Chris Hemsley speech for Counter Fraud Conference on mitigating public sector fraud – 23 February 2022

25/02/2022

Chris Hemsley Speech APP scams

This is the text of the speech as drafted and may differ from the delivered version. This speech was delivered by our Managing Director, Chris Hemsley, at the Counter Fraud Conference 2022, providing thoughts on APP scams.

Good afternoon. I’m Chris Hemsley, Managing Director of the Payment Systems Regulator (PSR). We are the independent economic regulator of the systems that sit behind most of the ways that people and businesses make and receive payments – be it by cash, card or bank transfer.

And today, I’d like to talk to you about whether prevention is better than cure.

If my research serves me right, Erasmus was the first philosopher to pen the phrase.

Today, this principle is most attributed to health care, but it is also a phrase that gets used in the context of fraud and, in particular the subject I would like to discuss with you now – Authorised Push Payment scams, also known as APP scams.

All of us here will be able to talk about a scam example, whether it’s a personal experience or through someone you know. It’s a significant and growing problem.

Every year thousands of people are tricked into sending money to fraudsters in APP scams. These types of scams rely on deception and psychological manipulation so that the victim sends the money to the fraudster.

In payments speak: the transaction is authorised.

These scams can cause significant harm to victims, with many losing life-changing amounts of money. The number and cost of these scams is increasing, along with fraudster’s sophistication and persistence.

And even if these victims are reimbursed – there is still harm. The victims feel shame, embarrassment, and the worry over whether they will get their money back. And, when they do, it comes at a cost to banks, which ultimately has to be paid for.

For all of these reasons, APP scams are a very significant problem. And they are a problem that is getting bigger. Industry published[1] data shows that in the first half of 2021, APP fraud increased by 71% to around £355m – that’s larger than card fraud.

And in the same period in 2021, it affected over 100,000 people.

At times the debate around APP scams is framed around a question of who is to blame?

This is an easy question to ask and answer – It’s the criminals.

But a more useful question is how do we prevent these harms from happening?
 
Here, Erasmus was right in terms of prevention being better than the cure. We should strive towards preventing APP scams from happening in the first place. Something that – as I will go on to talk about – will take some time to achieve.

But we also need to improve the cure. And make sure it works properly – looking after blameless victims by reimbursing them, when they have done nothing wrong.

This is important for a number of reasons.

First, it cannot be right that victims lose life-changing amounts of money, due to the vulnerabilities that exist in our payment systems. Any of us could fall victim to APP scams. So, we would all – surely – support the idea that we look after victims of fraud. Even if this increases costs.

And second, leaving victims to face these costs is less likely to help prevent fraud. Whereas appropriate reimbursement of victims places the incentive on firms to do more.

We do also need to be realistic. Individuals need to take responsibility and be careful when transferring money.

It will also take time to get on top of APP fraud. And it will – in common with many such crimes – require constant attention.

One reason for this is that fraudsters are very clever and change tactics quickly. This means an effective solution needs to be able to evolve over time and be replaced, if necessary.

Which is why we need to get the incentives right. So that those best-placed to act have a financial incentive to do so.

And that isn’t where we are today. The incentives to prevent the scams from happening are not properly aligned:

  • Not all firms will reimburse victims.
  • Firms that make it too easy for criminals to recruit victims, such as social media firms, do not yet pick up any part of the bill.
  • And firms that fail to act when their accounts are being used by criminals to receive and move funds, do not yet face the costs that this puts into the system.

So, how do we make sensible improvements in the near term, and also move towards a better, coherent approach to preventing this fraud over the longer-term?

Here, I would like to talk about what the PSR has achieved so far. Our immediate next steps. And then say a few words about what a longer-term, coherent solution might look like.

At present, one significant feature of the PSR’s action is that we have had to consider what we can achieve within the current legislative framework – because there are limits. We are prevented from using our powers of direction by legal constraints in UK law – constraints originating from EU payments regulations.

It’s why we have welcomed the Economic Secretary to the Treasury’s confirmation that the legislative barriers to prevent us from taking more direct action will be removed.

The PSR’s recent actions on fraud

This current legislative barrier explains a large part about how we have gone about tackling APP fraud to date.

Our work has been focused on how best to address major harms, as quickly as possible.

The first e