The similarities (and differences) between the US and UK’s financial fraud landscapes

This year, Alloy included UK respondents as part of our survey outreach. So, how did the two countries measure up?

For our second Annual State of Fraud Benchmark Report, Alloy surveyed 450 fraud and risk decision-makers to garner insights about the most common types of fraud occurrences, how organizations are responding to these threats, and their future investments in fraud prevention.

This year, in addition to 250 US respondents, we also included 200 UK respondents as part of the survey outreach to see if there were any noticeable differences between the two countries. In general, the majority of the 2024 report’s findings were consistent across both the US and the UK:

• Most fraud occurrences took place via internet-based platforms, like mobile devices and online/digital services.

• Bust-out fraud and authorized push payment (APP) fraud were the most prevalent fraud types, and they were also responsible for the greatest financial losses.

• Step-up authentication actions continued to be the first course of action once risk was identified.

But even with the prevalent similarities and overlap, there are several noteworthy findings that are beneficial to highlight.

Wherever you are located, fraud is still a widespread, persistent problem.

Across both US and UK respondents, 98% still experienced fraud in the last 12 months, even though the number and frequency of fraud attempts occurred at a slower rate than the previous year. And while all respondents reported that their organizations experienced fewer financial setbacks, they recovered fewer of these financial losses in comparison to 2022. 25% of respondents still lost over 1 million EUR/USD.

Download the full report.

UK respondents reported more identity theft than US respondents.

UK participants were about twice as likely to report identity theft as the most prevalent form of fraud relative to US respondents (20% versus 7%). They were also more likely than US respondents to report that identity theft fraud caused the most financial losses for their organization (18% versus 12%). However, in reality these numbers are likely even higher than what was reflected in the survey because of a lack of recognizing and reporting a case as identity theft.

Organizations must be able to clearly pinpoint both the fraud methodology and its channel of origin to adeptly mitigate fraud. Without an omnichannel fraud solution, most organizations struggle to do so. In other words, they might classify and report an event like bust-out or account takeover fraud (ATO), but they might not report the associated identity theft that caused the event in the first place.

Why is identity theft going to become more prevalent? (Hint: It’s AI.)

US respondents were more likely to conduct real-time interdiction on applications and detect fraud during onboarding.

96% of US and UK respondents conduct real-time interdiction on either transactions or applications. However, US respondents reported that they were more likely to conduct real-time interdiction on applications than UK respondents (42% versus 34%). This could account for why UK respondents were less likely to detect fraud at onboarding (18% versus 33%).

When real-time interdiction is also conducted on applications — as opposed to just transactions — it enhances an organization’s ability to spot emerging fraud patterns earlier and stop fraud attacks faster. It also could help prevent fraudulent account openings and reduce operational burdens downstream.

Organizations that leverage more real-time interdiction capabilities at all points throughout the customer lifecycle monitor signals that better indicate fraud risk at onboarding or shortly after onboarding — before any fraudulent transaction occurs. This increases their ability to stop fraud, decreases the chances of customer friction, and helps protect the company’s reputation. Also, if funds are not stolen in the first place, then resources do not need to be allocated in an attempt to recover those financial losses.

Review common types of financial fraud and their potential impacts.

UK respondents saw a larger decrease in manual reviews than US respondents.

All respondents were asked, “Has your investment in fraud prevention tools also led to a decrease in manual reviews?” Those from the UK were 10% more likely to report a decrease than those from the US (58% versus 48%).

However, both countries indicated that they experienced a significant decrease in manual reviews as a result of their fraud prevention tools. An average of 67% said the number of applications that required manual review dropped between 26% - 50% thanks to their investments in fraud prevention.

This indicates that when an organization — regardless of where it is located on a map — decides to make an investment in fraud prevention tools, those investments are paying off. Ultimately, the decrease in manual reviews likely resulted in faster, safer application approvals and less customer friction.

Learn how HMBradley decreased their manual reviews to less than 20% with Alloy.

Both countries are still too focused on transactions instead of focusing on identity.

In 2023, fraud detection in both the US and the UK commonly occurred during real-time transaction monitoring. Respondents from both countries consistently cited “dramatic increases in volume of transactions over a short period of time” as the leading indicator of attempted fraud (40% on average).

Why is this an issue?

Well, the largest portion of US respondents (20%) also said that sophisticated fraud tactics are the leading cause of attempted fraud. 21% of UK respondents said the same. When organizations continue to focus on transactions — as opposed to identity — it means the fraudster is already in the system, and every subsequent reaction is fraud mitigation instead of fraud prevention. As fraud attacks grow increasingly sophisticated, the ability to quickly identify potential fraudsters and prevent fraud at origination, before the attack occurs, becomes that much more important.

Identifying people who will or might commit fraud should always be the priority. Identifying what and how much money is being stolen should be the second line of defense.

Better fraud prevention means prioritizing identity.

Both countries still rely heavily on KBA questions — and that is a mistake.

47% of respondents reported using knowledge-based authentication (KBA) as a first step once an anomaly or risk is detected, which indicates a strong need for better fraud education.

Fraud attacks are growing more sophisticated, so when organizations use a relatively unsophisticated option like KBA to confront these fraudsters, there is less chance that the fraud will be detected during onboarding.

We consider KBA relatively unsophisticated because it is often easier for a fraudster to answer a KBA question than the average consumer. A legitimate customer often forgets their answers. (If you’re like me, then you have to sit there and think to yourself, “Wait… what street did I live on in 2014 again?”) Fraudsters will use simple internet searches to do the research, track down these answers, and gain access to accounts. What fraudsters cannot find from internet searches, they usually obtain through data breaches or social engineering attempts.

An overreliance on KBA could eventually lead to more successful fraud attacks, additional financial losses, and an increase in unforeseen risks. While the accessibility of personally identifiable information (PII) might vary from individual to individual, security beyond KBA is necessary for any company that is serious about fraud prevention.

Learn more details about why KBA is not the most effective form of fraud prevention.

The future of fraud prevention investments — an Identity Risk Solution

Across both countries, 3 out of 4 banks, fintechs, and credit unions are planning to invest in an Identity Risk Solution — an end-to-end platform to manage identity, fraud, credit, and compliance risks throughout the customer lifecycle — in the next 12 months. Identity Risk Solutions, like Alloy, can enable secure and seamless customer experiences, starting at account opening and continuing throughout ongoing touchpoints like changes in a customer's PII and ongoing transactions.

The indication that investments in Identity Risk Solutions will only continue to increase in the coming year points to the respondents’ awareness that their organizations need more agile fraud prevention. And, whether they were located in the US or the UK, they are actively interested in pursuing more aggressive methods of keeping fraudsters at bay.