A consultation by the PSR (Payment Systems Regulator) to PSP(Payment System Provides)/Banks to prevent Authorised Push Payment Scams (APP) at source and to provide better support to the victims is underway.
APP scammers use Faster Payments as their payment channel of choice, 80% of APP fraud. To do so
scammers need a bank account.
Contingent Reimbursement Model Code (CRM) agreed by 9 banks, 85% of payments, reported £403 million losses in APP scams in 18 months with customers being reimbursed £175 million (43%). The amount a particular bank customer receives is very dependent
on the bank they are with, and this can range anywhere from 5 to 90%.
For the total APP scam figure the non-PSP Banks CRM members need to be added. Estimates are an additional 40% of APP fraud is taking place with the non-member PSP/Banks, who make 15% of the payments. It seems that scammers often attack the least prepared
PSP/Banks for greater success.
With Faster Payments offered by the PSP/Banks the sender (customer) is bearing the majority of the loss and also the fault for the APP fraud. The receiving bank account, where the scammers live, the fraudsters appear to be barely troubled as they move the
money on and often out of the country.
To further protect customers the following should be considered:
- Confirmation of Payee: Big 6 High Street Banks mandated and some volunteers
- Name of the bank account is being added (COP) to the sort code and account number request before payment
- Ideal for the fraudster as they focus on the least prepared PSP/banks
- Recommended Action 1: COP and mandatory for Faster Payments
- Payment Risk Dashboard incorporating COP data showing where the greater risks are for the sender and receiver banks:
- Highest risk for the sender is the very first payment to a new account. Therefore, relevant data is needed, e.g., the time the bank account has been open
- Highest risk for the receiving bank is an influx of COPs being higher than expected, e.g., 6 requests in a day against 1 per day prior
- Customer awareness and education: National campaign Take Five to stop fraud
- The Lending Standards Board (LSB) report April 2020 noted customers ignore warnings as PSP/Banks information is too generic
- The Financial Ombudsman Service (FOS), has overturned the majority of the PSP/banks’ refusals to pay reimbursements
- Recommended Action 2: PSP/Banks use specific warnings
- One of the best warnings is to let the customer know what the banks believe is the risk of fraud from safe to high, e.g., a type of traffic light dashboard.
- PSP/Banks to be rated by the LSB (or recognised independent) on who is the best/worst/most improved in reimbursement and supporting victims
As APP fraud is a growing menace to society, about 5,000 customers a month are scammed, the protection needs to be better coordinated, including more receivers’ bank details and transaction data. A framework of roles and responsibilities, with compliance,
is required. Similar to Know Your Customer (KYC) and Antimoney Laundering (AML) as banks as required under the banking license.
The customer, before making the payment, should see a dashboard of information showing the level of risk the PSP/banks predict for that transaction. As this customer is at the most danger of fraud making a payment to a new name, PSP/Banks may want to request
a period, e.g., 24 hours to approve that transaction over a certain amount. The customer also needs to know where the liability is likely to fall on which party once the payment is made.
The Payment Service Regulator has the opportunity to make Faster Payments a world class service that protects UK customer against APP scammers. By mandatory compliance, so everyone one knows their roles – the customer, the PSP and the sending and receiving
banks – and that a united front is presented against the APP scammers.
Fraud is a forever challenge, and we need to tackle APP Scams at source and protect customers, starting with Faster Payments.