Based in the heart of London’s financial district, Matt sits at his office desk watching line upon line of numbers and letters flash up on the two computer screens in front of him.
To the uneducated eye, it looks like the sort of scrambled code you might see in the film The Matrix. But in fact, the blinking screens contain reams of information about hundreds of thousands of online banking customers.
Welcome to the front line in the fight against Britain’s fraud epidemic that is costing victims around £1 billion a year.
Threat: As fraudsters are becoming ever-more adept at bypassing their security measures, the banking industry has been forced to invest millions in new technology
Matt is part of a 2,500-strong fraud team at Lloyds Banking Group. As a fraud investigator, it is his job to monitor customers’ every move and spot the criminals operating among the bank’s 22 million current accounts.
The volume of data he scrutinises each day is staggering. He is looking for anything out of the ordinary, be it a customer logging in from an unusual location or even just typing more slowly than usual.
But with around 7,000 customers from across the group’s three banks — Lloyds, Halifax and Bank of Scotland — logging into their online and mobile accounts every minute, it is like trying to find a needle in a haystack, Matt admits.
Here, Money Mail reveals for the first time exactly what the banks are doing behind the scenes to tackle fraud — and how you can join the fight.
They are watching your every move
As fraudsters are becoming ever-more adept at bypassing their security measures, the banking industry has been forced to invest millions in new technology that will help stop the criminals in their tracks.
To help protect customers, Lloyds has built a sophisticated fraud monitoring system that records your every move when using your online account.
The system can detect how you behave physically — how quickly you type your password or move the cursor around the computer screen. It records how often you typically log in to your account and at what time of day.
And it can track which mobile phone or computer you use to access your account and where in the country you are when you do so.
To help protect customers, Lloyds has built a sophisticated fraud monitoring system that records your every move when using your online account
The bank also knows your income, where you shop and how much you normally spend at a time. All of this information is used to compile a secret profile of each customer detailing their typical behaviour.
It sounds scarily like Big Brother, but building a picture of the normal behaviour of each customer means it is much easier for banks to spot that ‘needle in a haystack’ fraudster who might be accessing your account without your knowledge.
Boffins in T-shirts and jeans
At the bank’s digital headquarters in Central London — a short walk from where Matt is watching his screens — online fraud expert Nihal explains exactly how it all works.
The digital office seems more suited to the likes of Google or Facebook than one of Britain’s oldest banks.
It is full of brightly coloured, coffee-stained sofas, garish green wallpaper and groups of young men clad in T-shirts and jeans talking excitedly in huddled groups over computer screens.
If a fraudster is able to trick you into disclosing your log-in details — by sending an email pretending to be from your bank or installing software on your computer that tracks your keystrokes, for example — they can access your account easily, Nihal tells me.
But once they log in, the bank’s computer system — called the Risk Engine — will be waiting to catch them out. It is looking for any suspicious activity that seems out of character for that customer.
So if, for example, someone logs into your account from a computer in Manchester when you live in London, or types the password far more slowly than usual, the system will put an alert on the account.
If nothing suspicious happens next, the alert could be downgraded — after all, it might just be that you’re trying to check your balance from a friend’s house and are struggling to remember your password. In this case you probably wouldn’t even know anything had happened.
But if a more risky act is carried out — such as setting up a new payee or transferring money out of your savings account — the alert will be upgraded.
In this instance your account may be frozen until the bank carries out further investigations. This may involve texting the customer to find out if they had meant to make a transaction.
‘The trick for us is finding the balance between supporting customers to make genuine transactions, without the annoyance of their account being frozen, and stopping the bad guys,’ Nihal says.
The need for this balance means the system will not always automatically block a payment just because it is slightly out-of-character.
For example, it is programmed to expect a spike in unusual purchases in the run-up to Christmas and on Black Friday. And it will even take into account major product launches such as a new iPhone.
Last year, British banks and card companies stopped more than £1.4 billion of attempted fraud. But cyber criminals still get away with £1 in every £3 they target
Searching out the money mules
Back at Lloyds’ fraud headquarters, Matt also relies on technology to root out accounts he suspects are being used fraudulently.
He uses a custom-built anti-fraud system that gathers data on every customer logging in, such as their name, age and address, transaction history and whether they are linked to any other customers.
It also records which internet service provider they use and their computer’s IP address — which can pinpoint where a computer is located to within a 25-mile radius.
The system then uses all of this information to spot combinations of activity most commonly associated with fraudsters. The exact details of how the fraud-fighting system works are top secret — but Matt is happy to show it off in action.
