Community
This is the second blog out of eight in our series on the Contingent Reimbursement Model code (“CReM”) that purports to offer customers (also known as Payment Service Users or “PSUs”) strong protection against certain types of Authorised Push Payment Fraud, or “APPF”.
This one is on the types of fraud covered by the CReM.
APPF comes in two main flavours:
The CReM does not cover the first type, presumably because it is now accepted – pursuant to a recent decision of the Financial Ombudsman Service in favour of a consumer - that such a payment was actually unauthorised by the victim, despite having been authorised with the victim’s credentials. In these circumstances the victim is entitled to reimbursement in full as per Article 75.3.b. of the PSRs unless their firm can prove against them that they either “acted fraudulently or failed with intent or gross negligence to comply” with their “obligations in relation to payment instruments and personalised security credentials”.
Determining what behaviours constitute a failure with intent or gross negligence is now the dispute in this area, and not whether the payment was authorised or not.
Excluding this first type of APPF from the CReM has the effect of distancing the customer’s belatedly-established rights under it from the customer’s rights under the second main type. They should be the same, in our view, and the reason this is not so currently is byzantine, and should have been changed by the CReM if the CReM were to have any value.
The stumbling block is that case law was established under the regime of the previous version of the Payment Services Regulations (“PSRs”), which went onto the statute book in 2009, pursuant to the EU’s Payment Services Directive 1 of 2007.
Of course it would be extremely bad news for firms if that protection did apply, because:
This second type of APPF is extremely prevalent in the UK thanks to firms not checking that the name given by a payer in their payment is the same one as is associated in the books of the beneficiary firm with the stated Sort Code and Account Number.
This deficiency, embedded in the UK’s Faster Payments scheme in particular, has been costing consumers and businesses many millions of pounds – life-changing amounts in many instances.
This “wrong name” type of fraud is one of two types covered by the CReM and is described in para DS1.2.a.i as: “The Customer intended to transfer funds to another person, but was instead deceived into transferring the funds to a different person” i.e. the data in the payment was incoherent with the data associated with the account at the beneficiary firm.
Indeed, while the CReM does not cover one of the main types of payment fraud, it does purport to cover a situation which is not a payment fraud at all but simply a fraud, as described in para DS1.2.a.ii: “The Customer transferred funds to another person for what they believed were legitimate purposes but which were in fact fraudulent”. The inference here is that the data in the payment was fully coherent with the data associated with the account at the beneficiary firm.
The inclusion of this type of case in the CReM has several outcomes, and they are not good for those customers that have suffered from “wrong name” fraud or for those who have a bank account but are not a fraud victim at all:
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Prashant Bhardwaj Innovation Manager at Crif
05 December
Tachat Igityan Founder and CFO at destream
03 December
Ritesh Jain Founder at Infynit / Former COO HSBC
Erica Andersen Marketing at smartR AI
02 December
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.