A Finextra member 11 November, 2021, 11:39 3 likes

Why is my bank responsible for me telling them to send money to a fraudster? I don't get it. Surely the compensation should come from the payee bank, since they know who the fraudstrer is.

Jackie Barwell - ACI Worldwide - London 11 November, 2021, 12:50 0 likes

Banks have the ability to monitor incoming funds as much as they can monitor outgoing - so they should do so.  If a recipient bank account accumulates a 'dodgy' reputation over time, then surely that recipient bank should decline future incoming transactions to the 'dodgy' account as soon as its risk score reaches a pre-determined 'reject' threshold.  If banks do that, then they have a better case to answer if they choose to reject a claim.  By not doing this, they're not doing all they can to protect account holders.  

Jeremy Light - pingNpay - London 11 November, 2021, 13:09 2 likes

@Dave Birch - I fully agree. Also, I continue to be amazed that press comment and regulatory actions centre around reimbursing APP victims rather than tackling the route cause of the fraud which is fraudster-controlled accounts at the payee bank.

Talking to people in the open banking world it is clear that bank KYC efficacy varies significantly across banks and that those banks with weaker KYC controls are clearly identifiable. On-us APP fraud is <1% (see PSR APP consultation) whereas on-us payments are around 10% - this may indicate fraudulent accounts are disproportionately in the smaller banks.

Reimbursing innocent victims is obviously very important but as you say it should be the payee bank who reimburses rather than the victim's bank. It is also beyond me why regulators fail to hold all banks accountable to meet the same KYC efficacy - making payee banks liable would jolt into action those with weaker KYC. 

Perhaps regulators worry about burdening smaller banks while finding it easier to bash the big banks who bear the brunt of APP fraud.

A Finextra member 12 November, 2021, 08:23 0 likes

"Perhaps regulators worry about burdening smaller banks"

Good points all, Jeremy, and yet another argument for some sort of federated bank-led digital identity with a proper interchange and liability scheme in place.

Andy Hunter - Perficiam Ltd - London 12 November, 2021, 12:57 0 likes

The banks need to get their arms around this before liability escalates. COP is patchy and it is unreasonable to give identity risk to the consumer. In the cheques world, this risk rests with the banks who are far better placed to accept it and the system works well. If the same princinciple was applied here it would be much easier to defend those more difficult claims that transactions should have been blocked because they were not in the remitter's best interests.

A Finextra member 16 November, 2021, 12:31 1 like

My expectation is PSR intervention (again) by January - the leakage is unsustainable and although I applaud the new bandaid trial of phoning a hotline to check the payment is OK to send, it's not exactly scalable. Trust is everything if we aren't going to regress to bags of cash, meeting on the side of the street to conduct transactions.