2010 Fourth International Conference on Digital Society

Credit Fraud Detection in the Banking Sector in UK: A Focus on E-Business

Md Delwar Hussain Mahdi
Applied Research Centre for Business and Information Technology (ARCBIT), Guildhall College 56-60 Nelson Street, London E1 2DE

Karim Mohammed Rezaul

Centre for Applied Internet Research (CAIR) Glyndr University Plas Coch Campus, Wrexham, UK

Muhammad Azizur Rahman

University of Ulster Cromere Road Coleraine BT52 1SA Northern Ireland, UK

morekba786@yahoo.co.uk

mazizurrahman@gmail.com

mahdimddelwar@yahoo.co.uk Abstract
Internet is the main tool for e-business. E-transaction is made faster by Internet. With the increase of e-transaction internet fraud or e-business fraud is increasing. Credit fraud in the banking sector is a growing concern. Few sort of card (debit/credit) fraud is decreasing by providing detection and prevention system from banks and government. But card-not-present fraud losses are increasing at higher rate because of online transaction as there is no chance to use Chip and PIN as well as card is not used face-to-face. Card-not-present fraud losses are growing in an un-protective and un-detective way. This paper seeks to investigate the current debate regarding the credit fraud in the banking sector and vulnerabilities in online banking and to study some possible remedial actions to detect and prevent credit fraud. The research also reveals lots of channels of fraud in online banking which are increasing day by day. These kinds of fraud are the main barriers for the e-business in the banking sector. Keywords: Credit Fraud, On-line banking, Internet, EBusiness.

1.1 Significance of the Research

It is very crucial to understand the risk of credit fraud in online transactions when banking and shopping. In the age of globalisation, e-business is increasing rapidly and etransaction is spreading all walks of life that make faster the lifestyle and richer to individual. Internet and ICT technology play an important role to change our lifestyle and e-business totally depend on these two things. In fact this is good news for fraudsters. With the help of technology, Social Hackers, e-retailer (false retailer), banks dishonest employee and e-fraudster all try to convince consumer by malicious spam e-mail and website, telephone and fax to reveal their personal identity, card details and bank information. They spread their activities in online and offline (social work) as well. The possibility of fraud is increasing though the government launches new rules and regulations to protect and detect their activities and also all the new technologies try to control fraudulent activities in online [2]. But e-fraudster is still working well with their network and credit fraud remains same in online or in some instance it is increasing.

1.

Introduction

2.

Background

E-business is the important applications of Internet. Internet is the main tool for e-business and banks have changed their business model with the help of internet. Banks extended their facilities via online and thereby etransaction has increased rapidly in the banking sector. The growth of on-line transaction gives a tremendous opportunity to banks and consumers. But credit fraud detection and prevention system in the banking sector is still remained unsecured. Banking represents the mirror of economy; fraud brings huge losses that shock all the performing activities. Internal banking fraud constitutes an aggressive presence in this sector. Therefore, temptation is ever growing and circulating throughout the entire banking system. The size of e-fraud was very small in the very beginning of e-banking activity. Though the banking system is one of the most rigorously regulated sectors to prevent fraud to operate. Bank professionals can detect potential internal fraud. Security awareness can bring about behavioural change, reduces employees vulnerability, and protects against potential threats of fraud. Banks should protect all the sensitive data providing strong detection system by using Internet Technology and also adopting fraud awareness programme. So with regard to Internet, main important issue is security [1]. Anti-virus and anti-spyware programmes, firewalls and some other methods try to achieve enhanced security.
978-0-7695-3953-9/10 $26.00 2010 IEEE DOI 10.1109/ICDS.2010.45 232 238

In order to have a better understanding of the whole process of Credit Fraud and fraud detection in the Banking sector, we carried out a comprehensive review of the principal themes in the literature [3], [4], [5], [6], [7], [8], [9], [10], [1]. Taking these works as references, we can define the concept of credit fraud (CF) in on-line, as the process of creating and making a clever understanding between buyers (consumer) and sellers (false e-retailer) / efraudsters or clients through on-line activities that exchange a false ideas and offer a big winner that make clients to be a victim of fraud.

