Blog article
See all stories »

APP Fraud: UK Government and UK Supreme Court at odds: what shall we do as scams jump 24%?

In June the UK Government gave royal assent to allow the Payment System Regulator (PSR) to mandate reimbursements for scam victims. Consumer and small enterprises (<£5 million revenue) are to receive the refunds in 5 working days.  Costs to be split 50/50 between the Payer and Payee Banks. In addition, Bank/Payment Service Provider (PSP) must have domestic Confirmation of Payee (CoP) in place. CoP prevents Authorised Push Payment (APP) being misdirected or scammed by showing who actually owns the bank account on the bank’s books.

In July the UK Supreme Court ruled banks must make the payment from the bank account once authorised by the account owner. The information to allow the authorised push payment (APP) to be made is clear. The authoriser of that payment is liable for the payment even if the payment is a scam. 

In August, Barclays reported 87% of scams came through social media platforms. This backup TSB data which showed 80% of fraud cases came through Meta-owned companies, Facebook, etc. 

Currently there is no legislation or regulation making social platforms liable for scams. Given scams are up 24% in the last quarter it is not surprising the bank/PSPs are calling on tech companies to be financially incentivised to reimburse scam victims. For example, Investment Scams cases are 5% of the total cases yet represent 30% of all money lost. Often the ads showing fake regulatory approval have not been verified.

Fraud experts

The UK should protect UK competitiveness by using its expertise, gained in making instant payments the norm, by stopping and preventing scams. To do this we need to know whom we are paying and is it the same person we believe it is. To do this we need to verify the person at the point of payment. This can be done through technology and throughout the payment cycle.

As the scammers, with their mules, are moving their illegal operations to bank/PSPs not offering CoP verification. New account requests to these banks need to have extra, real-time Know Your Customer (KYC) before the account is opened. 

FinTech companies have been working on AI and bio-techniques to help ensure the person is who they say they are. For example a ‘Chat-box’ asking the Payee a range of questions before moving larger sums of money to a new payee. Some banks do this today manually by calling the Payer to check on the instructions before the payment is transmitted. Then when the bank account is active the transactions timings in and out of the account do not mirror that of a scammer. 

The UK Supreme Court makes it clear that the bank has to make the payment as it is authorised by the owner. It has suggested the bank, upon being informed it's a scam need to demonstrate it has been active in trying to recover the money. As the scammers are set up to immediately to move the money once it hits their account this leaves a very small window for the money to be reclaimed.

Consequently, the bank now has to make certain the bank account owner is in no doubt that the liability belongs to them if they ignore CoP signs that a scam is likely. The bank/PSP could add a time delay while the payer assesses that the payer is genuine but this adds “friction” to the payment flow.

The bank’s fraud experts are urging people to watch out for unsolicited messages claiming to be from family, or close friends. They advise contacting the person directly, if possible, before ever sending a payment. For example, emails arrive claiming your loved ones are in need of urgent help, send or buy a card that they can use immediately. The cards have no recovery capabilities, once the money has been sent it’s gone and lost.

Going forward a greater use of new technology is urgently required for showing who owns the bank account. For example, a photograph/video of the account owner for use when moving large amounts. Faster Payments can move up to £1million in a single transaction covering the large amounts involved in Investment Scams. 

Once the PSR rules come into force in 2024 it will be interesting how the banks treat each other after the reimbursements have been made.  Clearly the bank paying out the most could well become the Scammers’ “Bank of the Month”.

The UK Supreme Court has made it easier for the banks to deny all liability for APP Scams. The persuasiveness of online platforms ads aimed at our wildest desires, e.g. riches await, has encouraged addiction. 

The growing choice to pay for purchases (66% scams) by Card or by Bank Transfer, on websites creates the need to reflect where the liability lies before payment. Card Schemes have regulated reimbursement programme while bank accounts do not. Historically if banks had payment fraud it was dealt with by operations as an anomaly. Credit Card fraud is treated as a Profit and Loss (P&L) item and handled by the Business Executives often Board Members. 

The PSR are doing the right thing for scam victims but this is at the tail end of the payment flow. Much more is needed at the start of the scam and the saviour is technology.  We have to incentive exceptional usage to turn the tide on scammers.

 David Wong:

“New technology is not good or evil - it’s about how we use it.’






Comments: (0)

Now hiring