New research from Kaspersky Lab has found that only six per cent of consumers believe they should cover the cost of financial loss in the event of a fraudulent attack, with many assuming that a third party will cover their losses and almost half (49 per cent) of online fraud victims expecting their bank to pay out. The findings also reveal the high rate of attacks, with 65 per cent of consumers suffering online fraudulent attacks more than once. This suggests that people are not recognising the threats or taking necessary steps to protect themselves.
With National Fraud Awareness Week happening this week, it’s the ideal time for consumers to review their online habits and accounts to ensure they are being cyber-smart to best protect their online transactions.
The research points to clear confusion over who is responsible for not only reimbursing losses but helping to prevent attacks in the first place. Over a third of consumers (35 per cent) admit that they have experienced online fraud as a result of their own actions, either online or offline, yet still expect their bank to pick up the pieces.
Inevitably, banks will start to demand a greater level of data and behavioural knowledge about their clients’ online behaviour, to better protect themselves and their customers from becoming victims of fraud.
The survey of 2,000 UK adults aged over 18 found that almost half (47 per cent) had either personally experienced online fraudulent activities – in the form of an email scam or social media account hijacking – or knew a friend or family member who had.
As well as assuming banks will cover any financial losses incurred, the research also found that 30 per cent of consumers feel that the online transaction vendor (including PayPal or Apple Wallet) should be responsible. However, a quarter of respondents simply didn’t know who should pay out in the event of fraud.
The recent Tesco Bank fraud case affecting thousands of customers saw the bank pick up the cost of their database breach, but this won’t happen in all cases. The Office for National Statistics found that third parties will not always cover the cost, however 84 per cent of victims of bank and credit account fraud cases did receive a full reimbursement. The Financial Conduct Authority currently stipulates that banks must refund unauthorised payments immediately, unless there is evidence that the customer was at fault or the transaction was more than 13 months ago. However, it is clear that the banking industry will start to demand greater customer insight, specifically how customers are protecting themselves and what their typical transaction behavior looks like.
With the continued growth in online banking and shopping, the threat of online fraud is very real and growing day by day. To protect their clients from becoming a target, the majority of banks provide clear advice on how customers can safeguard their money and accounts, but it is up to the individual to take this on board otherwise they could find themselves out of pocket if the banks deem them personally liable for the fraud and don’t pay out.
“Confusion around who should cover the cost of online fraud and an assumption that someone always will, could lead to complacency among consumers when it comes to taking responsibility for their own actions – both on and offline,” said David Emm, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab. “Banks, like any organisation, must take responsibility for targeted, sophisticated attacks on the company itself, but when it comes to day-to-day customer fraud and loss complaints banks are likely to assess the level of consumer complacency on a case-by case basis.”
“As the cyber threat landscape continues to change and affect our daily lives, it’s clear that the stance banks will take around refund rules but also how they protect their customers is going to change. We are likely to see instances where banks will not automatically refund losses in the future, but instead will implement new ways in which they ask their customer to use their services online to help better protect themselves,” said Kirill Slavin, General Manager, UK & Ireland, Kaspersky Lab.
To help consumers protect themselves against online fraud there are some simple steps to follow:
- Change your online banking and retailer passwords regularly and don’t share them with anyone – even your nearest and dearest.
- Be vigilant and wary of unusual emails asking for too much personal information or promising something which sounds too good to be true. If in doubt don’t open it and delete it. Your bank will never ask for your entire pin code or full password but a fraudster will.
- Follow guidance from your bank on transacting safely online. There is a wealth of information available and it’s in both of your best interests to take it on board.
- Make sure internet security software is up to date. This will provide additional protection and a vital layer of safeguarding alongside commonsense and vigilance.
- Always report any suspicious activities you notice on your accounts immediately.
 Research commissioned by Kaspersky Lab and conducted by Vital Research and Statistics (October 2016)
 Office for National Statistics – Overview of fraud statistics (year ending March 2016)