Share this post
Banks and criminals are locked in competition for customers and transaction revenue, using advanced technologies as weapons of choice. Technologies that deliver speed and convenience in modern banking, if unprotected, can be weaponised against unassuming consumers, who are falling prey in record numbers to account-to-account payment fraud. These threats will continue to scale, according to a recent study, in which 62% of financial institutions surveyed saw an increase in authorized push payment (APP) fraud.
“While the speed of these payments helps to improve convenience, transparency, and confidence in payments, it also increases the chances for fraud, and in particular authorised push payment (APP) fraud, when a fraudster tricks their victim into transferring funds into their account by pretending to be a legitimate payee,” Outseer researchers wrote, observing that APP fraud is growing faster than card fraud in numerous markets.
Private sector impacts
In June 2023, the UK’s Payment Systems Regulator (PSR) published a proposal requiring payment firms to reimburse APP scam victims who lose money over the country’s Faster Payment System (FPS) rails, operated by Pay.UK. If approved, the new guidelines would become effective 7 October 2024. In addition, the PSR introduced similar guidelines for transactions on CHAPS, the UK’s real-time sterling payment system, operated by the Bank of England, requiring “banks and other payment firms participating in CHAPS to reimburse their customers who have been victims of authorised push payment (APP) scams.”
With plans to finalise FPS rule changes by September 2024, the PSR remains open to public commentary and received a private briefing on 10 June 2024 from The Payments Association, an industry trade association representing the UK’s broadly diversified payments community. Recommendations included delaying the implementation of the new rules by at least 12 months to allow for preparation, testing, and development.
Tony Craddock, director general of the Payments Association, urged the PSR to allow more time for the rule changes. “This move by the PSR represents a prime opportunity to re-set the relationship between the payments industry and one of its most important regulators. We believe that to mitigate systemic risk and prevent damage to the payments industry from some of the PSR’s current plans, significant changes are needed.”
Riccardo Tordera, Head of Policy and Government Relations at The Payments Association, concurred, stating that hastily implementing these rule changes would increase risk and reduce competition and that Pay.UK needs more time to build and test its dispute resolution mechanisms and Confirmation-of-Payee capabilities.
Public sector impacts
Craddock and Tordera commended the UK Home Affairs Committee for exploring other avenues for reimbursing fraud victims, such as establishing a fraud levy on social media companies. These suggestions were detailed in a 23 May 2024 letter by Dame Diana Johnson, MP, to Home Secretary James Cleverly MP in response to its September 2023 fraud inquiry.
Johnson advised the government to take a more holistic approach to combatting fraud by clarifying the roles and responsibilities of government entities and coordinating policymaking and enforcement resources. Such clear governance and oversight would foster a whole-system approach to managing multiple layers and iterations of fraud, she stated.
“The harm from fraud is not just limited to the direct harm impacting victims,” Johnson wrote. “Fraudsters range from individuals to serious and organised crime groups. During our inquiry, we were particularly alarmed to hear that the proceeds from fraud can fund serious and organised crime and, in some cases, terrorism.”
Personal impacts
Johnson noted that fraud takes a personal toll on those affected, who do not always know where to turn for assistance. A robust reporting system would make it easier for people to report crimes and track individual cases, she said, and proactive measures would help prevent financial crimes, particularly in the banking sector. For example, the Financial Conduct Authority (FCA) could monitor financial institutions’ KYC practices to prevent fraudsters from opening bank accounts or manipulating legitimate account holders into transmitting funds.
“We believe the FCA needs to ensure there is greater supervision of banking crime
controls, including making sure banks are consistently performing customer checks
and transaction monitoring,” she wrote, urging the FCA to enforce best practices and improve data sharing across industries to build a “whole system, data-driven response to tackling fraud in the UK.”
Tordera agreed that public and private sector cooperation will protect customers from fraud and facilitate safe, convenient, affordable and accessible financial services.
“Our shared aim is that we lead our market and consumers to a period of innovation and growth, and this is why we’re working proactively to help the PSR with the main priorities regarding APP fraud and the payments infrastructure,” he stated. “We hope [that’ the PSR [will] listen to our recommendations, allow all stakeholders more time to prepare and that this is the start for increased collaboration.”
Global impacts
As UK regulators noted, financial crime is a global issue. The 2024 Global eCommerce Payments and Fraud Report, published by Cybersource, Visa, and the Merchant Risk Council in April 2024, found an increase in multiple attack vectors in 2023.
“The types of fraud that merchants are seeing more of this year include first-party misuse, account takeover, loyalty fraud, and triangulation schemes,” researchers wrote. ”Refund/discount abuse and first-party misuse now top the list as the most common forms of fraud, each impacting nearly half of merchants globally. Phishing, card testing, and identity theft remain prevalent threats, as well.”
Researchers also found a 69% increase in first-party fraud and chargeback misuse in North America, affecting over 6 in 10 merchants, driven by inflation and rising ecommerce usage. Addressing these issues will require multiple strategies and techniques, they stated, noting that advanced technologies have been proven to outperform traditional notifications in identifying, verifying, and onboarding legitimate customers.
Beyond KYC
With the help of AI, ML, and other advanced payment technologies, financial institutions and service providers can know their customers and build trusted, long-term relationships. Live chatbots and virtual assistants, for example, keep lines of communication open by answering questions and escalating service issues.
Always-on chatbots and virtual assistants, built to comply with local privacy requirements, are designed to improve efficiencies and the customer experience. These always-on helpers are effective fraud deterrents, even in cases of friendly fraud, where they can offer equally friendly step-up challenges to stop chargebacks before they happen.
In the digital age, fraudsters and payments industry stakeholders are leveraging the same technologies for very different purposes. Improved collaboration and oversight within the global financial community will help stem the rising tide of attacks against merchants, customers, service providers, and financial institutions.