As UK Finance reveals £580 million was stolen by criminals through unauthorised and authorised fraud in the first half of 2023, we look at the growing issue of APP fraud, and what can be done to tackle it.
APP scams happen when someone is tricked into sending money to a fraudster posing as a genuine payee. This type of fraud takes two main forms:
- Redirection: A family member or merchant is impersonated in digital communications, such as SMS, email or Whatsapp, leading to a request for payment to a fraudster's account. The payment is then securely made to the fraudulent account.
- Malicious Merchant: A merchant advertises a product, service or investment that is not delivered. The customer then pays using a manual bank transfer and has no means of dispute.
Banks find it extremely difficult to identify and prevent APP fraud, because in these cases the customer has completed the required security steps, which could include face ID, fingerprint.
Furthermore, around 80% of APP fraud originates from social media sites, adding another layer of complication. The growth in online shopping has been accompanied by a surge in criminals tricking people into paying for goods and services that do not exist.
In an interview at the recent Payment Leaders Summit, Managing Director at Payment Systems Regulator (PSR), acknowledged for the first time that greater regulation of social media sites is required.
Asked if a better way to structure push payment fraud reimbursement would be 10% consumer, 20% social media networks, 35% each for the banks, he agreed that a longer-term solution would be to include social media and telcos in the arrangements, and said the PSR would be publishing a list of the payment firms that have the greatest level of push payment fraud. He added that he would also like to see the same for telcos and social media companies.
Indeed, the PSR has been pushing forward wide-ranging plans to tackle APP fraud, including a new reimbursement requirement becoming mandatory in 2024. The new measures will also see both sending and receiving firms being held equally liable for reimbursing victims of APP fraud in nearly all cases.
Whilst this will have the added benefit of a mandatory financial consequence for banks, beyond the existing contingent reimbursement model, which will force them to put additional pressure on fraudsters and reduce their costs, focussing on who should pay is not as important as creating enough incentivisation that somebody must get the ball rolling to mitigate the fraud in the first place.
Strategies to prevent fraud and misdirected payments
Confirmation of Payee (CoP) has undoubtedly shown promising results for misdirected payments. CoP lets them check if the money’s going to the right account. Before they transfer any funds, they can verify that the name on the recipient account is the same person or business they intend to send the money to, so funds end up in the right place. If the name on the account doesn’t match, CoP highlights the risks. But it requires a layered approach to be effective.
Education is critical, and it should be widely available. We would like to see more banks, building societies and financial institutions use this service to protect their customers.
Introducing additional data points into the confirmation of payee process will also allow a quicker and more accurate identification of the payee and can help reduce misdirected payments beyond just a simple name check.
The role of open banking
Increasingly, open banking payments are being used to enable businesses to accept instant, account-to-account transfers, and have a number of features which mitigate the risks CoP seeks to address.
When customers choose to pay a business using open banking, the customer doesn't need to enter any payee details. This removes human error and the risk of customers being tricked into sending the money to a fraudster. The open banking provider controls where the money goes. Furthermore, when an open banking provider enables payments for a business, they enter into a commercial contract with that business, undertaking due diligence on them. This reduces the likelihood that bad actor merchants would use open banking to commit fraud or scams.
Currently, 5-10% of the EU population is using open banking and the UK is a front runner, boasting 7m users, but open banking is not without risk. Open banking adds more points of failure where customer data can be stolen. The more data is shared between third-party companies and financial institutions, the more risk there is that the data could fall into the wrong hands. Introducing more fraud controls could add more friction, this will also potentially either slow down the process (delay settlement by an additional delay) or worse still reduce the acceptance rates, forcing consumers back to using other familiar payment method.
But overall, open banking presents significant opportunities in the fight against APP fraud. By proactively addressing the risks and implementing robust mitigation strategies, the benefits of open banking can be realised while safeguarding users and their financial data.
About PXP Financial
PXP Financial offers a comprehensive end-to-end payment platform, providing a single, unified payments solution that caters to online, mobile and point of sale transactions. Backed by in-house acquiring capabilities, a diverse array of 120+ alternative payment methods and a suite of financial services, PXP Financial processes over EUR 22.7 billion annually through its unified gateway.
To find out more about the PXP Financial family of companies please visit: pxpfinancial.com