2.1 Credit Fraud

Fraud is a special kind of human behaviour that is related to cheating, stealing, misunderstanding, misrepresenting, cunning false suggestions etc. One might easily be thought that credit fraud refers simply to the use of others credit card money without authorisation. Actually, it comes in so many shapes and sizes, for example- theft, market manipulation, insider dealing check and mortgage fund, firm fraud, advance fee, overdraft, misinterpretations, conspiracy to defraud and host of other scams [4]. Fraud is a relational context that will concentrate theft, stealing, and it has become so generally

Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.

understood and so commonly used that they are considered to be generic terms for a range of different crimes [3].

2.4 Detection in the banking sector

In spite of providing all the security measures and control, banks and consumers are still at risk for having their information stolen. To protect and detect fraud, banks need to have very strong IT Security Policy and procedure, good network and password standards. Also they can adopt awareness programme and training for employees about ecrime that will reduce employees vulnerability [10]. Process redesign may reduce credit fraud. Social Engineering enhance human hacking; for these people, process and technology play an equally important role in information security [10]. UK Banks indicated that around one in five of their call centre staffs were involved in fraudulent activities. E-business security can be solved, if the entire Internet companies take part in the worldwide Internet Security System [1]. Anti-viruses and antispyware programmes, firewalls and so on, are doing many things about security but all of these solutions proved to be still insufficient [1]. Without resolving security problems, the full opportunities of e-banking cannot be achieved. As the growth of electronic payments fraud is increasing, Banks need to be extra vigilant to make sure they are not victimized. So, Banks should adapt various business processes to block or minimise fraud losses. Card Watch is the Banking industries body in UK that works with police, retailers and other organisations to fight against plastic card fraud [22].

2.2 Advantages of Internet

Technology (e.g., internet & phone) creates new channels for interaction with customer [5]. Internet facilitate new distribution channel in retail banking [11]. Internet helps to access banking system from remote area [12]. Consumers get more facilities in shopping, paying bills and money transfer etc. The advantages of internet have also been studied by other authors, such as Hanson, 2000 [13]; Turban et al., 2002 [14]; Turban et al., 2004 [15] and Chaffey 2004 [16]. It creates a global market place for a business organisation and individuals. It makes easier to advertise products or services in on-line to the consumers and buy (goods or services) from virtual shop. It gives us convenient banking and quick information about variety of facilities. Thus internet creates a vast opportunities for business. Internet is a great place to find gifts, compare price, and avoid the crush in stores during the holiday season. It invites us for shopping in the online shopping malls in future [17]. Many legitimate companies sell their products or services through the internet. Charities use the internet to ask for donations.

2.3 Credit Fraud and Economy

Internet Banking (IB) creates lots of harms for economy through Credit fraud. Internet worm or virus spread instantly over computer systems and damage the systems. Williams and Kikalas (2005) [7] conducted an examination in 2003 and showed that 82% of surveyed companies are attacked by virus or worm. Credit fraud has a great impact on economy to make it worse. The spike in fraudulent activities hit strongly with the start of the credit crunch. Fraud losses on plastic cards are 535 million in 2007 [18]. Credit Crunch increase fraudulent activities. According to the UK Association of Chief Police Officers (ACPO), fraud now is estimated at costing in UK to be 13.9 bn a year [19]. The sufferers of credit fraud are the large group of consumers, shareholders, stakeholders, banks industries and government. Credit fraud (CF) has become a great threat to the consumers and it works against expanding ebusiness, and also fraud creates a challenge to the banks. Most of the CF are organised which is regarded as economically motivated offending involving more than two people [20] that is related to money laundering, murder, drug trafficking, hijacking, auditing, and financing. Sometimes it is very difficult to recognise who are the reputable online sellers as criminals use internet to rob people [21]. Various internet fraud complaints include auction fraud, credit and debit card fraud, non-delivery of goods or services. We are all vulnerable to illegal scams via internet. Online Credit Fraud includes auction fraud, credit and debit card fraud, bank details fraud, social security number fraud, valuable personal information and identity fraud through fake scams. Thus internet creates some major new challenges for consumers and organisations [9]. Phishing attack is performed due to vulnerability of consumers and creates bogus websites and looks like lawful seller one.

