Despite continuous efforts to bolster online security, card fraud in the UK is experiencing a concerning resurgence, with new data indicating a significant increase in both the volume of attacks and financial losses. After a period where it seemed the fight against card fraud was gaining ground, criminals are now employing increasingly sophisticated methods to bypass security checks and trick consumers into compromising their financial details.
A recent survey revealed that 14% of UK adults have been affected by card fraud in the last two years, a figure that climbs to 20% for those aged 25 to 34. While many victims cited common tactics such as fake adverts on social media (25%), search engines (21%), and phishing emails (18%), a quarter of those affected were unaware of how their fraud occurred. This highlights the evolving nature of these crimes and the difficulty consumers face in identifying the source of compromise.
Card-not-present fraud, which involves unauthorised remote purchases made online, over the phone, or via mail order, continues to be the primary concern. Although online security measures like one-time passcodes (OTPs) and banking app verifications were introduced to deter fraudsters, the volume of cases reached a record 3.2 million in 2025, marking a 13% year-on-year increase. Financial losses from these incidents also rose by 3% to a staggering £423.5 million. Banks often attribute these losses to cardholders being tricked into sharing OTPs, but card details can also be compromised through data breaches, skimming devices at ATMs, or malware-infected systems.
The international dimension of card fraud is also growing, largely due to the astronomical rise in internet sales. Overseas scammers are increasingly targeting UK cardholders, with subscription scams proving particularly persistent. Victims frequently discover recurring payments to unknown foreign companies, often with no recollection of how their card details were acquired. In 2024, a significant 75% of card-not-present fraud linked to online sales was processed by overseas merchant acquirers, indicating the scale of this cross-border challenge. Fraudsters exploit this by setting up multiple merchant accounts across different markets, allowing them to evade detection and bans.
Beyond remote purchases, criminals are also utilising tactics like SIM swapping, where they trick mobile networks into transferring a victim's number to their own SIM card. This allows them to intercept bank OTPs and gain access to online banking and mobile wallets. Another method, card cloning, involves stealing data from a card's magnetic strip using illegal devices at ATMs, often combined with hidden cameras to capture PINs. The stolen data can then be transferred to a blank card for fraudulent use.
With an estimated 142 million stolen card records reportedly available on the dark web in 2025, including comprehensive 'Fullz' packages containing sensitive personal and banking details, the threat landscape remains complex and challenging for both consumers and financial institutions. The ongoing battle against these sophisticated criminal networks requires continuous vigilance and adaptation from all parties involved.