Long reads

APP scams – are you protected?

Anna Roughley

Anna Roughley

Head of Insight and Engagement, Lending Standards Board (LSB)

Financial crime is on the rise, but the Lending Standing Board’s (LSB) CRM Code acts like Gotham’s bat-signal, calling banks, lenders, and building societies to protect consumers, and warning scammers that these firms are increasingly ready for the fight. 

In the last two years of pandemic upheaval, how people make payments has changed dramatically. Online payments boomed and more of us adopted online banking habits.

To quote Batman, hidden in the chaos of the new post-Covid world is the element (aka scammers) waiting to strike like snakes, always seemingly one step ahead of the latest thinking and technology. The rise of online payments has presented even more opportunities for fraudsters.

This was demonstrated in a recent report by ACI Worldwide, which revealed the rapid growth of Authorised Push Payment (APP) scams, which occur when customers are tricked into sending money to an account they believe belongs to a legitimate payee, but is controlled by a fraudster.

APP scams cover a range of techniques; from safe account scams, where scammers convince people to move money to another bank account to ‘protect’ against alleged fraud, to romance scams, where criminals form a relationship in order to ask for money or personal information.

Losses from such scams are expected to double in the UK across the next four years – a painful fact to come to terms with in the midst of the present cost of living crisis. It is sad to say that scammers also feed on emotions, like stress and loneliness, which were heightened during the pandemic and are rising for many due to the cost of living crisis.

Fortunately, protections are available.

2019 marked a major milestone in the available protections for customers from APP scams, with the introduction of the Contingent Reimbursement Model Code (CRM Code), governed by the LSB – the primary self-regulatory body for the banking and lending industry.

The Code requires registered banks, lenders, and building societies to better detect scams and stop them in their tracks.

As the name suggests, the Code also sets out that registered firms must reimburse customers who fall victim to APP scams through no fault of their own. The Code defines an individual eligible for reimbursement as one who intended to transfer funds to a legitimate recipient, but was instead deceived into transferring the funds to a different person; or one who transferred funds to another person for what they believed were legitimate purposes but which were in fact fraudulent.

Reimbursement is vital, but whilst this can reduce the hit to a customers’ wallet, scams are still emotionally distressing, carrying with them feelings of guilt, shame, worry, and embarrassment, not to mention the effects on people’s mental health.

As part of their efforts to stop scams, banks signed up to the Code additionally commit to participating in coordinated general customer education and awareness campaigns. Customers banking with CRM Code signatories should have access to a wealth of material from their bank, helping them to identify the latest trend of scams, and understand how best to protect themselves and what to do in the event that they do fall victim.

However, as the Code is opt-in, it is not unanimous to all banks, lenders, and building societies, meaning protection is not guaranteed for all customers. Some are still yet to sign up; and while some claim to work to the ‘spirit of the Code’. Only by becoming signatories can they help define the success measures, implement the Code in its entirety, and gain access to the LSB’s oversight programme. 

In this way, the Code is akin to the bat-signal for customers, indicating that protections are available. Customers who bank with those bearing the Code’s logo can feel safer in the knowledge that they are working behind the scenes, with the best set of tools available, to fight fraudsters, prevent scams from ever taking place, and reimburse those who do fall victim through no fault of their own. 

Customers can (and should) find out whether their bank, lender, or building society is one of the firms currently signed up to the Code by looking out for the CRM Code logo on their website or other documentation or by visiting the LSB website. They can also check out the CRM Code customer information notice to find out exactly what signatories have committed to do to protect them.

Much like the bat-signal, the CRM Code is both a call to action and a warning to fraudsters that signatories are ready for the fight. Customers wondering if they are protected need only look for the sign.

Comments: (0)