News and resources on cyber and physical threats to banks and fintechs worldwide.
APP scam reimbursement plans are "fundamentally flawed" say MPs

APP scam reimbursement plans are "fundamentally flawed" say MPs

UK lawmakers says proposals to hand responsibility for scam reimbursement to a body sponsored by the banking industry are “fundamentally flawed”.

In a new report, the cross-party Treasury Committee laments the painfully slow implementation of mandatory reimbursement for fraud victims, and objects to new proposals by the regulator which would hand the refund process to an industry body.

Authorised push payment fraud, where a scammer tricks someone into sending them a payment, is widespread. At least 196,000 consumers lost £583 million to these scams in 2021.

The Payment Systems Regulator (PSR) proposes that banks and building societies will be required to fully reimburse victims of authorised push payment scams within two days of the fraud being reported where the loss is over £100.

However, rather than taking control of implementing mandatory reimbursement itself, the PSR is handing responsibility to Pay.UK, which is guaranteed by the financial services industry.

The Committee sees this as an inherent conflict of interest, as Pay.UK will be responsible for ensuring the very banks and building societies that are its own guarantors - some of which are fundamentally opposed to the plans - pay out large sums to reimburse consumers.

This creates an opportunity for the banking industry to slow down the implementation of the reimbursement plans, which have already been "unacceptably delayed" until 2024, say MPs, who are demanding enforcement by the end of the year.

The Committee also outlines that Pay.UK lacks effective tools to ensure the financial services industry is complying with the rules, as it has no regulatory or enforcement powers. The MPs call for the PSR to revise its plans and take back control of the reimbursement process.

Treasury Committee Chair, Harriett Baldwin MP, says: "Putting an industry body in charge of reimbursing scam victims is like asking a fox to guard the henhouse. The regulator needs to take back control of the reimbursement process, rather than leave it in the hands of an industry body which is inherently conflicted.”

Separately, the Treasury Sub-Committee on Financial Services Regulations has raised concerns about types of fraud which are not covered by the PSR’s proposals. In a letter to the Bank of England, the MPs question why high-value transactions made through Chaps such as house purchases, are not included. While these scams account for 0.2 per cent of all fraud, they amount to four per cent of fraud by value.

In a letter to the Financial Conduct Authority (FCA), the Sub-Committee asks whether transactions within the same bank will miss out on mandatory reimbursement protection.

The PSR has already come under attack for allowing banks to adopt a £100 threshold for reimbursing victims, a measure which could exclude up to a quarter of scam victims. MPs have also questioned this decision in correspondence with the PSR.

In its repsonse, the PSR says there is broad support for its proposals and that ministers have misinterpreted the extent of its poweres to make sure people are reimbursed and to improve fraud prevention.

"Payment systems operators (including, for example, Pay.UK which operates Faster Payments and Bacs, or the card schemes which allow us to make card payments) have rules and requirements on their users," the regulator says. "If a bank or other payment provider wants to use these systems, it has to follow the rules set out by the system operator. The PSR regulates these payment systems operators.

"In our consultation on APP scams, we set out proposals for the reimbursement rules, which we will define. We also set out our view that the most effective way to make sure victims of APP scams are reimbursed is by using our statutory powers to require changes to Pay.UK’s rules. This would mean if any financial firm wants to use the Faster Payments system, they will only be able to do so by adhering to the system rules, including around APP scam reimbursement.

"Our consultation also considered whether we would use our powers more broadly, by placing further regulatory requirements on payment firms to secure compliance with the requirements in Faster Payments rules."

Comments: (2)

Jeremy Light
Jeremy Light - Fourdotzero - London 07 February, 2023, 10:51Be the first to give this comment the thumbs up 0 likes

Google "UK money laundering convictions" or "UK credit card fraud convictions" and results come up with cases of convicted criminals. Do the same for "UK authorised push payment fraud convictions" and there are none - it's very strange, especially since APP fraud is bigger than credit card fraud.

Generally, there is a dearth of information and data on APP fraud - who is committing it, where they are from, which UK banks they target to take over accounts or open accounts, the conviction rates and so on.

All the focus is on reimbursing victims - why the silence on the fraudsters, measures to convict them and actions to prevent them?

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 February, 2023, 11:31Be the first to give this comment the thumbs up 0 likes

Dearth of information on perpetrators of APP Scam is consistent with my opinion that it's very hard to catch them.

Why Is It So Hard To Catch Cybercriminals?

Forcing banks to reimbuse APP scam victims is a canonical example of Drunk Under Lamp Post regulation.