UK Regulator is Fighting Against Authorised Push Payment (APP) scams

othiriondebriel's picture

On the 7th of November 2017, the UK PSR (Payment Systems Regulator) published a report and consultation paper “Authorised Push Payment scams PSR-led work to mitigate the impact of scams, including a consultation on a contingent reimbursement model*”. This paper is coming as a result of a complaint submitted in September 2016 from the consumer body “Which?” raising its concerns about the level of protection provided to consumers when they become victims of APP scams.

Push payments are those where payment service providers (PSPs), including banks, are instructed to transfer money from a customer’s account to another account. It is an ‘authorised’ push payment when the customer gives their consent for a transaction to be processed. Unfortunately, this can include situations where the customer has been tricked by fraudsters to give such consent. Payments related to APP scams can be made over the phone, via online banking, or in person. According to the “Financial Fraud Action UK, 2017 Half year fraud update”, APP scams are the second biggest type of payment fraud in the UK, after card fraud**.

Therefore, the PSR is undertaking some steps to strengthen the prevention level and increase user’s protection (check the full factsheet here):

  • Providing users with education and awareness
  • Publishing guidelines for identity verification, authentication and risk assessment (planned for 2018)
  • Publishing also rules and requirements to provide confirmation from the payee (planned for 2018) to the user
  • Developing Industry collaborative standards and rules for a trusted ‘know you customer’ (KYC) data sharing (planned for 2020)

In addition, it also proposes some responses in case of APP scam:

  • Participating in the elaboration of Best practice standards for responding to APP scam claims with the UK Finance
  • Defining the information to be shared in response to APP scams
  • Collaborating with the UK Finance in defining Financial crime data and information sharing
  • Setting up transaction data analytics system to spot mule accounts and fraudulent transactions

But, maybe the most important move from the PSR is to launch a consultation on the idea to have a contingent reimbursement in case of APP scams. This would, to a certain extent, shift the liability of the APP scams from the consumers to the banks ensuring that banks treat the problem with due diligence while putting consumers’ security in the center.

The direct consequence will be that banks and PSPs will have to reinforce their identification and authentication mechanisms and transaction data analytics systems in order to reduce the number of mule accounts and fraudulent account takeovers. In this context, HID Global offers a suite of strong authentication solutions empowering financial institutions to deliver multi-factor authentication and threat and fraud detection capabilities along with adaptive security and intuitive user experience.

 

 

Also, the initiative of the collaborative KYC data sharing goes perfectly in the direction of banks as a trusted digital identity provider, a concept envisioned by HID Global in the coming years. You can gain further insight on this topic by downloading the white paper developed in association with Finextra “The Role of Digital Identity in the Future of Banking”.

 

 

*“Authorised push payment scams”  https://www.psr.org.uk/sites/default/files/media/PDF/PSR-APP-Scams-report-consultation_1.pdf

** Financial Fraud Action UK, 2017 Half year fraud update https://www.ukfinance.org.uk/wp-content/uploads/2017/09/2017-half-year-f...