In the first six months of 2019, push payment scams cost victims some £208 million, but only a fifth were reimbursed as it was agreed that customers would only be compensated if they were found to be 'blameless' and the bank had not been sufficiently responsible. Fraud continues to rise, and scams are carried out with ever greater sophistication, which has led to MPs and consumer groups now wanting to see fairer treatments introduced.
Recently, it was announced that there would be an extension to the interim funding provided by large banks until March 2020, which was setup initially in March to reimburse 'blameless' victims of Authorised Push Payment (APP) scams. There is still, however no consensus when it comes to how this pot should be funded in the long term, with a number of challenger banks having not signed up to the voluntary Industry code for APP fraud. Monzo, for example, claimed it has considerably lower fraud rates and has invested substantially in technology to protect customers.
Who has signed up?
The purpose of the code is to require banks, building societies and other payment providers to make greater efforts in protecting customers from being scammed, ensure there are strong warnings about transfer risks and identify those customers which could be vulnerable. They should also act when fraud is suspected and freeze or delay payments.
The code signatories are currently Barclays, HSBC, Lloyds, Halifax, First Direct, M&S Bank, Bank of Scotland, Intelligent Finance, Metro Bank, Nationwide, Royal Bank of Scotland, NatWest, Ulster Bank, Santander, Cahoot, Cater Allen and Starling Bank. TSB, meanwhile, has gone beyond the requirements and launched its own fraud refund guarantee scheme.
Why can’t the banks agree?
While there is support for a central fund among some, others say this would be a disincentive for banks to invest individually in their counter-fraud systems. One idea was to place a 2.9p levy on ‘faster payments’ over £30. But, payments authority, Pay.UK which oversaw talks, said this was rejected because of a lack of agreement and there were also concerns that this cost could also be passed on to customers.
So, as things stand, a number of banks will continue to act independently when it comes to whether or not fraud victims are reimbursed.
MPs demand action
In November, the Treasury Select Committee produced a report which made a number of recommendations on push payment fraud. This included calling for retrospective compensation dating back to 2016, which was when consumer group Which? launched a legal challenge to regulators to deal with the crime. It is unknown yet if this will happen as such a move could cost banks millions of pounds or if banks would have sufficient evidence to deal with the cases.
The MPs also want the voluntary code to become mandatory and in addition, the report said that banks should implement a 24-hour delay on all first-time payment between accounts so that customers and banks have time to spot potential fraud. It also expressed support for a new Confirmation of Payee scheme, which means that banks need to alert customers if they transfer money to a new account number and the name does not match the account holder. This is scheduled to be introduced across the industry from March 2020 and the report suggested regulators should levy fines on those that fail to meet the deadline.
The report also calls for retailers and other firms which are impacted by data breaches that result in fraud to pay towards customers’ reimbursement costs, a recommendation that has support from banks since it would mean sharing the compensation burden.
Behind the scenes, there are noises that the banks will find a middle ground and that those who have not yet signed up, will agree to comply with the code. Even so, more clarity is needed, and the current situation is unacceptable, which even the banks appear to agree with. New legislation therefore appears likely. As the chief executive of trade association UK Finance, Stephen Jones, said:
“UK Finance shares the Treasury Committee and Which?' view that issues of liability and reimbursement should best be addressed by new laws rather than just a voluntary code alone and will continue to call for new legislation to make the code mandatory to ensure that victims are protected and reimbursed. We urge any future government to work together with the Payment Systems Regulator to make this happen.”
Find out how your organisation can easily assess the impact of new regulations as well as track and report on findings, breaches and issues within our Xactium Compliance management solution.