There was good news for the UK's financial institutions this week as the latest figures from payments association Apacs showed a large drop in online banking fraud. But total card not present (CNP) losses, including those from online fraud and phishing, jumped again by nearly 50 percent.

The drop online banking fraud will be good news for banks such as Barclays and Lloyds, which have been rolling out two-factor authentication devices this year in order to combat the growing number of man-in-the-middle and phishing attacks. The drop of 67 percent from £22.4m in the first six months of 2006 to £7.5m in the same period this year could also be explained by the unusually high level of online banking fraud at the start of 2006, according to Apacs.

"The drop in online banking fraud is down to online banks successfully
implementing a range of back-end security measures to detect and prevent
fraud," said an Apacs spokesman. "Also, banks continue to make their
customers aware of phishing scams through statement inserts and messages
on their own websites."

However, the number of phishing incidents actually rose from 5,087 to 7,224, while CNP fraud increased from around £95m to £137m. The rise can partly be explained by the increase in adults shopping online, said Apacs.

Criminals are also exploiting the fact it is more difficult for an online retailer to confirm that they are dealing with a genuine cardholder using a genuine card," said the Apacs spokesman. "One of the best things an online retailer can do is sign up to the Verified by Visa and MasterCard SecureCode schemes."

In the face of these growing online fraud and phishing incidents, PayPal and eBay announced a new secure email service this week designed to protect their customers from fraudulent emails. The firms are introducing Yahoo's DomainKeys technology, which enables internet service providers to spot and block potentially fraudulent emails.

Also this week ID verification vendor Gridsure launched a new alternative to traditional PIN entry systems, which it said will raise security levels while maintaining a high degree of usability.

Gridsure requires users to choose a number of squares on a grid in a pattern of their choice. The grid is then populated with a random series of numbers and the user is asked to enter those digits which fall within the shape. Because these numbers change on every occasion, new PIN codes are created each time, making successful shoulder surfing or keylogging much more difficult, explained the firm's chief executive Stephen Howes.

The product could be applied to consumer-facing websites, giving the user a "chip and PIN-like experience through the web", at point of sale, on mobile devices or in a corporate environment for remote log-in, he added.

Gridsure chairman Jonathan Craymer said, "It's amazing that we have superb e-commerce throughout the world, but there's a gap, which this [solution] completes. At a stroke it provides a complete authentication solution and only one process for the user to learn."