.svg)
The consumer group Which? is calling on the UK's Payment Systems Regulator (PSR) to make banks do more to protect the victims of authorised push payment (APP) fraud and provide them with fair reimbursement.
A voluntary industry code, promulgated on May 28, 2019, has set standards for the prevention of APP scams. The government believes that victims who are customers of the code's signatories have benefited from more consistent treatment and reimbursement and that the code has induced the signatories to throw more money at preventative measures to stop scams from happening in the first place.
Which?, however, has stated: "Despite the introduction of a voluntary industry code in May 2019, most victims of scams are still being let down by their banks. Previous Which? investigations have found that banks are too quick to blame victims who ignore warnings and that they often fail to assess their vulnerability properly."
An authorised push payment scam happens when a fraudster tricks a customer into authorising a payment to an account that ostensibly belongs to a legitimate payee — but which, in fact, the fraudster controls.
An APP is made at the request of the customer and can be carried out over the phone, online, or in person. Consumers lost £208m to APP scams in the first half of 2019, just before the code emerged.
The following payment service providers (PSPs) were the first to sign up to the code: Barclays; HSBC (brands included First Direct and M&S Bank); Lloyds (brands included Halifax, Bank of Scotland and Intelligent Finance); Metro Bank; Nationwide; Royal Bank of Scotland (brands included Natwest and Ulster Bank); Santander (brands included Cahoot and Cater Allen); and Starling Bank.
Under the code, the signatory PSP compensates a victim of APP fraud as long as that victim has met certain standards. If both the victim and the victim's bank have met the required standards, the PSP compensates the customer for the lost money and the PSP then reclaims the sum from an "interim fund" to which the founding signatories all contribute. The government has not yet taken action to force all PSPs to contribute.
Which? has written: "Despite the worthy intentions of the code, losses to APP fraud remain high (£479m in 2020) while reimbursement rates are shockingly low. Banks found victims at least partly responsible for their losses in 77% of cases assessed in the first 14 months of the code. Two banks found the customer fully liable in more than nine in 10 decisions.
"Financial Ombudsman Service (FOS) data indicates that banks are getting most of these decisions wrong: 73% of complaints about APP fraud were upheld in favour of consumers in 2020-21."
Ed Adshead-Grant, general manager and director at Bottomline, told VIXIO: "The reimbursement code around APP fraud is broken. The Confirmation of Payee (CoP) is the obvious industry choice for stemming these fraudulent losses, but without the PSR either mandating its use by UK banks or being clearer on the liability positions, the market will continue to fail consumers and businesses.
“APP fraud has continued to grow despite the early efforts of reimbursement codes and account checking services like CoP. Regulatory intervention is key now to move the market forwards and protect the consumer and businesses by mandating the use of CoP for all UK Banks, Building Societies, Credit Unions and the like who have delayed implementation — in short, use it or lose it.”
CoP came into being last year on a voluntary basis as a new way of giving customers (both personal and business) greater assurance that they are sending payments (if they go through Faster Payments and CHAPS) to the intended recipients, helping them to avoid making accidental, misdirected payments to the wrong account holders and providing another layer of protection in the fight against fraud and scams. A payor under this scheme has to know someone’s name if they are going to pay them. For an individual, this is the first and last name; for a business, it is the actual name and not the trading name.
