.svg)
The UK’s Payment Systems Regulator (PSR) has suggested that its flagship reimbursement rules are working in tackling fraud, but industry representatives warn that money is still flowing towards criminals.
In October last year, the PSR’s mandatory reimbursement rules for authorised push payment (APP) fraud became an actionable compliance requirement for banks, payments and e-money firms operating in the UK.
These rules cover all types of APP fraud, including impersonation and romance scams, and apply to individuals, microenterprises and charities. They require payment service providers (PSPs) to compensate victims of such scams.
The framework aims to hold PSPs accountable for preventing and addressing APP fraud, with the intention of ensuring that most victims of APP fraud — which has become rampant in the UK and a significant policy issue in UK politics — are swiftly reimbursed.
The dust has hardly settled on the rules, and certainly not for the payments industry.
For example, commenting on the PSR being abolished by the UK government, Riccardo Tordera-Ricchi, director of policy and government relations at The Payments Association, said that the regulator “sealed its own fate by continuing to ignore the industry’s advice on APP fraud”.
“Although it could be commended for its last-minute U-turn to lower the threshold, a long series of mistakes has triggered a complete rethink on the point of its existence.”
Where things stand
However, during a panel at the Pay360 conference, organised by The Payments Association, the PSR did not just defend the policy, but claimed it as a win for the UK.
“It is a good news story,” said Mark Thynne, senior manager at the PSR.
Thynne explained that when analysing previous periods, by volume, frauds are down by 40 percent and reimbursement rates are up by 20 percent.
“There was at least a concern about reported fraud going up, and we haven’t seen it,” he said, adding the caveat that “it is early days”.
However, Rob Woods, director of international market planning at LexisNexis Risk Solutions, suggested that some issues may need to be addressed.
“Anecdotally, from our customers, we’re seeing a rise of first-party fraud,” he said. “It has been difficult for our customers to be able to differentiate between family members or people trying to scam the bank.”
Overall, Woods described the regulatory change as “an interesting evolution” considering fraud levels before and after, but warned that the ecosystem should not lose sight of the ultimate battle.
“Yes, customers are being reimbursed,” he acknowledged. “It is really good that the process is working …but one of the key things is that there will still be the best part of £100m going to fraudsters.
“Organised crime is still getting the proceeds of fraud. Yes, we’re dealing with consumer protection and banks are doing the right thing, but we still need to stop the fraud happening.”
Where is the focus now?
Commenting on how the Financial Conduct Authority’s (FCA) approach has changed since the rules were put in place, Chris McGrath, head of department for market interventions and payments at the regulator, said that it has been paying close attention to the PSR’s data since the rules were introduced.
He suggested that the FCA’s work has been focused on fraud controls and prudential impact: “Making sure that if fraud rates continue, firms have enough resources to stay afloat and there are only a small number of firms where we’ve had incidents there.”
McGrath commended firms for a “lot of good work”, including investments in external expertise and root cause analysis. He also suggested that firms are looking closely at agents, especially in incidences of high fraud.
He said that the FCA is pleased to see the drop in APP fraud noted by the PSR, adding that it is now focusing its efforts on areas where fraud could be pushed into.
“Now we have reimbursement for both authorised and unauthorised, we’re refocusing some supervisory work to look out for firms that are getting higher fraud rates on both APP and unauthorised fraud.”
The social media problem
Inevitably, the issue of accountability for social media platforms and telecoms firms came up.
Thynne did point out that these firms are out of scope for the PSR, but added that data provided by the regulator, such as its origin of fraud work published in December, shows that it does appreciate the issue.
Thynne’s boss, David Geale, had also thrown his support behind eventually making these platforms accountable during a recent appearance in parliament.
“If we were to create a new regime from tomorrow from scratch, we probably wouldn’t have a regime where the sole focus of reimbursement would be on the PSPs,” he said. “They are part of the value chain and they should have a role in reimbursing, but solely focusing attention on that isn’t going to lead to reductions in fraud.”
Rory Tanner , head of government relations for Revolut’s UK arm, suggested that if “we are being honest with ourselves”, then more focus should be on “the platforms where scammers are targeting the victims and putting them under the spell to make payments”.
He commended Australia and Singapore for expanding liability beyond just PSPs.
“It is a rational discussion to have in the UK, and whether long term, we should be looking at a different framework.”
Tanner cautioned that Revolut has seen a shift in typologies, including a shift away from traditional social media platforms such as Facebook and Instagram and towards encrypted messaging platforms such as Telegram and WhatsApp.
This includes job scams and purchase scams. “Not sure if it's a coincidence that both of those firms were not signatories of the Online Fraud Charter,” he said.
The charter is an initiative set up by the UK’s Home Office in 2023 consisting of a voluntary agreement between the government and the technology sector to reduce fraud on platforms and services.
“When we’ve seen action taken by tech platforms, things have seen an improvement. The next step should be making that mandatory, so that platforms are not left out of scope.”
Tanner said that the encrypted message platforms are the weaknesses in the system and that there needs to be a “united approach”.
“The fraudsters are smart, and will attack every vulnerability they can find.”
Tanner’s intervention comes at the same time as a joint letter from consumer group Which? and banking lobby group UK Finance, which are pushing for a tougher approach to social media platforms from the UK government and regulators.
“This presents a real opportunity to incentivise these sectors to contribute proactively to fraud prevention and we urge you to publicly outline what measures have been taken by these companies and what actions the Government will be taking to address any lack of progress,” the letter says.
“The best way to tackle fraud is to stop it happening in the first place, but the various voluntary initiatives have had no meaningful impact on the scale of fraud.”
