So many conversations this week on APP fraud – here’s a Point of View from John Bertrand.
Over the last three months, The House of Lords, European Commission and the Payment System Regulator (PSR) published detailed reports and proposals on how to prevent instant payment fraud. It is not easy and requires multiple partners to work together and consumers and business to do their part in stopping this growing pandemic.
Robust, mandatory, focused incentives are needed across the fraud chain.
Fraudsters without a bank account have no ability to scam Consumers; the faster payment needs to go to another bank account. To run an APP fraud business of £500 million, growing at 30% per year you need thousands of bank accounts. Clearly the banks are not fulfilling their duty of ‘Know Your Customer’.
The fraudsters then use the participants in the chain – social media platforms, telecom and ISP – to contact consumers and businesses to defraud them. The participants allow fake paid for ads, emails, texts and spoofing telephone numbers of legitimate people and businesses over old, existing telecom systems.
The banks have groomed the consumer by asking for their details when they make the call for “security purpose”. Payment systems that do not verify the actual owner of the bank account and an attitude the scammed are to blame.
The Policing of digital scams needs to be accelerated. Traditional, analogue, crime is declining. Electronic scamming is such most of the adult population has experienced or heard about it. Having less than 1% of the Police resources managing 40% of crime is a complete imbalance.
To this end, participants in the fraud chain – social media platforms, telecoms and ISPs – need incentives to stop fraudsters’ scams. Fines, similar to banks open accounts for scammers, for carriers of fake and misleading ads should become mandatory. The EU new proposals for 2023 include fines of up to 10% of the global revenue for such activities.
In the UK this is starting to happen with the proposals from Payment Systems Regulator (PSR) includes mandatory CoP and consumer reimbursements for every bank with compliance actively monitored by Pay.UK. Where a bank does not use CoP then they should not be allowed to use Faster Payments.
Scammers should be actively pursued by law enforcement. The skills needed to tackle crypto crimes need a separate but joint policing entity helped by GCHQ, WCIT (www.wcit.org), universities and others are required. Many contributors to the proposals note and agree with not using ActionFraud. Less than 2% of the fraud cases reported to ActionFraud were investigated.
The participants’ Board members should know these fines are aimed at getting their attention. For example, a disincentive of £2,500 fine, the average consumer loss across the fraud chain would have generated £470 million in 2021 to fight fraud.
We need analysis and redefine the relationship with the consumer. Consumers must also play their part in fighting fraud. Today when CoP reports a mismatch on Payee name 26% continue with the payment without further due diligence.
At this point the consumer needs to understand that if they proceed, and the transaction is fraudulent, then they own that liability. Banks should provide technology or an in-person voice or video telephone/web at the point of payment. This is the go/no point of making payment and New Payees are the most likely to defraud the consumer.
Change is starting to happen with the proposals from Payment Systems Regulator (PSR) includes mandatory CoP and consumer reimbursements for every bank with compliance actively monitored by Pay.UK. Where a bank does not use CoP then they should not be allowed to use Faster Payments.
The Payment System Regulator proposes and correctly intends to mandate reimbursements to consumers. Reimbursement is within 48 hours of being defrauded and split 50/50 between the Payer and Payee bank accounts. The PSP are recommending reimbursement to start in 2023. This leaves the £1.1 billion not reimbursed to defrauded consumers between 2018 and 2021 in limbo.
Suggest a fine equal of £1.1 billion on the fraud chain participants funded by the banks to help pay for combatting fraud.
Fighting Fraud: Breaking the Chain clearly lays out why we have so much APP fraud and we must prioritise tackling the situation. The proposed PSR choice, Pay.UK and Ofcom for their respective sectors are key to manage the mandated compliance. When we achieve this, the UK would lead the world in fraud protection expertise. Over 70 countries are moving to instant payments and consumers in those countries will need to be safeguarded against cyber fraud.
Rephrasing Admiral Nelson famous quote from the Battle of Trafalgar “regulators, Police and Board Member participants in the fraud chain Board are mandated to do their duty of care”
European Commission proposes to accelerate the roll out of instant payments in euro published 26 Oct 2022
Automated push payment (APP) scams: Requiring reimbursement published 29 Sept 2022 by Payment System Regulator