Card fraud has fallen for the first time since 2005
The amount of fraud being committed on plastic cards across the country fell in the first half of the year, industry body Financial Fraud Action UK says.
Losses totalled £233m in the six months - down by 23% on both the first and second halves of last year.
Fraudsters may have turned to targeting foreign-issued cards, experts believe.
Phone, internet and mail order fraud levels all dropped for the first time, but online banking fraud losses rose to £39m, up 55% on the first half of 2008.
"Although it's difficult to prove, we think that one of the reasons for this dip in card losses may simply be as a result of fraudsters realising that they can prosper more by targeting foreign-issued cards," said Katy Worobec, head of Fraud Control.
"Particularly those without chip-and-pin protection and which currently have stronger currencies than sterling.
"The fact that we've seen a 36% increase in the first half of this year in the amount of fraud being committed on foreign-issued cards here in the UK adds some weight to this theory," she added.
Chip-and-pin cards were introduced by the UK banking industry in 2004. Total card fraud fell in the two years that followed.
CARD FRAUD, FIRST HALF 2009
Card not present - £134m (down 18% on first half 2008)
Counterfeit cards - £46.3m (down 48%)
Lost or stolen cards - £25.1m (down 6%)
Card ID theft - £23.9m (up 23%)
Card lost in post - £3.5m (down 33%)
Total - £232.8m (down 23%)
Source: Financial Fraud Action UK
Losses then rose in 2007 and 2008 to hit a new annual record last year of £610m.
Now it seems the problem may be coming under control again.
One reason for finally reducing fraud when cards are used to buy things over the phone, internet or mail order - known in the industry as "card not present" fraud - has been the introduction of online payment tools, such as Mastercard Secure Code and Verified by Visa, which ask the card owner to type in a second pin code at the point of purchase.
The value of successful frauds also dropped with counterfeit cards, with cards that had been lost or stolen, and where cards had gone missing in the post.
However, there was a word of warning about the figures from Richard Allen, of IT consultant Consult Hyperion.
"Last year was a painful blip - with card payment fraud up significantly, partly due to some very big cases - and so the comparison is best done against figures for 2007. That still gives a trend downward, but far less dramatic," he said.
The biggest area of rising fraud occurred in online banking. It was growing quicker than the rate of increase in online banking customers.
ONLINE FRAUD TERMS
Phishing: Sending a host of e-mails pretending to be from a bank in the hope that some users click on a link to a website that gathers their account details and password
Malware: Unsuspecting users download software that allows fraudsters to track the keystrokes they make on their computer
Spear phishing: Targeted phishing of a small group of people, often using fake social networking websites to gather personal information
"The increase is largely due to criminals employing more sophisticated methods to target online banking customers through malware scams - which target vulnerabilities in customers' PCs - rather than the banks' own systems which have proved more difficult for the fraudsters to attack," said Financial Fraud Action UK.
There were also more than 26,000 phishing incidents during January to June 2009 - a 26% increase on the number in the same period last year.
Phishing is when a fraudster sends out e-mails which appear to be from a bank, but actually try to divert users to websites run by the fraudster as a way of trying to find account numbers and passwords.
A recent report by security group MarkMonitor, which searches for these rogue websites, found that payment services suffered 49% of these attacks in the second quarter of the year.
Auction sites were targeted less than before, but e-mails from fraudsters pretending to be from social networking websites rose sharply.
Part of this was the result of so-called "spear phishing", when fraudsters target a small group of people, find out some key facts about them and e-mail them pretending to be a friend, according to MarkMonitor.
This e-mail often tries to get them to download something like a video, which actually is downloading software that catches their keystrokes, and in turn their passwords.
Earlier this week, it was revealed that the Google's web-based e-mail system, Gmail, as well as Yahoo, AOL and Microsoft's Hotmail, had been targeted as part of an industry-wide phishing scheme.
Mel Morris, chief executive of security company Prevx, said that banks should be creating a position where online banking is conducted by customers in isolation - and therefore risk-free even if their computer is infected.
"This could mark a significant step forward, as criminals move as fast as the security industry, so it is a constant game of cat and mouse to keep PCs secure," he said.
"However, if online banking sessions are locked down and run in isolation, fraudsters will not be able to get their hands on lucrative account information."