He points to a log-in ID number on the screen that has been suddenly highlighted in red. ‘When criminals get hold of genuine customers’ account details, they often try to use their own smartphones to log in.
This log-in has been flagged because it comes from a phone which has been used for fraud before,’ he says.
‘When anyone uses a suspicious phone to log into to any of our accounts, we get an alert and the account is frozen while one of our investigators looks into it,’ he adds.
He clicks on the ID number which opens up a record showing that the same phone has logged into accounts owned by three different customers in the past three months. This is a classic sign of a fraudster and Matt immediately freezes the account.
All the details of this account — including information on how, when and where the fraudster accessed it — will be fed into the system, which uses artificial intelligence to ‘learn’ and recognise similar activity in future. Matt explains that some banks have started sharing this data to help them stop fraud before it happens.
He pulls up details of an account which has just been blocked for receiving money paid by an unwitting scam victim.
The owner of the now-blocked account is a French national living in Britain who had banked with Lloyds for five years with no problems.
He seemed to be a genuine customer who paid a weekly wage into the account and had no history of fraud. But in June, NatWest sent out a warning to banks about a man with similar details who had been caught handling money for scammers.
This generated a warning flag in the Lloyds system, triggering a higher level of monitoring for suspicious activity on his account.
So when he suddenly received a £90,000 payment from an American bank account two months later, the fraud team was immediately alerted and could freeze the account before he had a chance to move the money again.
Matt and the team believe the Frenchman was acting as a money mule — someone who agrees to let their account be used by criminals in return for a fee. Fraudsters use mules to quickly move money through the banking system so it is difficult to trace.
At the start of this year, Lloyds launched a new team of 20 people to detect and stop money mules. Since then, it has uncovered 13,000 mule accounts and stopped £3.3 million from falling into the hands of fraudsters.
Matt’s boss, head of fraud investigations Simon Jobson, tells me it has become an increasing problem in recent months, with criminals targeting students and young people on Facebook with promises of making quick, easy cash. Many do not realise it is illegal or that it can leave them barred from opening any bank account in the UK.
‘Mules are now one of the main issues we deal with,’ he says. ‘A lot of the people involved were perfectly good customers who had not been in trouble before, but they meet someone at a party or see a post on Facebook or Instagram promising easy money which draws them in.’
If someone logs into your account from Manchester when you live in London, Lloyds’s system will put an alert on the account
Always think before you click
Last year, British banks and card companies stopped more than £1.4 billion of attempted fraud. But cyber criminals still get away with £1 in every £3 they target.
While advanced technology might be able to spot a suspicious payment or a fraudster logging into your account, it is much harder for it to tell if you have been tricked into sending funds at a scammer’s request.
This type of scam is known as ‘social engineering’. A common scheme sees fraudsters posing as police or bank staff calling customers to tell them their account has been compromised and they need to transfer their money into a ‘safe’ account.
These scams can be incredibly convincing so Lloyds has launched a Fraud Checkpoint system that asks customers two security questions before they can make certain payments, such as sending money to a new account. The aim is to force people to stop and think for a second about what they are doing.
First customers are asked if they have been told to make the transaction by the police or bank staff, with a warning stating that they would never do this.
The next question varies, but one example is: ‘Did you receive a phone call or email telling you to make this payment?’
Customers are again reminded that no bank would contact customers in this way to suggest they move money.
If there is ever a real problem with your account, your bank would most likely text or call and ask you to get in touch.
Never ring the number given in case it is a scam. Instead, call back using the phone number on the back of your debit card or go straight into a branch and speak to a staff member.
The most devastating blow when falling victim to this type of scam is that you are unlikely to get your money back.
Under existing banking rules, if a fraudster steals someone’s card details and takes money from their account without their permission, their bank must refund the customer — unless they have been negligent with their personal details by telling someone else their password or PIN, for example.
However, there is currently no such protection for people who have been duped into handing over their cash — known as authorised fraud. In this instance, you will typically only get your money back if you can prove the bank made a mistake.
Paul Davies, retail fraud director at Lloyds Banking Group, says: ‘Fraudsters can be incredibly convincing and even the most educated people can feel panicked when they are told their money is under threat and it needs to be moved.
‘The important thing is to stop and ask yourself who is getting in touch with you and what they are asking you to do?’
Report any cases of fraud — even if you weren’t left out of pocket — to Action Fraud online at actionfraud.police.uk or call 0300 123 2040.
- Some names have been changed to protect identities.