3.

Data collection

Primary data collection from the field survey was the main method of data collection. We distributed questioners to the clients of different banks, college and university students. We also sent email to different consumers to know their attitude, behaviour, activities and internet usability. We asked consumers how they make their decision when banking and shopping online in order to avoid the risk of credit fraud. E-mail addresses were collected from yahoo group and facebook. For field survey we selected some renowned educational institutions in London. During the data collection, we had to carefully consider the ethical factors of respondent that made sure their privacy would keep secret strictly and confidentially. Also in the questionnaire we did not include any question that can make respondents vulnerable to risk. A total of 1600 questionnaires were distributed for both online and field survey. 800 questionnaires were sent through website and e-mail, and the other 800 questionnaire were distributed for the field survey. Total 744 feedbacks were received and analysed.

4.

Results and discussions

4.1 On-line banking fraud

In 2008, losses for online banking fraud from scams such as phishing and spyware have increased 132% from the previous year [23]. Due to increase in phishing incidents, online banking customers are increasingly being targeted by malware attacks. Over 23 million adults banked on-line in 2008 and 55% of internet users bank online. Online banking users are the highest who are between 24 to 35 year olds, where over two-thirds of them had access to at least one account on-line. 94% of on-line
233 239

Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.

bankers access their main current account and over 10.5 billion transactions were made on UK cards in 2008, a total value of 603 billion [23]. Card spending on Internet has risen over the last five years. Card-not-present fraud losses are rising up to 13% in 2008 by Phone, Internet and mail order [23]. This is the largest type of card fraud in the UK. From 2000 to 2008 card-not-present fraud losses rose by 350%; over the same time period, the total value of online shopping alone increased by 1,077% up from 2000 to 2008 [23]. Figure 1 shows how the card-not-present losses increase over the years.

with the increase of e-transaction this kind of fraud is growing up to 54% in 2008 [23]. In UK, face-to-face retail fraud was getting up by 35% in 2008 where in the UK high street has declined by 55%. Face-to-face total card fraud losses year-on-year is decreasing, though in 2008 it has increased [23]. However it is possible to minimise with the help of Chip and Pin and password authentation.

4.2 Internet fraud on cards

In Figure 3, Internet fraud on cards is an increase of 2% in 2008. Internet fraud now accounts for 55% which is down from 61% in 2007 [23]. The fall in losses may be an indication that fraud is migrating away from the internet to other card-not-present channels [23]. Internet fraud is increasing outside of UK at higher rate than UK.

Figure 1: Card-not-present fraud losses in UK [23].

Figure 3: Internet / E-commerce fraud on cards [23].

4.3 Phishing
A fake version of genuine bank websites send out thousands or even millions of spam emails trying to convince people to click on a link that will send them to the fake website. There were 43,991 phishing websites targeted against UK banks and building societies in 2008 [23]. Indeed the rising number of phishing incidents has undoubtedly helped to raise online banking fraud losses. We also know that online banking customers are increasingly being targeted by malware attacks. Spyware is a type of computer virus that can be installed on ones computer without your realisation. Spyware is sometimes capable of acting as a 'keystroke logger', capturing all of the keystrokes entered into a computer keyboard. The emails are normally related to internet banking and try to dupe people into visiting or clicking on the link. Most of the fraudsters behind on-line banking scams are located overseas, and they need an accomplice with a UK bank account to act as a money transfer agent, to launder the funds obtained as a result of on-line scams.

