Skip to main content Skip to footer

Which? authorised push payment super-complaint: our response

Published 16 12 2016

This page contains our response to the super-complaint issued by the consumer group Which? and sets out our main findings and next steps.

We provide more detail below, but in summary we found that authorised push payments (APP) scams are a growing problem that needs to be addressed. We have proposed a package of work that we believe will lead to better protection and awareness of these scams and complements existing work by other parties.

We’ve produced a factsheet that summarises the key points of our response.

You can also read the original super-complaint from Which?, 'Consumer safeguards in the market for push payments’.

What is the super-complaint about?

Which? argues that victims of APP scams do not receive sufficient protection from fraudsters in comparison to other types of payments (such as card payments and direct debits).

APPs are made when consumers instruct a bank to make a payment from their account to another account. This can be done over the phone, via online banking, or in person. Most APPs are completed instantly.

Scams involving APPs occur when consumers are tricked into authorising a transfer of money to an account that they believe belongs to a legitimate payee.

What were we asked to investigate?

We were asked to consider the following:

  • The extent to which PSPs could change their behaviour to minimise the impact of APP scams.
  • Possible changes to legislation or regulation, to change the incentives on banks and payment system operators, and to ensure that more is done to manage the risks from these types of scams and to protect consumers from harm.

Our approach

To build a clearer picture of the concerns raised by Which? we set out to understand:

  • the scale of the problem
  • the current legal and regulatory protections afforded to victims of scams
  • how banks protect victims of scams and how they respond to their customers
  • any regulatory, governmental or industry proposals/changes in the pipeline aimed at reducing the impact of scams

To understand these issues we considered evidence gathered from:

  • a statutory information request sent to the six largest providers of payment accounts to the UK
  • a statutory information request sent to six operators of UK payment systems
  • meetings with 35 external stakeholders – including trade associations and consumer bodies
  • a survey of 2000 UK adults that we commissioned to investigate the scale of APP fraud
  • submissions sent to our dedicated super-complaints inbox and information provided by Which? from its online feedback tool 

What were our findings?

Our research identified three main issues that need to be addressed:

  • The way banks currently work together in responding to reports of APP scams needs to improve.
  • There is some evidence to suggest that some banks could do more to identify potentially fraudulent incoming payments and to prevent accounts falling under the influence of scammers.
  • The data available on the scale and types of APP scams is of poor quality.

To help address these concerns we have secured agreement from Financial Fraud Action UK to help bring about change:

  • Industry, liaising with the Information Commissioner’s Office as appropriate, to develop a common understanding of what information can be shared under the current law, and the key legal barriers to sharing further relevant information (for example, information that would help victims recover their money).
  • Industry to develop a common approach or best practice standards that sending and receiving PSPs should follow when responding to instances of reported APP scams. We would expect this to cover issues such as the availability of fraud specialists and processes for agreeing indemnity agreements between banks.
  • Industry to develop, collect and publish robust APP scam statistics, to address the lack of clear data on the scale and scope of the problem, and to enable monitoring of the issue over time.

We have concluded that there was not sufficient evidence to justify a change in liability, i.e. making banks liable for reimbursing victims of APP scams, and we are aware of the possible unintended consequences of doing so. However, we did note that, as work progresses and additional evidence comes to light, we will consider whether it is appropriate to propose changes to the obligations or incentives that banks have for these types of scams.