On Friday 28th September 2018, the Authorised Push Payment (APP) Scams Steering Group – set up by the Payment Systems Regulator (PRS) and made up of an equal number of payment service provider (PSP) representatives and consumer group representatives – published a draft voluntary code. It is designed to deliver better protection for consumers against authorised push payment scams.
APP fraud occurs when people are tricked into sending money to a fraudster, under the illusion that the money is being paid into a genuine receiver’s account for a valid reason (for example: paying rent or purchasing an item). In the first half of 2018, consumers lost £92.9 million across 31,510 cases to APP scams.
In September 2016, the consumer body ‘Which?’ raised a ‘super complaint’ to the PSR about APP scams. The PSR found that more work needed to be done to protect consumers. This included a consultation on a potential Contingent Reimbursement Model (CRM), setting out the circumstances in which PSPs are responsible for reimbursing victims.
Since then. The APP Scams Steering Group formed, with the aim of producing a draft code by the end of September 2018. The code is intended to be finalised in early 2019 and aims to reduce APP fraud and the damages that occur from it.
The steering group has agreed that customers who have met the necessary level of care should be reimbursed. However, when no firm involved in the payment journey has breached their own level of care, the question remains as to who should meet the costs of reimbursement. The group has additional considerations regarding the following scenarios:
• What happens when both firms and customers have not reached the required levels of care.
• Evidential approach to underpin the code.
• A mechanism for inter-firm allocation of reimbursement cost and dispute resolution between firms.
• Governance of the code once it is finalised.
The core principles for the code outlined by the steering group cover seven key areas:
1. Incentives – the code must be designed to effectively influence APP scam prevention and response at different stages of the payments journey.
2. The consistency of outcomes – the code must be consistent for all parties in the same circumstances.
3. Leveraging existing and future initiatives – the PSR has a range of efforts aimed at assisting APP scam prevention and response. This includes Best Practice Standards, Confirmation of Payee and transaction data analytics.
4. Control – PSPs that have an element of control over payment must adhere to the code.
5. No contingency on the recovery of funds – the code must not be contingent on the recovery of funds in specific cases.
6. No adverse impact on PSP ability to make ‘goodwill’ payments – the code must not displace or constrain goodwill payments.
7. Relevant considerations for FOS – the code must be developed in a way that the FOS can consider the outcomes of a consumer complaint about APP scams.
Expectations and standards for firms
Firms should adopt good practice to help prevent and respond to APP scams. Firms will generally be expected to participate in customer education and awareness campaigns. There is also an expectation to collect statistics to help firms, trade bodies and consumer organisations in understanding trends and improving initiatives. Finally, there is an expectation that firms will be enhancing the aftercare of customers and helping reduce the number repeat victims.
The standards for firms cover three areas – detection, prevention and response. However, there will be different ‘roles’ depending on the firm’s position (for example: the ‘sending’ firm and the ‘receiving’ firm).
1. Detection – The code encourages firms to protect customers and improve systems to detect APP scams. This will be achieved through enhanced transaction analysis.
2. Prevention – Firms should help customers avoid becoming a victim of APP fraud by providing confirmation of payees and effective warnings to customers during payment journeys.
3. Response – The steering group wants to build and adopt on existing initiatives to create a level playing field, to be more consistent and improve practices. Firms are encouraged to delay payments and freeze funds when there is a concern of APP fraud.
The steering group is inviting feedback by Thursday 15th November 2018 (before 5pm).
Considerations for firms
The code presents a considerable challenge for firms, requiring them to prevent APP fraud – a requirement that could result in significant reimbursement costs. However, firms should leverage their existing processes in control areas that identify unusual activity, such as anti-money laundering transaction monitoring and fraud monitoring systems and controls.
Ultimately, understanding and knowing your customer will highlight areas of concern throughout the payment journey and help identify unusual activity that could be the sign of an occurring APP scam. Firms that act now can ensure that their customers are protected, highlighting a culture of security and care for their customers.