Did you know that over £1.2 billion was lost to financial fraud in the UK in 2022, or £2,300 per minute? It’s a staggering amount, but in fact represents a welcome reduction of 8% compared with 2021’s figures. Financial organizations are on the front line, working together to find ways to combat this type of crime.

BSI has a range of financial management standards, including BS EN ISO/IEC 27001 Information security, cybersecurity and privacy protection. Information security management systems. Requirements. Standards like these guide organizations in establishing robust systems to protect customers from fraud.

What is financial harm?

Financial harm involves transactions that either have not been authorized by an individual or that take place due to deception or manipulation by a third party.

The most obvious harm to individuals is losing money due to this type of crime. But there can be a range of other impacts, from emotional upset, to lost confidence in independent living, or hardship caused by missing funds.

All customers can be susceptible, though some are especially vulnerable: e.g. elderly people, those with learning disabilities, or those experiencing circumstances such as stress or bereavement.

How criminals target individuals

Criminals gain access to people’s money through various means. In some circumstances, fraudsters may be in direct contact with vulnerable people – for instance, by befriending a trusting pensioner and using this connection to steal money.

However, it is more common for criminals to obtain data indirectly – for example, by buying it following a data breach or by hacking into systems.

Stolen data can be used to make remote purchases or to transfer money to another account. Compromised computer systems can also be targeted by malware that spies on the user and sends information on to a third party. Once criminals obtain a few details about an individual, they can be used to gain further information or to issue unsolicited calls or emails asking for apparently legitimate payments.

Small reduction

Last year, unauthorized fraud losses stood at £726.9 million, a reduction of less than 1% from 2021. However, banks and card companies were able to prevent losses of around £1.2 billion in this type of fraud. Another encouraging sign is the 17% drop in authorized push payment (APP) fraud cases, where criminals trick people into transferring money from their accounts into one controlled by the scammers. New regulations surrounding Strong Customer Authentication (SCA) protections are adding an extra layer of security, and growing public awareness means that many attempted frauds are being stopped in their tracks.

Information security standards

Protecting customers’ data is critical for fraud prevention, and the regulator has come down hard on financial institutions that have failed to do so.

BS EN ISO/IEC 27001 Information security, cybersecurity and privacy protection. Information security management systems. Requirements. guides organizations in developing a best-in-class cybersecurity strategy.

It helps financial institutions and others plan and implement an information security management system to mitigate the risks of breaches and cybercrime. It takes a risk-based approach, enabling organizations to manage the security of assets including financial information. It also helps companies to continually refine and review their systems, today and for the future.

A suite of security standards

Whilst BS EN ISO/IEC 27001 sets out requirements, BS ISO/IEC 27002 describes the risk framework, and BS ISO/IEC 27005 gives guidance on how to implement controls.

BS EN ISO/IEC 27001 can be thought of as the ‘what’ and other standards in the ISO 27000 series help with the ‘how’. Guidance is particularly useful for smaller organizations with less experience, since misunderstanding can lead to adoption of excessive or onerous IS practices.

Discover BSI Knowledge

Over 100,000 internationally recognized standards are available for simple and flexible access with a BSI Knowledge subscription. Our tailored subscription service allows you to build your own custom collection of standards or opt for access to one of our pre-built modules, keeping you up to date with any changes. With support from a dedicated BSI account manager, our subscription service helps you achieve a more coherent and effective approach to best practice. Request to learn more.