(a)

(b) Figure 2: Card-not-present-fraud losses spilt by type (as percentage of total losses) [23]. Where card usage and transaction volume continue to increase, plastic card fraud losses against total turnover are still significantly less than in 2001 (before the introduction of Chip and Pin) [23]. Figure 2 (a) and (b) show that how card fraud is getting changed over time and how fraudsters are changing their technique and style with the help of technology. Figure 2(a) shows that in 1998 card-notpresent fraud was only 10% and Figure 2(b) shows that

4.4 Internet usability

This research investigates a large number of respondents where 67% (from internet using people) use internet for banking and shopping at home, 17% respondents use internet at home and library both, 12% people use only library for internet and 4% people use cafe for banking and shopping via internet. Figure 4, shows that
234 240

Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.

the internet using places where they use internet for banking and shopping (field survey).

their opinion that focus on the research topics when conducting this research. 4.7 Attacked by phishing or scam e-mail in life We asked the respondents that how many times they were attacked in their life by scam e-mail? In Figure 6, it is clear that one time attacked in life by scam e-mail is 14% respondents, two times attacked in life by scam e-mail is 27% respondents, three time attacked in life by scam email is 19% respondents, four times attacked in life by scam e-mail is 7%, five time attacked in life by scam email is 5% and more than five time attacked in life by scam e-mail is 4% respondents (field survey). Here none means respondents never attacked in their whole life by phishing or scam e-mail because they do not use online banking or shopping.

Figure 4: Graphical representation of Internet usability

4.5 Spam (scam) e-mail receive

This research explains how lots of spam e-mail people receive everyday. E-fraudsters use scam or phishing e-mail to make fraud to consumer in online banking. Respondents were asked how many spam (scam) e-mail they receive every day. In Figure 5, 5.61% respondents receive 0-19 spam email, 61.93% respondents receive 20-24 spam email, 10.53% respondents receive 25-29, 4.56% respondents receive 30-34, 7.37% respondents receive 3539 spam e-mail, 6.67% respondents receive 40-44 and 3% receive more than 45 spam e-mail.

Figure 6: Attacked by phishing or scam e-mail in life

4.8 Victim of Debit/Credit card or bank money fraud

Survey shows that respondents who are victim of fraud for one time in the whole life is 20%, two times is 14%, three time is 8%, four times is 1%, and five times in the whole life is also 1%. 56% respondents were not victimised in life because they do not use online banking, here we mention none. Figure 7 represents the above situation clearly.

Figure 5: Spam (scam) or phishing e-mail received everyday

4.6 Different types of phishing or scam e-mail

Survey investigates that 23% respondents receive lottery prize winner as a highest scam e-mail, 14% respondents receive work-at-home plan as a scam e-mail, 13% respondents receive summer holyday booking scam e-mail, 9% respondents receive advance fee loan scam, 4% respondents receive money offer scam and 13% respondents receive all of the above scams. But it is surprising that 24% respondents do not know what the scam e-mail or phishing is and how they affect their life. Short interview have been taken from the respondents for

Figure 7: Victim of Debit/Credit card or bank money fraud

235 241

Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.

4.9 Online banking activities

We asked the respondents that what kind of activities they do in online banking and shopping? 27% respondents said they use online banking to check bank statements and account balance, 13% use to pay bill (money), 4% to transfer account balance, 2% respondents use online banking to organise their account, 41% use online banking for doing all of the above four activities and 13% respondents said they do not do the above activities.

4.10 Length of using online banking

Respondents were asked that how long they are using online banking? In Figure 8, it is clear that 20.62% respondents have been using online banking for last 6 months whereas 36.02% user for one year, 15.27% for two years. 14.35% and 7.33% users have been using for three and four years respectively. 6.41% users have been using for five years or more.

