.svg)
Big tech platforms, especially those run by Meta, have been accused of providing a safe haven for fraudsters targeting UK consumers, according to a new report from the Payment Systems Regulator (PSR).
The PSR’s "Unmasking How Fraudsters Target UK Consumers In The Digital Age" reveals that scammers are continuing to exploit major platforms to target UK consumers.
In 2023, according to the report, fraud linked to social media, technology and telecoms platforms collectively led to £341m in losses.
In particular, Meta-owned platforms such as Facebook, Instagram and WhatsApp were flagged as vulnerable to fraudsters, featuring in 54 percent of scam cases last year.
In a response shared with Vixio, a spokesperson for Meta played down the social media giant’s role, stating that "scammers use every platform available to them to defraud people and constantly adapt to evade enforcement”.
“Any comprehensive response to organised scammers requires broader cross-industry action,” the spokesperson said.
“This is why we’re investing not only in improvements to detection technology, but also working with law enforcement and financial institutions globally to tackle scams.”
According to the PSR report, Meta platforms were involved in 119,338 incidents in 2023, with total losses amounting to £62.7m.
Meta accounts for approximately £1 in every £5 lost to authorised push payment (APP) scams, while romance scams were more commonly executed on Meta platforms than on all dating websites combined.
From 1,590 romance scam incidents reported on Meta platforms, total losses came in at £5.1m.
Meanwhile, purchase scams emerged as the most frequent type of APP fraud, accounting for 68 percent of all cases (152,192 incidents).
Facebook alone was used in 44 percent of purchase scams (67,337 incidents), resulting in losses of £19.5m.
In response to these findings, Meta has said that “having reliable and actionable data is essential to combat scams and we have raised questions with the PSR about the numbers used in this report”.
However, a spokesperson for the PSR defended the numbers to Vixio: “The data we have collected is reported by victims. When people become victims of fraud, they are more likely to report the incident to their bank than to the police.”
According to the spokesperson, “this has created a rich dataset from payment firms of which platforms and services are most commonly targeted by fraudsters to carry out APP scams”.
“We plan to publish this data annually and intend to consult in 2025 on how we can improve data collection in the future.”
Incentivising collaboration
In the report, the PSR says that a driver for publishing this data has been “improving the ecosystem’s understanding of the scale of the threat”.
“We want firms to know how much fraudsters target victims to carry out APP scams,” said the regulator. “This should empower them to do more to prevent APP scams happening and encourage cross-industry collaboration.”
Considering the findings of the report, the PSR has said that more coordinated work is necessary across different industries to tackle the issue.
This is already happening in part due to companies such as Meta, which launched the Fraud Intelligence Reciprocal Exchange (FIRE) program earlier this year — an initiative that allows banks to flag scam activity.
“Our report highlights how major platforms are being exploited by fraudsters to deceive victims, often with devastating effects,” said Kate Fitzgerald, the PSR’s head of policy.
Fitzgerald said that the regulator wants to “drive real change across industries”, tackling the “root causes of APP scams”.
“Preventing scams before they happen is the best way to protect consumers and reduce harm,” she said.
Big tech is not the only problem
The report also found that telecoms companies were linked to 12 percent of scam cases (26,975 incidents).
However, these companies were responsible for the highest financial losses, totalling £107.2m, or 31.5 percent of the overall value.
Similarly, email scams, although representing just 2 percent of cases, resulted in disproportionately high losses of £35m, highlighting their continued effectiveness.
Meanwhile, investment scams caused the most significant financial damage, despite accounting for only 6 percent of all scam cases (12,500 incidents).
These scams led to losses of £80.3m, representing 24 percent of the total.
The challenge ahead
Following the report, regulators and governments are likely to step up their efforts to force social media and telecoms platforms to do more to tackle scams.
Financial institutions have long had fraud obligations placed on them, in an effort to ensure stronger consumer protection and incentivise these firms to prevent fraudulent activity.
In 2019, for example, the EU implemented strong customer authentication (SCA) under the revised Payment Services Directive (PSD2) to enhance payment security.
Similarly, the UK’s PSR has introduced robust reimbursement guarantees for victims of APP fraud.
These new obligations require payment service providers to take greater responsibility for fraud prevention and compensation, addressing a significant portion of scams originating on platforms such as Meta, albeit without the platform having to pay a penny.
This has unsurprisingly irked many of the UK’s banks and payments firms, who have long called for greater accountability from big tech and telecoms companies.
Politicians too have expressed this frustration. Earlier this month, the Home Affairs Select Committee criticised Meta and others over their failure to prevent fraud on their platforms.
Meanwhile, MPs from across the political spectrum have said that the UK’s current statistics on fraud are “chilling” and have called for more cross-sector collaboration.
How this policy issue progresses is uncertain. In the EU, the European Parliament is pushing for big tech and telecoms platforms to be held financially accountable, as has already been the case for telecoms companies in Singapore via the Shared Responsibility Framework.
The UK Home Affairs Select Committee has suggested that a fraud levy should be placed on firms such as Meta, which could be used to compensate fraud victims.
Tighter obligations are also being placed on firms in the UK and Australia as well which do not necessarily demand reimbursement.
Australia’s Scams Prevention Framework, if enacted by parliament, will protect consumers by forcing designated businesses, including social media firms, to uphold mandatory minimum standards for scam prevention, detection, reporting, disruption and response.
In the UK, media regulator Ofcom has also recently published its first Code of Practice under the Online Safety Act, which sets out new compliance requirements for big tech companies.
Under the code, big tech companies are expected to establish a dedicated reporting channel connecting to organisations with fraud expertise, allowing them to flag known scams to platforms in real time so that action can be taken.
This shows that it may be a case of waiting for recently enacted legislation to come into effect before conversations about potential liability for social media and telcos follows.
