On 25 November 2022, the Payment Systems Regulator (PSR) closed its consultation on new proposals to help address Authorised Push Payment (APP) scams.
Before it proceeds to implementation, we encourage the PSR to consider the potential impact of its APP scam proposals on the ability of Open Banking-enabled account-to-account (A2A) payments to effectively compete as a retail payment method.
Responding to a growing threat
APP fraud scams, where victims are manipulated into making real-time payments to fraudsters, have a terrible and lasting impact on their victims, who are more often than not consumers.
According to UK Finance, in the first half of 2022, APP fraud amounted to around £250 million, nearly half of total losses from fraud in that period.
Without doubt, there’s an urgent need to adopt a cross-sectoral approach to protect consumers and reduce harm from APP scams in the future. But any new measures implemented must be well-thought-out and targeted in the right areas.
In its consultation, the PSR has proposed requiring reimbursement for scam victims and splitting the funding of that reimbursement 50/50 between the sending bank and the recipient bank. The PSR’s thinking is that it would place more incentives on both the
sending and receiving banks to stop APP scams. The PSR has stated that payments initiated via Open Banking would be included in these proposals.
However, alongside its work on APP scams, the PSR also has a policy programme aimed at driving Open Banking-enabled A2A payments to compete with cards for retail payment use cases. We’re concerned there is a fundamental tension between the PSR’s ambitions
for A2A retail payments and its latest proposals to address APP scams.
Beware the unintended consequences
For Open Banking-enabled A2A retail payments to compete effectively with cards, it’s key they are fast, low friction, and low cost. Unfortunately, the PSR’s APP scam proposals have the potential to adversely impact all of these characteristics. And this
is unlikely to be for any material benefit, given that most Open Banking-enabled A2A payments to merchants are already at significantly lower risk of APP scams.
Our first issue is with friction. The PSR’s proposals will likely result in banks introducing more warning screens and steps to A2A payment consent and authentication journeys, adding more friction to the use of A2A for retail payments.
More broadly, there’s a risk of banks slowing down payments as a result of these proposals. For example, by introducing a lower threshold for payments that are escalated for enhanced fraud checks.
While more friction and slower speed may be an appropriate response for A2A payments at genuine higher risk of APP scams, it’s not appropriate for Open Banking-enabled A2A retail payments to merchants. For these payments, merchants partner with a payment
provider to immutably pre-populate the merchant’s payment account details for the consumer. This means the consumer is unable to be convinced to change these details by an APP scammer.
Furthermore, a merchant using Open Banking A2A payments in this way is also at much lower risk of themselves being a scammer, given the merchant is subject to additional due diligence by their Open Banking payments partner. This is on top of the detailed
vetting already done by the merchant’s own bank when providing them with a business bank account.
This explains why a
report by the Open Banking Implementation Entity (OBIE) called out that the risk of APP fraud in merchant initiation via PISP as “exceptionally low”, and that the inclusion of Confirmation of Payee and other warnings in these payments would introduce more
friction and costs disproportionate to any benefits.
Finally, we also believe broader liability for reimbursement could negatively impact the economics of instant payments. At present, instant payments are typically free to consumers on the send side, and businesses pay to receive them. To claw back some of
what they would spend on victim reimbursements, banks may pass higher costs on to businesses — which could sway a business’ decision on whether to accept retail transactions using Open Banking.
Taking the next steps
The PSR has stated
Open Banking has the “clear potential” to facilitate A2A payments for retail transactions and compete with cards. To avoid diminishing this potential, before implementing its APP scam proposals we think the PSR should consider in more detail their potential
impact on the ability of Open Banking-enabled A2A payments to effectively compete as a retail payment method.
Further, the PSR should support the burgeoning Open Banking ecosystem to enable richer sharing of data between Open Banking providers and banks. This will help support banks in making more targeted and informed decisions around the vulnerability of a specific
A2A scenario to APP scams.
Industry-level data around fraud and Open Banking payments is currently extremely limited. We think this is something that industry and regulators can help to collate to inform collaborative, targeted measures across the industry.
If provided with the right environment in which to flourish, Open Banking-enabled A2A retail payments can compete with cards but also help address the issue of APP scams. Let’s work together on tackling APP fraud for the benefit of consumers and merchants.
Let’s get the balance right.