Figure 9: The way we lose money in online

4.13

How to minimise credit fraud

Consumers were asked if they think banks need to provide more security protection for consumer to stop credit fraud in online. In response to the question, 9% respondents straightway said no, only 43% said yes that means banks need to provide more security protection than the existing one. And also 48% said yes but banks need to provide more security protection to save consumer and simultaneously need to increase more security awareness programme. With the increase of e-transaction, e-business fraud is increasing. But card-not-present fraud losses are increasing at higher rate because of online transaction. It is because there is no chance to use Chip and Pin, and also card is not used here face-to-face (see Figure 2). Though Chip and Pin, based on password authentication, is a top security measure to detect and protect fraud. But in online transaction there is no chance to use password. That is why Cardnot-present fraud losses are growing in an unprotective and un-detective way in e-business. Figure 8: Length of using online banking

4.14 4.11 Victimised by paying bill over the phone

We asked the respondent that how many times they were victimised by paying bill (money) over the phone? Survey investigates that 67% respondents never victimised in their whole life. One of the main reasons is either they do not use online banking or they are more sensitive about using online banking. Rest of them 20% users victim one time, 10% respondents victim two times and 3% users victim three times.

Card fraud prevention

When shopping online, before submitting card details one can ensure that the locked padlock or unbroken key symbol is showing in the browser which is an indication of secure sites. The retailer's internet address will change from 'http' to 'https' when a connection is secure. One can then print out the order and keep copies of the retailer's terms and conditions, return policy, delivery conditions, postal address (not a post office box) and phone number (not a mobile number).

4.12 The way we lose money in online

We asked the respondent that which way you lose money when you shopping or banking in online? In Figure 9, it is clear that 44.89% respondents lose money when they use online for shopping, 10.08% respondents lose money in online banking, 14.65% lose money (credit) paying bill over the phone. This research investigates that people lose money (credit) through auction which exploited 15.73% respondents. And 14.65% respondents said they did not lose credit in online, either they did not use online shopping and banking or they are more conscious about their identity.
236 242

5.

Conclusions

In the age of globalisation, world is getting closer and smaller by eliminating constraints of time and distance by the help of Internet [6] and ICT. Banks and retailers are spreading their activities in online to facilitate consumer. Customer can shop in online shopping mall from remote area. They can operate banking activities from wheelchair. Online banking and shopping is much easier than doing physically (in branch or store) but risk of credit fraud is greater in online than branch or store. One of the main applications of internet is e-commerce. Though the credit

Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.

fraud is increasing continuously, at the same time etransaction is increasing at a high rate in retail business (for shopping) and in the banking sector in online. So many ways, such as phishing, spyware, malware, money mule recruitment, lost or stolen card, mail-non-receipt, counterfeit card, card-not-present, card ID theft, cash machine and bodies (e-retailers) are involved in Credit fraud in the banking sector. Many employee frauds will still be going unprotected and unreported, which is the key danger sign for banking sector. National Fraud Reporting Centre (NFRC) is the main authority for monitoring banking fraud and reporting to the police [18]. Also several public organisations such as Serious Fraud Office (SFO), National Crime Squad (NCS), Serious Organised Crime Agency (SOCA), National Hi-Tech Crime Unit (NHTCU), National Criminal Intelligence Service (NCIS ) are working against credit fraud. British Bankers' Association (BBA) is working with the cooperation of all the above organisations to detect and prevent Credit Fraud [18], [24], [25]. The Get Safe On-line campaign was the first internet security awareness campaign, organised by the government along with SOCA, BT, eBay, HSBC, Microsoft and secure Trading. Banks need to take necessary steps by initiating fraud awareness programmes both for customer and staff, and staff training programmes that will help to remove staff vulnerability to fraud. E-business will be successful when all the e-retailer, e-marketers, banks and financial institutions will come in a one platform to detect and prevent fraud. In the light of this research, banks and government need to pay more attention to control card-notpresent fraud losses in e-business as it is increasing rapidly (see Figure 2).

