To boldly go - what would PSR's proposals on APP scams really mean for firms?
28 April 2021
As more and more of our transactions have moved online, Authorised Push Payment (APP) fraud (where individuals are tricked into paying money to fraudsters) has grown significantly. Fraudsters have adapted to our changing lifestyles and circumstances, exploiting the access they now have to us all online and honing in on our vulnerabilities. UK Finance’s latest overview Fraud: the Facts 2021, reports losses due to APP scams of £479m in 2020, with an increase in volume of 22% on the prior year.
But the most recent attempt by the Payments Systems Regulator (PSR) to address these crimes, is radical and leads to more questions than it answers: How do payments firms ensure the quality and availability of data to allow accurate fraud reporting? How can firms collaborate effectively across an ever-evolving ecosystem? What should be the relationship between financial institutions and their customers?
The Contingent Reimbursement Model (CRM) voluntary code that was introduced in May 2019 to address APP scams was a welcome intervention. But recent reviews conducted by the Lending Standards Board (LSB) into the effectiveness of its implementation have concluded that take up has been limited and application inconsistent. It is against this backdrop that the PSR has published CP21/3 Authorised push payment scams – call for views. It explores three approaches to tackling this issue: first, proposing measures for requiring firms to publish data on APP scams; second, adopting a standardised approach to sharing data; and finally, requiring almost blanket reimbursement.
On the face of it, obliging firms to publish APP scam data seems like a good idea and would certainly help concentrate minds on this issue. It could also become a valuable marketing tool, particularly given the focus on trust in financial services. But there are inevitably some drawbacks. If consumers would find this insight helpful, you can bet criminals would too, allowing them to shop around to maximise their own returns. The data being requested also needs to be carefully thought through. Data which only represents ‘reimbursement’ may wrongly penalise firms that are good at preventing fraud from occurring. But crucially, such an obligation supposes that this data is easy to come by, when the reality is that they are not. Also, with so many different firms of varying sizes, maturity and business models across the payments system, standardising data is a big ask.
But it is the proposals around the treatment of consumers that raise the most fundamental questions. Under the proposals, firms would have to reimburse consumers (to some extent) in every APP fraud case unless first-party fraud could be evidenced. This measure would certainly protect the most vulnerable in society and provide a direct commercial incentive for firms to invest in preventative measures, but it is at odds with the Financial Services and Markets Act 2000 (FSMA) which retains an element of responsibility for consumers. Would the PSR’s proposals result in consumers throwing caution to the wind, increasing the commercial burden upon firms? Could it lead to a change of approach by criminals who may purposefully ‘defraud’ themselves for double the win?
While they may represent a starting negotiating position, there is no doubt that these proposals are bold and incentivise the industry to engage on this growing issue. Where the balance between firm and consumer responsibility finally lands is anyone’s guess, but it is clear that heinous crimes require radical solutions.
For more information on our fraud solutions, please click here.