Banks call for all industries to be accountable for APP fraud

mobile phone with hooded person hovering over with credit card

Share this post

Santander is calling for more to be done to combat fraud because the PSR’s mandatory reimbursement plans for APP scam victims will be an unsustainable cost for banks and schemes.

What is this article about? How industry and government can do more to tackle fraud.

Why is it important? Payment companies’ could see costs rising as new regulation coming in mandates reimbursing fraud victims.

What’s next? The PSR plans to increase APP scam protections once the Financial Services and Markets Bill is passed by parliament in 2023, and by January 2024, banks and regulators will start to feel the pinch.

Chris Ainsley, head of fraud risk management at Santander UK, tells The Payments Association that leadership is needed to bring the payments industry, technology companies with social media platforms, and telecom firms together to tackle fraud.

Ainsley’s comments follow and other industries to work together to tackle the problem of fraud, and specifically authorised push payment (APP) scams.

The PSR will implement its plans to increase APP scam protections and adjust the CRM code within six months of gaining new powers through the Financial Services and Markets Bill, which is expected to be passed by Parliament in 2023.

The proposals will mean that reimbursements will become mandatory and quicker. However, The Payments Association understands from its members that payments firms this is not a good idea and would not resolve the underlying issues of fraud.

“In reality, the payment system is entirely disconnected from how the risk is being introduced, because our customer is in the middle and they are being attacked by criminals by digital means or via text messages or whatever else,” says Ainsley.

“They are being asked to do something in the payments system, and we almost have no sight of what is happening before it comes to us and no feedback process into that.”

In October, Santander suggested that banks and payment service providers should follow consistent rules to prevent fraud, including the mandatory confirmation of payee and extra scrutiny of unusual high-value payments. It also recommended the industry should update systems to introduce data-sharing standards developed by Pay.UK as part of the New Payments Architecture – an infrastructure designed to support digital payments.

Santander is not alone in its views that the problem of fraud and APP scams cannot be solved by the financial services sector alone. Many speakers at The Payments Association’s Financial Crime 360 conference shared the same view.

One bank’s head of fraud prevention stood firm in his belief that banks and financial institutions should not be tackling financial crime alone and that more needs to be done by other industries to focus on prevention.

“What we tend to forget as an industry is the criminal and the upstream platform where the scam originated. We forget the mobile networks and the telco tools used to facilitate the fraud before banks can try and intervene to stop it,” says the head of fraud at one high street bank.

“If you break down the anatomy of a scam or fraud, there are a lot of vulnerabilities that sit outside the financial services sector, such as the abuse of telephone lines, smishing, phishing and all the things used to hook a customer into providing security credentials or passwords.”

“We need to work closely with the technology sector that don’t have the same incentives to do something or liabilities that we do as banks. There is a big potential to share data and to shore up controls. This is what we’ll start to see play out over the next couple of years,” says the head of fraud.

Big tech companies cannot ignore their responsibilities

Regulators have made some progress in working with big technology companies to curb fraud. Notably, financial service advertisers on Google now need to be verified by the Financial Conduct Authority (FCA). The Online Safety Bill, which is moving through Parliament, is also viewed by many in the payments industry as a step in the right direction. Under the proposals, online platforms would have a duty of care to help protect consumers from fraud.

“There are steps in the right direction, but more needs to be done to see that true collaboration between industries, [including tech, social media, internet companies and telecoms],” says Jim Winters, director of economic crime at Nationwide.

“The reason why scams have become so common is because of the focus on banks solving the problem, but they can’t do it on their own.”

Data from the Financial Ombudsman Service suggests that banks are getting better at dealing with authorised fraud suffered by customers. The proportion of complaints upheld in favour of consumers fell to 52% in the second quarter, from 78% a year earlier. But there’s a still a steady flow of complaints.

“Unfortunately, the Financial Ombudsman Service continues to see a growing number of ‘authorised’ scam complaints,” a spokesperson for consumer organisation Which? says. “Impersonation scams, goods bought online but not received, and investment scams make up the majority of our `authorised’ scams caseload.”

There are also signs of growing political awareness of the issue. Notably, the House of Lords’ Fraud Act 2006 and Digital Fraud Committee, which called on government to set up a cabinet subcommittee to tackle fraud in November 2022. The committee of ‘failure to prevent fraud’ across all industry sectors.

The move coincides with the FCA consultation on the risks and benefits the growing presence of big tech firms’ such as Meta (owners of Facebook), Google and Amazon, in the UK financial services markets has on consumers, particularly in the retail sector.

While the discussion paper focuses on competition within retail, it also looks to address other ongoing work by the FCA on online safety, consumer protection and financial stability in the digital markets. The consultation closes on 15 January 2023.

The tech industry says it’s already taking steps to combat scams. Antony Walker, deputy chief of trade body Tech UK, says: “Tech companies intercept millions of fraudulent emails every day and implement technologies that help to identify and block potentially fraudulent activity.

“As online fraud threats continue to evolve, tech companies remain committed to working with government, law enforcement and the financial services sector in a cross-sectoral collaborative effort to tackle online fraud.”

Meanwhile, banks and other institutions have made significant investments to try to stop fraud by building in checks into systems and software that raise red flags. However, such measures won’t necessarily prevent a crime if a person is being emotionally blackmailed or believe they are paying the right person, says Peter Harmston, head of payments consulting at KPMG UK.

“There is only so much banks can do. We can’t have 50 layers of friction in our payments,” adds Harmston. “The ecosystem needs to work more closely to figure out how we can do this.”

Cost of living crisis could encourage fraudsters

In the short term, the economic downturn may deliver fresh opportunities for criminals. The Bank of England has warned that the UK is facing its longest recession since records began. In November, the Pensions Regulator, FCA and Money and Pensions Service warned that worries over the economy could spur some savers to take greater risks, potentially leaving them vulnerable to scammers.

“What we are concerned about in general is that, as the first big electricity and gas bills start to hit, some of those changes made to interest rates and mortgage repayments might encourage criminals to use that as their hooks,” says Santander’s Ainsley.

“The need for people to get bargains, to buy things second hand may increase. I’m concerned about that exacerbation because the crooks can play in that bigger market.”

Therefore, Santander is calling for an effective and streamlined “Government leadership” dedicated to tackling APP fraud and a greater collaboration between industry and law enforcement to respond to fraud allegations sufficiently.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Continue reading

This content is only available to subscribers - please see instructions below!

Continue reading

This content is only available to members - please see instructions below!

Become a member to continue reading

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?