A new wave of fraud is sweeping across Britain that’s so sneaky, you may not even realise crooks have stolen your financial details to go on a spending spree.
Experts warn that cases are soaring and are likely to continue to rise – driven in part by cyber attacks on businesses in which criminals swipe the debit and credit card details of customers.
Cases of this type of scam – known as remote purchase fraud – soared by 22 pc last year alone to 2.6 million, which is the highest level ever recorded. Losses increased by 11 pc to almost £400 million.
The worrying figures are released today in the latest annual fraud report from banking group UK Finance.
The report reveals more than £1.17 billion was pilfered by fraudsters in 2024. The number of fraud cases rose by 12 pc to 3.31 million. But it is remote purchase fraud that has seen the biggest increase. Here’s why – and what you must do to protect yourself from this worrying trend.
What is remote purchase fraud?
Cases of this type of scam – known as remote purchase fraud – soared by 22 pc last year alone to 2.6 million
This is where criminals use stolen card details to buy something on the internet, over the phone or through mail order.
Cases are now at the highest level ever recorded – a total of 2,586,217 last year.
Total losses had been steadily declining since 2018 but shot up by 11 pc last year to £399.6 million stolen. The victim may not even know that their card details have been stolen and could still have their physical card with them when the fraud occurs.
That is because, in some cases, the details are stolen by criminals who hacked into the online systems of retailers and other businesses and took the details of their customers, according to UK Finance. Worryingly, the details can be used months or even years after the data breach.
As well as remote purchase fraud, criminals also use less sophisticated methods to get hold of card details.
The number of cases where bank customers did not receive a new credit or debit card sent to them in the post surged by 14 pc last year. Some £2.9 million was taken by fraudsters in this way.
Criminals also steal cards by distracting victims while they are using an ATM or by attaching a device to the machine.
The amount of money lost to this type of remote card fraud increased by 3 pc to £107.5 million last year – the highest ever reported – although cases fell by 5 pc.
When you make a purchase online, your current account provider will often ask you to pass an additional level of security – especially if you are making a payment to someone for the first time.
Laura Carter, head of fraud customer experience at Santander, says: ‘If someone gives out their OTP, they’ve probably been told it’s to stop money going out of their account’
You will be sent a one-time password (OTP) to your mobile phone, which you then have to input before the transaction goes through. This is designed to stop fraudsters from making unauthorised transactions if they get hold of your card details. OTPs can also be used to register your card in a virtual wallet such as Apple Pay or Google Pay.
However, UK Finance warns fraudsters use social engineering techniques to trick their victims into handing over the OTPs.
Laura Carter, head of fraud customer experience at Santander, says: ‘If someone gives out their OTP, they’ve probably been told it’s to stop money going out of their account.’
Criminals may try to strike a sense of urgency or play on your emotions, but you should never tell anyone else an OTP.
The banking industry has been working tirelessly to warn customers about sophisticated types of fraud, such as romance scams or cases where fraudsters trick you into handing over your savings by pretending to be from the police or your bank’s fraud department. But as they’ve focused on stopping these types of scams, criminals have adapted to other types where there has been less scrutiny.
Ben Donaldson, managing director of economic crime at UK Finance, says: ‘While the industry and customers have been focused on authorised fraud, criminals have been reverting back to unauthorised fraud, where a transaction is made without a victim’s knowledge.
‘This demonstrates the longstanding principle that criminals change their tactics.’ Jim Winters, head of economic crime at Nationwide, adds: ‘Traditional frauds such as unauthorised card fraud payments continue to rise as criminals look for other ways to make quick money.’
Jonathan Frost, fraud expert at financial crime prevention firm BioCatch, agrees. ‘Where one door closes, another opens, and we’re now seeing a shift towards remote purchase fraud,’ he says.
Be very careful when sharing your personal and financial information. Mr Winters says: ‘The best advice is to shred personal information, and most importantly never write down or share passwords or codes with anyone, not for any reason – irrespective of how plausible it sounds.
‘Also, change passwords on a regular basis and keep a close eye on your accounts and cards so that you can quickly spot anything suspicious.’
Make sure that your post cannot fall into the wrong hands, for example by having a locked post box if possible, if your mail is delivered to a communal area.
You should never allow anyone to remotely access your devices either, Ms Carter says.
Fraudsters sometimes claim that they need to access your computer or other devices to protect your accounts from criminals, for example – but once they are in they can steal your financial information.
She also says that you should be careful with what you click on – whether that’s through a QR code or a traditional link – as this could allow a fraudster to get access to your details.
Fortunately, if you fall victim to unauthorised fraud, you are protected by your bank against losses. Victims are fully refunded in more than 98 pc of unauthorised fraud cases, according to UK Finance data.
In the cases of less than 2 pc of victims who are not, it may be because they didn’t notify their bank within the 13-month reimbursement period, they acted fraudulently or were complicit, or they didn’t protect their card details or password in a way that allowed the payment.
Make sure that you are eligible for reimbursement if the worst happens by being careful with your card details and password.
Banks and building societies have systems in place to spot unusual activity on your account, for example if there are suddenly transactions to retailers abroad when you have only ever bought from UK firms in the past.
However, fraudsters will often try to circumvent these controls by buying goods at the types of shops you are likely to have bought from in the past. They can then sell on the items to make money.
They may also start with small, innocuous transactions that are not picked up by you or your bank.
It is up to you to check your account regularly for payments that you did not make. And if you miss them and they are not picked up by your bank, you will lose out.
You only have 13 months from the payment date to ask your bank to refund any unauthorised payments – any later and you may not be able to make a claim.
Contact your bank immediately if you think you have fallen victim. It will ask you some questions and may get you to fill out a form stating what happened. The refund should be in your account by the end of the next business day. You should also be refunded any charges and interest you paid because of the payment.
Have you lost money to remote purchase fraud? Email l.evans@dailymail.co.uk
