alexskopje - stock.adobe.com
The government is to legislate for mandatory reimbursement for victims of authorised push payment (APP) scams after hundreds of millions of pounds were stolen in first half of this year.
Through an industry consultation, the UK payments systems regulator (PSR) is investigating how to reduce losses to the technique, which is increasingly used by criminals.
It is calling on banks and tech firms to be more transparent about APP fraud levels, increase prevention and make reimbursement to victims mandatory.
APP fraud, also known as bank transfer fraud, sees criminals use fake websites and emails to trick consumers into authorising payments to them as the scammers attempt to avoid the security embedded into the banking system. It is a growing problem, which, according to banking trade body UK Finance, increased by 70% in the first six months of this year, reaching a value of £355m.
Banking systems have automated security checks on suspicious activity, making it more difficult for criminals to steal money. Because of this, they are targeting human weaknesses through APP scams using phone calls, emails, text messages, fake websites and social media posts to trick people into handing over their personal data, before conning them into authorising payments.
“The PSR expects to see more action from financial institutions to stop these scams from happening and to better protect people if they do fall victim,” said the regulator.
It said action must be taken to prevent scams by the financial sector, and by organisations in the digital ecosystem, including social media firms.
The PSR wants the publication of fraud data by the UK’s largest banks and building societies and is calling for smaller finance firms to publish data on their performance in relation to APP scams and on reimbursement levels for victims. It also wants firms to improve scam prevention through intelligence-sharing and wants work done on developing how best to make reimbursement mandatory to victims of APP scams.
John Glen, economic secretary to HM Treasury, said APP fraud is posing an escalating risk to UK customers, with increasingly sophisticated scams. “The government’s position is that liability and reimbursement requirements on firms need to be clear so that customers are suitably protected,” he said.
“It is welcome that the PSR is consulting on measures to that end, and to help prevent these scams from happening in the first place. The government will also legislate to address any barriers to regulatory action at the earliest opportunity.”
Read more about authorised push payment fraud
- All banks must be transparent about the proportion of victims of APP fraud they refund, says consumer rights organisation Which?.
- The financial services ombudsman is siding with customers in over 75% of complaints against banks that refuse to repay losses to authorised push payment fraud.
- Criminals tricking people into making payments through channels such as fake emails and websites have stolen more money than payment card fraudsters.
PSR managing director Chris Hemsley said: “More needs to be done and while voluntary industry measures have helped some victims, there are many institutions that have yet to step up to the mark and protect people properly – including social media firms.
“The range of steps we plan to take will show people which banks and building societies are likely to respond to frauds in the right way and will put the onus on financial institutions to get better at detecting and preventing scams.
“We are also setting out the way to make reimbursement mandatory for those blameless victims, so that when the law is changed, we are ready to act as quickly as possible to get protections to the people who need them.”
In January, Anne Boden, CEO of digital challenger Starling Bank, called for cooperation between different sectors to clamp down on APP fraud.
In a blog post, Boden said other sectors must shoulder some responsibility for APP scams, particularly social media platforms. “Banks invest billions of pounds into tackling economic crime, but we cannot stop it on our own,” she wrote.
“Very often, [social media] accounts are used for advertising for ‘money mules’ for the purposes of money laundering, selling stolen identity and credit card data, phishing, bogus investment scams and impersonation fraud.”
Boden said banks “seem to have become the underwriter of all kinds of fraud that are not really financial fraud at all”.
The PSR consultation is open until 14 January 2022.
Read more on IT for financial services
UK Finance paints mixed picture of fraud as losses top £500m
Prime minister Rishi Sunak faces pressure from banks to force tech firms to pay for online fraud
TSB calls on Meta to intervene and protect users from fraud losses of £250m this year
Payments regulator makes APP fraud reimbursement mandatory