wean themselves off weak authentication methods, such as sending one-time passcodes via SMS.


  • The low cost of smartphone notifications allows banks to send far greater volumes of transaction notificatons (whether risk based, or as a requirement of PSD2) at much lower cost than via SMS

 

 

If you work in a Fraud Prevention team, here are a few things you might want to consider:

   

  • Gain agreement that your mobile banking app will be a key pillar of your banks authentication strategy.  Use it to verify high risk activity by developing your own ‘ID vault’ of customer devices, biometrics, behaviour etc


  • Incentivise customers to have fraud notifications turned on


  • Consider gamifying safer customer behaviour in the mobile app; enabling notifications when a transaction occurs, reducing payment limits, turning off foreign card spending, reviewing recent device log-in events, managing devices, to name but a few


  • Treat notifications as a compliance message to allow you to message those customers who may have previously “opted out” of marketing messages


  • As you begin to use mobile app for transaction authentication, have a strategy/policy/system for how you will force customers to use this rather than SMS authentication


  • Consider how you can use the mobile banking APP to secure other channels. Here are just a few examples:

o   Authenticating card not present transaction via the mobile app allows you to profile both the approving device and the transacting device


o   Authenticate an event that you might have traditionally ignored…such as the £0 Auth. when a customers card is added to a new merchant wallet


o   Build the ability to make/receive customer calls via the banking app to create a more secure long-term ‘telephony’ capability including video calling, as well as allowing the ‘step-up’ of risky calls from the call centre


o   Use the mobile app to verify internet banking log-ins


As you harden mobile banking fraud controls, expect losses to migrate to other fraud types, such as Authorised Push Payment fraud.

 

Whilst you’re doing all of these great things, sadly you can't afford to take your eye off online banking fraud.  Afterall, fraudsters love an under-defended legacy channel.


 

Jason Costain


Jason has worked in banking fraud prevention for 25 years, running fraud and financial crime defence teams at some of the UK’s best-known firms.

Organisations can contact Jason via LinkedIn for a free fraud health check

Further resources at Javloc.com

 

 

 

 

 

 

29 views0 comments

Comments


bottom of page