UK lawmakers have taken to task the big tech company over its failure to rein in fraud, accusing it of failing to take the issue seriously and having no incentive to do so.
Last week, members of parliament (MPs) heard evidence from payment service providers (PSPs) and big tech firms this week as representatives from firms such as Revolut took Meta to task for being a “hotbed” for fraud.
Meta’s exchanges with the lawmakers throughout the hearing were tense, with Home Affairs Select Committee chair Diana Johnson saying mockingly “we know that a number of you were not very keen to appear before us” to Meta and other attendees, Microsoft and BT Group.
In her exchange with Meta’s Philip Milton, the MP said that the company is “not doing all you can” to prevent fraud happening on its social media site, Facebook.
“I disagree with that,” said Milton, the company’s public policy chief. “To give you an idea of the scale of what we are putting in place to tackle this kind of thing, since 2016 we have invested $20bn in safety and security.”
According to Milton, this investment “is not slowing down”, with $5bn of that sum in the last year.
“So, we invest significantly in trying to prevent this kind of thing from happening,” he pointed out.
However, this was met with scepticism from Johnson, who asked Milton how effective this investment has been and noting that Meta in particular has been mentioned by PSPs as a source of fraud.
“So, you may be putting all this money in but it doesn’t seem to be working,” the Labour MP said.
Meta has increasingly been attacked in recent years over authorised push payment (APP) scams.
Banks and other PSPs have taken the big tech firm to account, arguing that it is often the source of scams that ultimately mean the bank has to pay out to the consumer who has been wilfully taken advantage of by criminals.
This has led to lobby groups such as The Payments Association and UK Finance, and also Nordic and Baltic trade associations, calling for social media firms to be held more accountable.
In the EU at least, this looks set to happen should members of the European Parliament get their way with the Payment Services Regulation (PSR).
The lack of accountability was highlighted by Tim Loughton, a member of the committee, during the hearing.
“Okay, so you have no skin in the game,” the Conservative MP said. “Therefore, what is the incentive for you to do better and to work more closely with the banks, who do have skin in the game?”
Loughton noted that UK retail bank TSB has refunded 95 percent of people who have been scammed. “About four fifths of those scams happen on your company’s platform.”
Milton dismissed the idea that the company does not have skin in the game, despite not being in scope of fraud reimbursement rules.
“We are directly incentivised to ensure that the people who use our platform have a safe and enjoyable experience, because if they do not, they will not use our platform,” he said.
Milton added that the reputational damage that is done to Meta as a result of fraud is enormous. “That directly hits our bottom line.”
“That is why we invest significantly to prevent people from using our platforms in that way.”
Representatives from TSB Bank, Santander and e-money institution Revolut submitted evidence to a cross-party group of MPs on the Home Affairs Select Committee.
"We need to bring some of those other people in the ecosystem into the prevention sphere," said Chris Ainsley, fraud risk management chief at Santander.
"We need to be able to say that the platforms need to take action to reduce the number of scams that are posted, the number of adverts posting cryptocurrency scams, and the number of cars that are posted," he continued.
Paul Davis, financial crime prevention director at TSB, said that Meta's Facebook Marketplace "can be a good way for people to get rid of unwanted items and give them to someone who does want them".
"Unfortunately, it is also very attractive to criminals, and they have seemingly infiltrated that platform to quite a high extent, with an intent to defraud consumers," he commented.
In a response to Conservative MP Loughton about whether Meta is taking fraud risks seriously enough, Davis said that, for now, he was "encouraged" by the UK's Tech Charter, which has been signed by firms including Meta.
"The timescale in the charter for those provisions to be implemented is six months, and we are still in those six months," he said. "For me, it is a waiting game to see that these new provisions and these new commitments from the signatories to that charter will indeed make a difference."
Davis acknowledged that he had met with Meta. "We wrote to them, outlining our concerns. We were very pleased that they came to our offices to talk about those concerns. My view on that is similar, which is that they have talked about actions that they are taking, but I hope that they will now translate that into action, with less risk for UK consumers."
AI and deepfakes
The topic of AI, including its role in enabling APP fraud, also came up with MPs.
“We know that fraudsters are using AI voice-cloning software,” commented Kim Johnson, a Labour MP, as she asked representatives from Meta and Microsoft what their strategies were for keeping this off of their platforms.
“It is undoubtedly the case that AI is going to be a transformational technology for us as a society,” said Milton.
“It is something that we have invested in for years, to be able to detect this kind of thing, and actually we think that the advances in AI over time present an enormous opportunity for companies like ours to better detect this kind of thing.”
Milton was unable to provide examples of how AI is being used to prevent fraud. However, he did note that Meta has been able to halve the amount of hate speech on the platform in the last 12 months — down to 0.02 percent — through advances in AI.
“Fraud is a far more adversarial harm type than hate speech is, but that is just an illustration of the kind of opportunity that exists with using AI against this kind of thing,” he said.
Meanwhile, Woody Malouf, financial crime chief at Revolut, spoke up on the benefits of using AI to counteract criminal activity.
"We invest very heavily in machine learning to protect our customers," he said. "We have taken a machine-learning-first approach because we believe it is much more effective at detecting these things and it responds more quickly to emerging trends.
"It will also protect us against the AI that is attacking us."
Malouf argued that the best way to find a deepfake is with machine learning tools, rather than necessarily a human. "Because, it is designed to trick a human, so we have taken a machine learning AI-first approach, which has been enabled by the fact that we are a younger firm."
Is social media liability an inevitability?
Throughout the parliamentary hearing, it was clear that MPs from left and right were disbelieving that Meta is pulling its weight, despite what Milton had to say.
Lloyds, Barclays, TSB, Santander, Nationwide Building Society and Revolut have all called out the use of Meta platforms and social media in general for scams.
What will be interesting to see this year is whether the Labour Party, who are tipped to win the UK’s next election, commit to increasing accountability in this space.
The Conservatives too, as evidenced by Loughton, could wish to firm up commitments.
MPs are clearly hearing from their constituents that scams are rife, and therefore tougher rules for social media firms to take responsibility for APP fraud beginning on their platforms could be low-hanging fruit for political parties drafting the manifestos they want to take to the country.
Indeed, six in ten people want tech giants to reimburse fraud victims, a study by the Social Market Foundation in partnership with Nationwide Building Society found last year.
The UK’s Payment Systems Regulator has often been quick to remind us that it cannot take action against social media firms as they are not in its statutory remit.
However, Chris Hemsley, managing director at the regulator, has previously said that he wants to see greater transparency, particularly on how well social media firms are managing the risks caused by their platforms.
He is also thought to have recently told attendees at an event that he was sympathetic to the idea that social media firms should cover the cost of the fraud that occurs via their networks.
Fraud has become an increasingly political subject since the rise of online payments. Rules such as strong customer authentication (SCA) have undoubtedly been effective for unauthorised payments; however, SCA was introduced as digital payment methods became far more prominent, leading to scammers finding a better, and more profitable, source of income.
In the EU, social media firms being held accountable financially alongside the banking industry is likely to be a key negotiating point for the Payment Services Regulation (PSR).
If a regulatory behemoth like the EU did bring this into the PSR, and firms had to comply, then it could encourage the UK to follow suit in forcing the likes of Meta to reimburse consumers who fall victim to bad actors on their websites.