On the 28th February 2018, the Payments Systems Regulator (PSR) announced that new protections for consumers would be in place from September 2018. A contingency reimbursement model (‘the model’) will be designed and implemented by a steering group to provide better protection to victims of authorised push payment (APP) fraud. The announcement follows the ‘super-complaint’ made in September 2016 by the consumer group – ‘Which?’, to prevent customers from APP scams.
The PSR ran an open consultation from November 2017 to January 2018. The consultation received 21 responses that included UK retail banks, UK finance and ’Which?’. The consultation provided the opportunity for stakeholders to provide feedback on the PSR’s plans.
The overall response noted that people needed better protection against APP scams and to reduce the harm. An APP scam is when customers are tricked to make a payment direct to a fraudster’s account typically via online banking. The customer may believe they are paying a legitimate bill or invoice. However, a fraudster has substituted incorrect bank account details for sending the payment. APP fraud is the second biggest fraud reported by UK Finance in terms of volume and value.
The PSR believe that the implementation of the new model should help protect consumers from APP scams. The model is a process that is designed to reimburse victims of APP fraud. A new set of codes will direct payment service providers (PSPs) on reimbursement. For example, deciding on whether the sending or receiving PSP will compensate the consumer.
Most of the respondents were supportive or conditionally supportive. However, some potential adverse impacts were highlighted:
- The new model could increase fraud by removing incentives for consumers to take care.
- Endangering the irrevocability of push payments or breaching payment mandates.
- Slower and fewer payments offered or an adverse impact on financial inclusion.
Some of the barriers highlighted were:
- An assessment is needed of the cost, benefits and impacts of the model.
- Some PSPs suggested that measures should be focused on preventing APP scams before the model is introduced. There was a suggestion that the model may divert attention away from other initiatives.
- Other PSPs suggested that the legal and regulatory issues such as information sharing, asset freezing, and recovery should be the primary priority.
The PSR found that an effective model would reduce harm to customers and would minimise the costs associated with APP scams. A well-designed model should mitigate the risk of slower payments, reduced services or push payments being compromised. The PSR considered the impacts and it is vital that the new model does not restrict commercial development of additional consumer protections.
The model will be formed by an industry code that will set out rules, which will include the requisite level of care of the consumer and the standard of care expected of PSPs.
Stakeholders agreed that the requisite level of care should consider the vulnerability of the customer such as age and disability. The standard of care expected by PSPs should be to act on existing industry measures such as know your customer, education, transaction data analytics solution, confirmation of payee and much more to prevent APP scams.
REGULATORY NEXT STEPS
The steering group will now work with the key stakeholders to design the model to formalise the agreed position and produce an interim industry code by September 2018. The steering group proposes to make the final amendments by early 2019. The group has appointed an independent chair by Ruth Evans, who chaired the PSR Strategy forum from 2015-2017. The consultation has provided the steering group with a set of core principles, which in brief cover:
- Incentives for those who can prevent APP scams.
- The consistency of outcomes – for example, two victims in similar circumstances should receive the same result.
- Leverage existing and future initiatives to prevent APP scams.
- PSPs to adopt an element of control to prevent and respond to APP scams.
- No contingency on the recovery of funds.
- No adverse impact on the PSP to make goodwill payments
- No adverse impact on the commercial development of further protections.
- The code should be able to become part of the considerations made by the Financial Ombudsman
Considerations for firms
APP scams is so widespread that it has subjected losses to many customers through multiple methods e.g. CEO fraud and other misdirected consumer payments. However, customers have had difficulties with reimbursement when they have authorised the payment. Retail banks have traditionally reimbursed customers of unauthorised fraud such as ‘card not present’ fraud.
There is a difficult balance for the industry to ensure that customers take sufficient care sending payments and reimbursing victims in certain circumstances. In the long-run, the PSR believe that if firms focus on the requisite level of care and they leverage their existing anti-fraud measures they believe it will reduce overall costs.
Although the interim industry codes will not be introduced for another six months, the PSR recommends that firms need to be proactive and act now to prevent APP scams. A firm that is customer focussed with an anti-fraud framework covering the customer journey will improve customer experience and reduce fraud risk.