Blog article
See all stories »

APP Fraud is now virtually free to the banking industry

The effects of fraud are not merely financial. As with other crimes against the person, victims suffer deep emotional distress – people have been known to commit suicide.  The victim-blaming approach taken by banks is often a bigger contributary factor to their trauma than the actual financial loss causes people deep trauma.

In the new world of open banking, Authorised Push Payment (APP) fraud, where a person authorises a payment before realising they have been scammed, has become industrialised, with the result that since 2019, UK banks have accumulated £612 million that has not been reimbursed to victims.

Banks argue – not unreasonably – that an account holder who authorises and confirms the details of a payment are responsible for that payment, whatever the outcome of the transaction: the bank provides the bank account either with fees or benefits in kind or at no cost to their clients. It is equally reasonable for the clients to trust the banks to look after their money and not provide bank accounts to fraudsters. The 400,000 APP fraud cases since 2019 suggests their trust is misplaced.

Each bank has its own approach to fighting fraud: a perfect environment for the fraudster who pick on the less prepared. Given the lack of economic impact for the banks, senior management’s other priorities are more pressing. One UK bank – TSB – guarantees its clients against fraud and is a member of the Contingent Reimbursement Model Code (CRM Code).

The CRM Code is supported by nine banks that represent 85% of the traffic on the UK Faster Payment real-time system. In the first six months 2020, the banks averaged 40% reimbursement with TSB averaging 99% and two banks reimbursing less than 10%. The non-CRM banks have significant higher fraud percentage taking place on their 15% payment volume as they do have not the resources of the bigger banks. What the victim receives from a bank is a wide range of reimbursement from sometimes nothing to the full amount.

Fraud continues to grow rapidly and is now one of the biggest forms of crime in the UK. Banks argue, rightly, that they alone cannot win the fraud war – to gain consensus from people, businesses, governments, big tech companies, law enforcement agencies and regulators takes time and commitment.

The one thing that the banks could address is the simple fact that fraudsters need a bank account for APP scams to work.

To remedy the situation banks – and all other payment service providers – need a uniform approach that acknowledges that banks are not liable for the account holders’ mistakes in falling victim to fraudsters. The quid pro quo is that when there is a case, they provide all of the details so that law enforcement agencies can follow the money and prosecute the fraudsters quickly.

The UK’s Payment System Regulator is currently reviewing consultation feedback on APP and a response is expected by September 2021 which may proactively challenge the scammers. It will also feed into the thinking behind the development of the anticipated New Payment Architecture which will provide an opportunity to show the world that the UK, a world-leader in real-time payments is working towards eradicating APP fraud before it spreads internationally.

Banks could even take a lead here – TSB can be held up as an example for its far larger brethren – and acknowledge their role in how fraud works. Perhaps they could ask their anti-money laundering team?

Or maybe just remember all those phrases from TV crime dramas: “aiding and abetting”, “obstructing the police in their enquiries”.




Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 April, 2021, 13:38Be the first to give this comment the thumbs up 0 likes

Person A wants to open bank account, comes to bank, submits all KYC documents, bank issues the account. (AFAIK KYC documents don't tag someone as a fraudster.) A then defauds another Person B via APP fraud. I honestly don't see how the bank can be held culpable for issuing the account to this Person A. At best, if B produces a police complaint against B to bank, then bank should freeze A's account and disclose A's contact info to law enforcement. Othewise, bank would be exceeding its remit and violating its confidentiality agreement with A by doing anything to A's account - after all, A is fraudster to B but not to the Bank. 

Now hiring