UK Takes the First Step to Stop Authorized Payment Scams

U.K. banks will soon have to reimburse customers who fall prey to authorized push payment scams. The U.K.’s Payment Systems Regulator recently released a long-awaited policy that would split the reimbursement cost between sending and receiving banks. The agency aims to incentivize the payment industry to invest further in end-to-end fraud prevention and increase customer protection.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

The regulator said it hopes splitting the cost between banks will help ensure both sides of the transactions have strong controls to prevent APP scams from occurring. The target implementation deadline for the new reimbursement program is Q1 2024. The report says that 97% of APP scams occur on the U.K. Faster Payments Service. According to the regulator, these scams were less than 0.1% of total faster payments in 2021.

Authorized push payment scams have risen steadily over the years as more countries worldwide adopt faster payments or rea- time payments. Forecasts from ACI’s PrimeTime for Real-Time annual report predict that, by 2026, real-time payments will be at the heart of the new global payments landscape, accounting for one-quarter of all electronic payments globally.

The report also says the Center for Business and Economic Research found that in 2021, real-time payments facilitated $78.4 billion of formal GDP across 30 selected markets, and that number is forecasted to reach $173 billion in 2026. Fighting against APP scams is essential to maintaining confidence in real-time payment systems and maximizing their economic benefits.

But the jury is still out on whether penalizing banks will reduce APP scams. Some say that the move will lead to more first-party fraud, in which customers willingly participate in the fraud.

The U.K.’s Payment Systems Regulator said fighting APP scams requires taking an ecosystem-level approach. Fraudsters are specifically targeting faster payment services because of the speed of transactions, so financial institutions need to be confident that they can authorize payments between each other, no matter what the channel. Consumers and businesses have always trusted banks to provide expertise and capabilities they do not possess themselves. They want to know that their bank is doing everything it can to protect them from scammers.

Ken Palla, retired director of MUFG Bank, said the regulator has put together a very detailed and complete document. “It is clear what is included in the policy statement and what is excluded. The PSR wants payment firms to take responsibility for protecting their customers at the point a payment is made. In doing so, it expects the new reimbursement requirement to lead firms to innovate and develop effective, data-driven interventions to change customer behavior.”

Key Policy Regulations

In the new reimbursement policy, reimbursement will be split 50-50 between sending and receiving banks. The regulator also wants both sides of the transaction to adopt a risk-based approach to determine when to intervene and hold or stop a payment. The PSR is looking to see if legislation might be needed to support these delays.

“On Us” transactions, in which the sending and receiving banks are the same, are currently excluded from the policy statement. The regulator will review the effectiveness of the new reimbursement requirement within two years.

The regulator expects these policies will help reduce APP scams over the long term, though it expects fraud cases to increase in the near future. Through better prevention and protection, consumers will gain confidence about using faster payments platforms, the regulator said.

The areas that the regulator has kept outside the scope of the reimbursement regulation include:

• Payments that take place across other payment systems, such as crypto exchanges;
• International payments;
• Payments made for unlawful purposes;
• Civil disputes in which a customer paid a legitimate supplier for goods or
  services but did not receive them.

Faster Payments and APP Fraud

Last year, the discussion around APP scams and whether banks should be made to reimburse victims gained a lot of traction in the United States. Many consumers complained of being defrauded while carrying out a transaction on Zelle, forcing Congress to raise questions about the need for reimbursement, though no action was taken.

Under current U.S. law, Regulation E of the Consumer Financial Protection Bureau requires reimbursement for any unauthorized payment fraud through electronic fund transfers. Regulation E and the CFPB have been largely silent about reimbursement for online authorized payment fraud.

The Netherlands implemented a voluntary process in which banks have agreed to reimburse consumers for APP scams. Singapore is currently working on a draft to introduce a reimbursement plan for consumers.

Great First Step

Though banks might feel shortchanged since they can’t be made responsible for every careless move made by customers, a step like this was needed for consumers to retain their faith in banks and for the adoption of faster payments to grow

The U.K. government in May came out with a fraud strategy that aims to reduce fraud cases overall, a majority of which includes APP scams.

In order to find a better way to stop APP scams, it is important to understand how they originate.

“The government recognizes that many of the scams begin with text messages, phone calls, email, social media, search engines and false advertising,” said Palla. “So, telecommunication companies and technology firms need to be involved in the solutions to block scams. But first there will be more tracking and reporting on the patterns of fraud, and the Payment Systems Regulator will require banks to provide reporting on authorized payment fraud rates.”