PSR unveils action plan to tackle push payments fraud
03 Jan 17
UK regulator calls on banking industry to formulate common approach for tackling APP scams, following Which? ‘super-complaint’
Banks must work together to improve their handling of authorised push payment (APP) scams, according to one of the UK’s leading financial watchdogs.
The message arrived in an action plan unveiled on 16 December by the Payment Systems Regulator (PSR), issued in response to a ‘super-complaint’ it received from consumer-rights group Which?
Issued in September, the Which? complaint drew attention to the growing threat that bank customers currently face from APP fraud: a practice whereby account holders are deceived into personally authorising fund transfers to wrongdoers.
The crime takes advantage of the relatively easy ability – available to the vast majority of banking customers – to OK transfers either on the phone, or while visiting branches.
There are two, classic types of APP scam:
- Malicious misdirection, when victims believe they are paying a known, legitimate payee – but are instead tricked into making a push payment to a scammer’s account.
- Malicious payee, when victims make a push payment – typically in return for promised goods or services – to people they believe are legitimate, but who later turn out to be scammers.
Following extensive research of the problem, the consumer group highlighted a crucial discrepancy between how banks deal with APP scams, and how they handle other types of customer-based fraud.
“The risks [posed by APP scams] are not allocated to those best placed to manage them,” Which? noted in its super-complaint. “Scammers can use a range of highly sophisticated techniques to identify and deceive consumers into instructing their bank to make a payment.
“In most other payment contexts (including unauthorised push payments, and authorised and unauthorised pull payments), the bank is liable for losses (typically subject to qualifications such as the consumer not having been grossly negligent).
“But where consumers have been deceived into authorising push payments, they will almost always bear the resulting costs – even though banks are typically much better placed than consumers to guard against the risks of such payments being made.”
After examining the Which? complaint, the PSR concluded that the way banks work together in response to scam reports must improve. Indeed, evidence suggested that some banks could do a lot more to identify potentially fraudulent incoming payments, and prevent accounts from falling prey to scammers.
In a statement, PSR MD Hannah Nixon flagged up an underlying issue behind APP fraud. “Tens of thousands of people have, combined, lost hundreds of millions of pounds to these scams – but the data we have seen so far is incomplete,” she said.
“We need a concerted and coordinated industry-wide approach to better protect consumers, and we need it to start today.”
With that in mind, the PSR has worked with fellow watchdog Financial Fraud Action UK to develop a programme on which they expect the banking industry to take a lead.
It consists of three streams, requiring banks to:
- liaise with the Information Commissioner to develop a common understanding of what information they can share under existing law, and the key legal barriers to sharing further, relevant data – for example, details that would help victims recover their money;
- develop, collect and publish robust scam statistics to address the lack of clear data on the problem’s scope and scale, and to enable monitoring of the issue over time; and
- develop a common approach – or set of best-practice standards – that both the victim’s bank and the bank that receives the money should follow when responding to reports of scams.
The watchdogs want the common approach to cover such issues as the availability of fraud specialists and processes by which banks agree indemnity agreements between themselves.
Meanwhile, the PSR will assess whether the Faster Payments Service and CHAPS could play expanded roles in helping to minimise the consumer harm that stems from APP scams.
Nixon added: “There is no silver bullet – but more can be done to prevent these scams in the first instance, and to respond faster when it does happen, in order to give consumers more support and help in recovering their money.
“As technology improves, we need to find ways of making it harder for fraudsters to commit these scams. We are committed to seeing the banking industry work together to take a firm and proactive stance in protecting their customers from this type of fraud.”