.svg)
UK payment system upgrades are needed so that fraud prevention can be built into their design, says a new report by Santander, outlining what needs to be done by the industry and regulators to tackle authorised push payment (APP) fraud.
Santander UK has drawn up a “radical plan of action” to help tackle APP fraud, proposing a series of recommendations for regulators, and the banking and payments industry.
Santander says the payment systems should be “updated” to introduce new data sharing standards that would amount to in-built fraud prevention measures.
“A new system should be designed that puts preventing consumer fraud at its heart,” Santander said in the report.
The bank calls for data to be shared between sending and receiving banks, including as part of the Faster Payments scheme, rather than wait until the New Payments Architecture (NPA) has been implemented.
“This would mirror the ‘Chip and Pin Moment’ that the card industry underwent in the early 2000s, where industry rules and practices were reformed to eliminate fraud.”
In a separate press statement, Santander called on Pay.UK to develop new overlay standards under the NPA to establish a fraud-proof payments infrastructure.
“There are significant changes on the horizon, including the NPA and new standards (ISO 20022) which open sizable opportunities for the industry to ensure fraud prevention mechanisms are embedded by design,” the report notes.
In its second recommendation, Santander said that all banks and payment service providers (PSPs) should commit to a unified and specific set of rules around fraud and reimbursement.
According to Santander, this will enable consistent monitoring, reporting and oversight at an industry level.
“We need clearer leadership within the payments landscape on fraud to achieve standardisation of fraud controls across all PSPs,” the bank said in its report.
“At present there is no consistent regulation or legislation that is applicable to all financial institutions in this space, and there is no single body centrally managing this at ‘payment system’ level.”
Level playing field for reimbursement needed
Once a unified industry rulebook is established, Santander said that non-adherence among PSPs should result in “absolute liability” for any loss to victims of APP fraud.
Last month, the Payment Systems Regulator (PSR) put forward proposals that would, above a certain threshold, make reimbursement of APP fraud victims mandatory among all PSPs.
The PSR proposed PSPs should have a minimum threshold for a reimbursement claim of no more than £100, withhold an "excess" of no more than £35 and set a time limit for claims of no less than 13 months.
Santander said it supports these proposals, but it also said that beyond reimbursement, defining a detailed operating model and code of conduct for PSPs is “clearly the logical next step”.
“Reimbursement alone is not a solution, and our approach as an industry must be one of further use of data-sharing, universal standards and technical innovation to design APP fraud out of the payment system,” said the bank.
Elsewhere in its proposals last month, the PSR said the widespread rollout of Confirmation of Payee (CoP) should continue, taking it from its current coverage of 90 percent of transactions to almost all payments made by Faster Payments and CHAPS.
Santander said it “agrees entirely” with the PSR that CoP needs to be extended to all market participants.
“Payments without a full CoP match are still allowed, and like the APP Contingent Reimbursement Model (CRM), not all PSPs are signed up to it, meaning fraudsters are able to exploit those who are not,” the bank noted.
“The information (whether a CoP is a match or not) is then not fed into the payment, it is just used by the customer.
Speaking to VIXIO, a spokesperson from the PSR said it continues to support industry efforts to crackdown on APP fraud and help ensure that reimbursement is available for victims.
“Financial firms have to act to prevent fraud, and these proposals will also provide strong incentives on banks to do more to detect and prevent APP fraud in the first place,” they said.
“As soon as current legislation is updated, we will implement our rules as quickly as possible.”
The spokesperson added that, this month, the PSR has also directed an additional 400 financial firms to implement CoP.
Santander for its part argues that banks and PSPs should adopt a more tailored approach to APP fraud prevention depending on the value of the payment.
Noting that “all transactions don’t necessarily need to be treated equally”, Santander said that industry should consider how it can introduce “helpful friction” to significant transactions, such as house deposits, without affecting low-risk daily payments.
“This includes a time delay, which could be used by banks to do additional CoP checks, consult the FCA register and contact the payer independently.”
Although the added speed of Faster Payments is welcome, Santander argued that consumers may accept that with higher-value payments, it would be favourable for these to be “slightly slowed down” to allow banks to perform additional fraud checks.
Social media crackdown
Santander also wants regulators to do more to prevent social media platforms from being used as launchpads by fraudsters.
Santander data shows that more than 70 percent of purchase scams originate on social media, with 54 percent coming from Facebook, 15 percent coming from Instagram and 4 percent from Snapchat.
“Tightening regulation around fraudulent advertising and content is vitally important, and it is crucial that the government brings forward the measures proposed in the Online Safety Bill to tackle user-generated and paid for advertising used by fraudsters,” said Santander.
“If scams continue to originate from vulnerabilities on these platforms, then there should also be a future discussion on bringing them into the reimbursement process.”
According to research from Santander, 63 percent of UK consumers believe that technology companies should play a role in reducing volumes of fraud and scams.
