Blog· 6min June 26, 2023
At the beginning of June 2023, the Payments Systems Regulator (PSR) published the latest update regarding the reimbursement requirements for Authorised Push Payment (APP) Fraud in the UK, through the Faster Payment Scheme.
By way of a quick recap, the salient points of the new requirements are as follows:
Based on data from the latest UK Finance Annual Fraud Report, in 2022 value of APP scams amounted to £485.2m across 207,372 cases. This figure is only what is reported, the true volume, including unreported victims of APP Fraud, will be much higher.
Out of the total £485.2m which was reported, £285.6m was reimbursed back to the victim – which equates to 58.8%. Recovery of these funds is notoriously low, and therefore most of this financial cost is covered by the PSP of the victim only.
Those cases for which the PSP has not reimbursed the victim (£199.6m), under either the voluntary Contingent Reimbursement Model (CRM) or other principles, result in the victim being financially out of pocket from the Scams, as well as a host of non-financial impacts.
In the same report from UK Finance, for the first-time, data is being published which shows the originating source of APP Fraud, as most of the fraud starts outside of the banking centre. UK Finance summarise this data with the following 2 statements:
When equating this to volume of APP Fraud in 2022, 162k cases originated online equating to £175m of losses at an average case value of £1,080. By comparison, telecommunication origination cases are 37k worth £213m at an average case value of £5,719.
However, there is currently no liability or formal obligation for technology companies to contribute to both the prevention and the financial impact associated with APP Fraud.
But is the heat starting to build on the tech companies to play their part in addressing this ever-increasing challenge?
Over the last month, there has been increasing pressure on technology companies, particularly Meta (the parent company owning Facebook, Instagram, and WhatsApp) to do more to protect customers from becoming victims of Fraud.
TSB Chief Executive, Robin Bulloch, has written to Meta calling for them to implement tech interventions which are urgently needed to protect customers from spiralling levels of fraud. The extent of which Meta platform are a source for fraud is laid bare by the stats from TSB:
A similar message has been presented by Lloyds Banking Group, in a press release calling on Meta, and other tech companies, to do more to stop scams at source and play their part in refunding victims of fraud which originates on their platforms. The stats from Lloyds are very much aligned to those from TSB but include the scary perspective that someone in the UK falls victim to a shopping scam across Facebook (including Facebook Marketplace) and Instagram every 7 minutes.
Liz Ziegler, Fraud Prevention Director at Lloyds, sums it up in the press release with the following statement, with a call for tech companies to not only stop the scams, but also to be financially responsible when their platform has been used to defraud a victim:
“Banks have been at the forefront of tackling the epidemic of scams, but they cannot fight it alone. It’s high time tech companies stepped up to share responsibility for protecting their own customers. This means stopping scams at source and contributing to refunds when their platforms are used to defraud innocent victims.”
The sentiment is much wider that just TSB and Lloyds Banking Group, with the details shared by Sky News on 17th June that 9 of the largest banks in the UK (NatWest, Nationwide, Lloyds, HSBC, TSB, Barclays, Santander, Handelsbanken & Starling) had written to the Prime Minister stating that:
They have asked for 3 key actions from tech companies, but this also extends to telecommunication companies too, which are:
There is a 4th action which I believe is critical which is the collaboration on data between all parties in the ecosystem. For instance,
The letter to the Prime Minster was also signed by Chairman and Chief Executive of UK Finance, the banking lobbying group. However, no reference is made to any involvement with the PSR in this approach to the Prime Minster.
Last week, I was involved in a conference discussing the PSR recommendations, and the question was asked – “Will the changes work?”.
My opinion is that when regulation is forced on an industry, then what you tend to experience is an exploration of how to be compliant with the regulation, rather than ensuring that the actions taken are directly aligned to the problem that the regulation is trying to solve.
Closer co-operation across all industries is required to address the issues that the UK is facing regarding APP Fraud. This is not just limited to the involvement of the tech and telecoms companies, however. Banks must embrace the changes that are being mandated in the UK around sharing of data and intelligence through the appropriate channels to collaborate on the problems we are facing – for which the UK, as described by the banks, has become “a global hotspot for fraud and scams”.
Public / Private data sharing must become the norm, however, there needs to be a drive for inclusivity from relevant leadership to make this happen.
Regulation is a strong tool to be used, but it feels that through a collective lack of movement by the associated industries, the deployment of regulation is the last resort. As an industry we must not seek to see regulation as a negative, but rather an opportunity to make a difference. We will be judged in the years ahead as to the ability of Financial Services, Tech Companies & TelCo’s in moving the dial in preventing the ever-growing issues experienced, both financial and non-financial, around fraud and scams.
It is imperative that there is no slowing down in the Economic Crime and Corporate Transparency Bill which is currently progressing through the House of Lords, with aggressive – but realistic – timelines agreed through the consultation to be shortly issued by the PSR.
PSP’s need to be preparing for the forthcoming regulation changes, the inclusion of a “Failure to prevent Fraud” offence within the bill places a clear emphasis on having “reasonable fraud prevention procedures in place”. The government has committed to publish guidance providing organisations with more information about reasonable procedures before the new offence comes into force. However, now is the time to be assessing what changes you need to make to ensure compliance with the complete requirements in the new legislation.
The role of tech companies in the infrastructure and environment of protecting customers must follow separately, but at pace. As an industry we must build trust with our customers that they are being protected when they are a victim of a scam.
Markets outside of the UK are observing the steps we are taking, and I fully expect similar regulatory requirements to follow in those markets. The extent to which companies within those markets embrace the principles of protecting of customers will, in my opinion, determine the extent to which aspects of regulation are enforced.