Presentation by Stephen Nicholas from Deloitte titled;
Digital Fraud; Setting the Scene
Where consumers lead..
– 94% UK consumers have shopped online in the past year
– 16% year on year growth in online spend
– UK supermarket 10% of online revenue directly through mobile app
– 83% UK consumers have banked online in the last year
– £91bn online card spend in 2013
– Identity theft and account take over
– Card not present
– False refund claims
– Finance and credit card applications
– 2 in 3 organisations believe the risk of digital fraud has increased in the past 2 years
– 41% of organisations have experienced digital fraud attacks
What is driving this?
– Few deterrents or penalties
- Few convictions / prosecutions
- Stolen funds rarely recovered
– Sophistication and scale
- Record volumes of attacks
- Agility from fraudsters, responding to change and controls
– Low barriers to entry
- Commoditised supply chain
- All components available as a service
Fraud supply chain and business model is very mature with services, support, secure sites for buying and selling etc. all readily available.
What does this mean?
– Loss of goods
– Financial losses
- £301 million 2013 UK fraud losses on remote card spend.
- £41 million (Reported) 2013 online banking fraud losses. Note – this is just the ‘reported’ (admitted to) amount. It is likely that the real number is a lot higher.
- £105 million online losses suffered by retailers in 2013
– Brand damage
– Cost of security
– Rejected business
– Deterred business
- 1 in 3 consumer stop doing business with those responsible
- 73% of digital fraud affecting organisations ability to deliver new digital content / services
What are organisations doing?
– 92% view investment in fraud controls as a priority
- But are we really investing in security and fraud?
- What are your challenges in getting funding from the board? Examples include;
- High costs
- Unclear RTO
- Unsure on solutions
– Do you know your threat landscape?
– Do you know your controls – what is in place, how well is it working?
– Would you know if you are attacked / breached?
– Do you have understood action plans ready for then there is an attack or breach?
Basically cyber crime / cyber fraud is getting more sophisticated, more organised and more frequent. However while businesses appear to be aware of the issues and there are known, very large costs associated with this, most businesses are not yet making the changes to combat this.
How do we get better board and business engagement?