at: http://www.jtaer.com/, [accessed on 14-6-2009]. [9] Phillip B., Blaise J. B. and Charles R. V. (2004), Internet Fraud: A Global Perspective; Journal of E-Business, June, vol.4, Issue 1, available at: http://www.journalofe-business.org/ [Accessed on 18-06-2009]. Okenyi, P. O. and Owens, T. J. (2007), On the Anatomy of Human Hacking; A Global Prospective, Information Security Journal: [online], available at: http://bura.brunel.ac.uk/ [accessed on 20-06-2009]. Tim Hughes (2003), Marketing Challenges in eBanking: Standalone or Integrated? Journal of Marketing Management, V. 19, pp.1067-1085. Keldon B. and Scott E. H (2005), The Effect of Heterogeneous Risk on the Early Adoption of Internet Banking Technologies; Journal of ebanking, 10, August, [online], available at: http://papers.ssrn.com/, [accessed on 25-06-2009]. Hanson W. (2000), Principal of Internet Marketing, Cincinnati, Ohio: South- Western college Publishing. Turban E., Lee J., King D. and Chung H. (2002), Electronic Commerce a Managerial Perspective, Prentice Hall International Inc.: New Jersey. Turban E., King D., Lee J. and Viehland D. (2004), Electronic Commerce a Managerial Perspective, Prentice Hall International Inc.: New Jersey. Chaffey D. (2004), E-Business and E-Commerce Management, Second Edition, London: Prentice Hall. John, V. B. and Robyn, W. (2002), Barriers to Purchasing on the Internet, Journal of EBusiness, Vol. II, No.1, June; [online], p.27. Available at: http://www.journalofe-business.org/, [accessed on 27-06-2009]. BBA (2008), British Bankers Association Annual Report 2007/08, 24 July, [online], Available at: www.bba.org.uk/, [Accessed 29-06-2009]. Ordnance Survey (2008), BBAs 6 th Annual Financial Crime Conference, 25 -26 Nov. [online], available at: http://www.bba.org.uk/ , [accessed on 24-06-2009]. Chris H., Keith H., Azrini W. and Emma W. (2009), Criminology; second edition, chapter-13, Steve Tombs, Oxford University Press, p. 342. NCL (2009), National Consumers Leagues, Available at: http://www.nclnet.org/news/2007, [accessed on 17-06-2009]. BIS (2009), Department for Business Innovation & Skills; Fraud and Scams, [online], available at: http://search.berr.gov.uk/ [accessed 24-06-2009]. Fraud (2009), Fraud The Facts 2009, [on-line], available at: www.apacs.org.uk/, [Accessed on 22-08-2009]. SFO (2009), Serious Fraud Office, [on-line]; available at: https://www.sfo.gov.uk/ [Accessed on 29-06-2009]. SOCA (2009), Serious Organised Crime Agency, [on-line], available at: http://www.soca.gov.uk/ , [accessed on 29-06-2009].

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

References
[1] Gonca T. Y. and Faruk K. (2009), User Rating System for the Internet (URSI) and Central Authority for Internet Security (CAIS); Journal of ebusiness, Vol. V, 2; Vol. VI, 1; [online], Available at: http://www.journalofe-business.org/, [accessed on 25-06- 2009].
[2] [3] Neuman, R. (1991), The future of the mass audience, Cambridge, MA: Cambridge University Press Bologna, J. (1984), Corporate Fraud; the basics of prevention and detection; Butterworth Publishers; p.1,15 Brian, W. (1995), Serious Fraud Office, Little, Brown and company, Introduction page. Hewer, P. and Howcroft, B. (1999), Consumers channel adoption and usage in the financial services industry: A review of existing approaches; journal of financial marketing, 3, 4, pp. 344-358. Kothari, V. and Kothari, M. P. (2001), E-Business: What have we learned; Journal of e-business, December, [online], Vol. 1, No. 2, p. 5. Available at: http://www.journalofe-business.org/ , [accessed, 27-06-2009]. Williams G. & Kikalas T. (2005), Operating systems Worm Targets, IGGeS submission; Journal. Heike N. and Thomas S. (2006), Digital Coins: Fairness Implemented by Observer; Journal of Theoretical and Applied Electronic Commerce Research, April, [on-line], Vol. 1, Issue 1, available [20] [18]

[19]

[4] [5]

[21]

[22]

[6]

[23]

[24]

[7] [8]

[25]

237 243

Authorized licensed use limited to: Bharat University. Downloaded on June 10,2010 at 04:21:25 UTC from IEEE Xplore. Restrictions apply.