Consumers get fast fraud refunds. Businesses don’t. With £1.14bn lost in the UK, siloed data and weak collaboration are leaving firms exposed to rising threats.
When consumers fall victim to fraud, businesses act quickly, securing accounts, communicating clearly, and determining liability. If fraud is found, businesses refund the customer, cover any associated fees, and set up new accounts. The Payments Systems Regulator reports 84% of consumers are reimbursed within five days.
Yet when businesses fall victim to instances of fraud, nobody acts quickly. Friendly fraud, return fraud, chargeback abuse, wardrobing, synthetic identity, and receipt manipulation; the result is always a net negative for a business.
Some see insurers, card acquirers, networks, or banks covering losses. Yet, as it is a steep process compared to the relatively small loss of individual acts, businesses usually chalk fraud up as ‘acceptable’ losses. According to the National Crime Agency, 86% of fraud goes unreported. Today, at a global level, it’s considered a part of everyday operations. However, one successful fraud after another quickly results in a deficit that damages whole economies. UK Finance’s 2024 report stated businesses lost £1.14 billion to fraud in 2024.
Step 1: Understanding Innovations in financial crime
Cifas, the UK’s leading fraud prevention service, revealed a staggering 421,000 cases filed to the National Fraud Database (NFD) in 2024. It’s a 13% Y-on-Y increase, the highest on record.
With powerful, easily accessible technology in the hands of nefarious actors, methods are evolving. It’s a key reason why we must act now.
An extreme, yet relevant example lies in AI deepfakes, which fall under Authorised Push Payment (APP) fraud, whereby a criminal tricks an individual, usually by posing as somebody familiar or authorised to request payment. Businesses have created specific training and identification systems and adopted Multi-Factor-Authentication (MFA) to defend against AI-based attacks seeking to con employees or bypass biometric recognition tests. But that is not enough on its own.
The Arup HK incident is most famous: a finance employee sent in excess of $20 million to a fraudster’s bank account after joining a virtual call with senior advisors. The advisors were, in reality, clever fraudsters using deepfake video technology.
It’s not the only way fraudsters are diversifying. Across cyber, financial, and retail fraud, the list of emerging threats grows each day. Current collaboration in the payments and financial crime prevention fields leaves much to be desired, and it starts with ineffective data.
Step 2: Moving data from siloes to synergy
The Economic Crime Survey of 2024 reports over one in four (27%) UK businesses – almost 400,000 – reported an incident of fraud in the last 12 months. Systems might be in place to prevent fraud, but siloes and little collaboration mean we don’t know where attempts are coming from or how they’re going to work.
The truth is, business data is underutilised and fragmented. Identifying fraudster patterns when operations are siloed and there is no centralised fraud detection protocol is near impossible. Payment data goes into one system. Returns to another. Customer loyalty has its own place. And support information does, too. How can a business accurately identify when fraud is taking place, let alone defend against it?
Let’s look at a decentralised franchise falling victim to receipt fraud as an example. What’s to stop a fraudster from visiting as many franchised shops as possible in a day’s travel, and receiving refunds at all of them? Separate systems won’t flag to other stores that a threat is before it’s too late.
This is a micro example. Now imagine the dynamics on a scale that spans entire sectors and continents. This is our current approach to prevention. Not just internationally, but nationally, regionally, even in the same building. We are not working together to combat fraud.
Step 3: The wider focus
A business can strive for 360-degree protection, but without combined might, fraud will persist.
Every business has neglected pools of data they rarely shares with partners and competitors. Back to Arup HK. It’s fair to assume the deepfake scam was not successful on the first attempt. What if a separate business caught and defended against the scam and flagged its presence via a centralised database? Would the attack still have been successful?
With the right approach to data sharing, there’s a higher chance of mitigating fraud before it occurs. Historical data can predict when and how fraud will be attempted and to whom. There’s also the opportunity to flag fraud attempts across entire networks in real time, enabling faster preventive action. Through this transparency, the sector adopts a proactive approach.
It also enables authorities to gather more evidence to pursue appropriate punishment, and allows businesses and financial operators to sanction criminals with more accurate grounds.
Industry agreement and effort will be a step-by-step process. We’ll need to ensure that customer protection and data security remain an absolute priority. But I’m here to say it is not impossible. It’s time we think about how the sheep can start hunting the wolves.
