The Payment Systems Regulator (PSR), the economic regulator for the £75 trillion UK payment systems industry, has today published a report on its work to protect consumers from authorised push payment (APP) scams – where people are tricked into sending money to a fraudster. The report shows that good progress is being made across a wide range of initiatives and areas.
The report explains the work the PSR has led, working with the Financial Conduct Authority (FCA) and industry over the past year to reduce the harm from these scams. It highlights the range of industry measures it has overseen – some in place now, others to follow – which will deliver benefits to consumers. The PSR is also today launching a consultation on a ‘contingent reimbursement model’ it believes should be introduced to compensate victims in certain circumstances. All this work should, together, lead to better protection from scams and better support for victims.
Improved protections and a better understanding of the problem
The PSR found in its initial review in 2016 that there was insufficient information about the scale of the problem. Following the regulator’s requirement for further information to be collected, the industry has, for the first time, started to record and understand the scale of APP scams.
APP scams are a crime which can have a devastating effect on its victims. The new robust statistics published by UK Finance show that in the first six months of 2017 alone over 19,000 victims were a target of APP scams involving a total amount of over £100 million. With better statistics and understanding of how these scams work, banks and other payment organisations can - and will – continue to be able to help consumers know what to look out for.
Led by UK Finance, the industry has committed to implementing new best practice standards that banks will follow when a victim reports an APP scam. These should improve victims’ experience and banks’ response times after a report of APP scam.
Additional initiatives are also being developed to provide a more comprehensive suite of new protections, including:
- Guidelines for identity verification, authentication and risk assessment (due in 2018) – to make it harder for fraudsters to open accounts that they use for scams.
- Confirmation of Payee (starting in 2018) – allowing customers to verify that they are paying the person they intend.
- Transaction data analytics (starting in 2018) – will enable banks and other payment organisations to shut down mule accounts (accounts taken over by criminals for fraudulent activity) and spot potential fraudulent payments.
- Know Your Customer (KYC) data sharing for banks (due in 2020) – will provide increased opportunities to detect fraudsters and genuine customers, and stop fraudsters opening accounts they use for scams.
- Improved data sharing – providing a better understanding to help banks work together to respond to scams faster and more effectively.
Taken together, the PSR believes these measures will help to prevent scams in the first instance, allow banks and other payment organisations to respond faster when they happen, and help in recovering the victims’ money.
The PSR has worked closely with the FCA on this issue. The FCA has reviewed the way banks handle APP scams. It found banks’ procedures were inconsistent, their existing fraud detection systems could not easily detect APP scams, and they didn’t collect enough data. The FCA considers the industry initiatives underway will help to tackle these issues.
Consulting on a way to reimburse APP scam victims
The PSR is today setting out and seeking feedback on how best to introduce a contingent reimbursement model by September 2018.
This proposed contingent reimbursement model sets out the circumstances when victims of APP scams would get their money back, and which bank or payment organisations should pay. Reimbursement would depend on whether the banks and payment organisations had met required standards – such as measures and processes that help prevent and respond to scams – and whether the victim had also taken an appropriate level of care in protecting themselves. The compensation model is designed to help reinforce compliance with the new best practice standards.
Commenting on the progress of work, Hannah Nixon, Managing Director of the PSR, said:
In December 2016, I called for a concerted and coordinated response – and we have seen that. I’m pleased that good progress is being made. There are now a broad range of initiatives that will make it harder for criminals to commit APP scams. Cumulatively all of these new measures will make a positive difference to those who fall victim to APP scams, will help to prevent APP scams from happening in the first place, and help ensure banks adhere to the best practice standards they’ve agreed to.
“However, there is no silver bullet for APP scams, and some people will still, unfortunately, lose out. That’s why we’ve continued to look for a solution that could reimburse those who are scammed, and today we begin consulting on an option that we think could work.
“To be successful, the model must be pragmatic: consumers will need to be vigilant and protect themselves, but equally we expect banks and payment service providers to uphold best practice – and when they don’t there should be reimbursement.”
The full report and the proposed next steps outlined by the PSR can be found here. A quick infographic guide to the forthcoming initiatives aimed at preventing scams is available to download, along with a factsheet.
Notes to Editors
- to promote effective competition in the markets for payment systems and for services provided by those systems, including between operators, payment service providers and infrastructure providers, in the interest of service-users
- to promote the development of innovation in payment systems, in particular the infrastructure used to operate payment systems, in the interest of service-users
- to ensure that payment systems are operated and developed in a way that considers and promotes the interests of service-users