Unmasking how fraudsters target UK consumers in the digital age

 In News & Fraud
0

The new reimbursement rules for authorised push payment (“APP”) introduced on the 7 October 2024 was a step change in the way that Payment Services Providers (“PSPs“) were required to respond to the ongoing APP threat faced by their customers.

Pursuant to the new reimbursement rules, in-scope banks and other PSPs are required to reimburse eligible customers who fall victim to APP fraud via FPS and CHAPS, subject to certain exclusions.

Several months after the launch of the reimbursement rules, UK Finance has been taking stock of the changes and considering how PSPs are coping with the new requirements, as well as early reactions and trends. We summarise some of the key takeaways:

Impact/trends post 7 October 2024

  • There was a burst of activity prior to 7 October 2024 as PSPs ensured preparedness for the introduction of the new reimbursement rules.
  • There are some emerging trends:
    • High volume, low value is where the industry is seeing most activity post-7 October 2024 (e.g. low value purchase frauds).
    • There are also early indications that more sophisticated, fear-based scams, such as impersonation scams, are dropping.
    • Unregulated investment cases are surfacing. These types of claims can be difficult to manage as its often hard to distinguish scams from poor investment decisions. However, the fact that these types of cases are being reported to PSPs is somewhat positive, as it shows that the messaging is getting through to consumers — though it also means more cases for PSPs to manage overall.
  • Some PSPs struggle to hold fraudsters accountable where the PSP is required to take the lead in terms of reimbursement within fairly tight timeframes.
  • There has been a period of reduction of scams generally, reflecting the sharpened focus for PSPs – the industry as whole is embracing new technology and pushing innovation to tackle fraud more generally.
  • The introduction of the new rules have had a greater impact on smaller PSPs (e.g. increasing their customer duty of care). It currently remains unclear whether the new rules have had a material impact as some larger PSPs were already adopting a ‘customer first’ attitude, and taking steps to reimburse customers who had fallen victim to APP scams anyway (i.e. prior to the introduction of the new reimbursement rules).
  • There is a shift, as scams are increasing in other countries – fraudsters are exploring new options and adapting by expanding their geographical reach. As fraudsters adapt and become more sophisticated, there is a risk that new scams emerge (and a risk that more complex scam types, such as those involving deepfakes, increase).
  • Whilst conceptually the risk still exists, the industry is not (at least yet) seeing the false APP fraud claims that were feared.
  • Consumer Standard of Caution: Few claims have been rejected under this standard, with few cases apparent where UK Finance is aware that a claim has been rejected for this reason, and in all of those cases the customer has admitted to their PSP that they were aware of the risk with payment but chose to disregard PSP warnings and proceed with the transfer.

Money mules

  • There is a general view that the voluntary predecessor CRM code did not put enough pressure on receiving PSPs to improve their fraud measures when compared with the 50:50 reimbursement model adopted under the new reimbursement rules.
  • Over the last year, there has been increased interest in the UK Finance Money Mules Working Group. The issue of money mules has historically been lower down the priority list of PSPs but over the last 18 months UK Finance is seeing an increase in dedicated teams to focus on money mules.
  • Inbound payments now come with more risk because of the 50:50 liability split between receiving and sending PSPs. Whilst money mules have not previously been considered the biggest problem in the fraud control framework, tackling this issue is becoming more important – because without the mule, there is no fraud. There is therefore a greater incentive to harness data and network effect.
  • Mule transactions used to be easy to spot, but that is no longer necessarily the case – more sophisticated tools are now needed to identify them.
  • There is recognition that not all money mules are criminals, and a balance must be struck with PSPs’ consumer duty obligations. In this regard more needs to be done across the industry in terms of treatment strategy and consequence management for money mules. It can be difficult for PSPs to identify what type of mule they are dealing with and then how to respond appropriately.
  • Consumers can lose their identities (and credit status) to these frauds, so it is expected to be of increasing focus: how PSPs can provide aftercare to support them.

Payment delay legislation

  • There are no signs that delays are being adopted as a uniform approach, but the ability to delay has the potential to be a seatbelt control. The FPS facilitates instantaneous payments (which is not a standard across Europe) and makes it very difficult for institutions to instigate payment delays. If payment delays are implemented, it is expected that they will only be used minimally.
  • One PSP is currently carrying out a pilot having decided on a risk threshold (and then applying a delay if the risk exceeds that threshold). The outcome of that pilot will be shared with the industry in due course.
  • A delay is only part of the solution. PSPs will need the right people and resources to use that time effectively to assess the risks around the payment before implementing appropriate controls or interventions.

Data sharing

  • Data sharing is seen as almost as important as the tools individual PSPs use – as fraudsters have a network and it requires collaboration between industry players to match it.
  • Whilst Confirmation of Payee was a data sharing protocol, this was a long time coming and has had limited impact in reducing overall payment fraud.

Whilst most PSPs will have navigated the early implementation the APP reimbursement rules, the ongoing operational response remains with further policy changes on the horizon.

We observe that the UK Government’s encouragement of collaborative initiatives (see here) – whether with the banking sector, social media platforms or telecoms industry offer significant opportunities to improve the UK’s response to fraud. Navigating the financial crime regime, data protection regulation, and business resource is not straightforward, but the reward for both organisations and society are clear.

The UK’s network of Fraud Forums provide excellent opportunities for practitioners, business and the public/tertiary sector to come together to share intelligence and the latest policy developments.

We are hosting the South West Fraud Forum’s Annual Conference, a must-attend event for organisations, practitioners and anyone interested in fraud prevention and response. From the latest trends in insider fraud, policy developments and best practice in risk management, the Fraud Forums aim to provide this support to its members.

Recent Posts

Leave a Comment

Keeping on top of evolving fraud threats and policy developmentsNews & Fraud
Companies House reform: The impact on fraudNews & Fraud

Privacy settings

Decide which cookies you want to allow. You can change these settings at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function. Learn more about the cookies we use.

With the slider, you can enable or disable different types of cookies:

  • Block all
  • Essentials
  • Functionality
  • Analytics
  • Advertising

This website will:

This website won't:

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms, newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies.
  • Advertising: Gather personally identifiable information such as name and location
  • Remember your login details
  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms, newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies.
  • Advertising: Gather personally identifiable information such as name and location
Save & Close