PS23/4 Countdown: Banking’s 5-Point Checklist for Smooth Sailing

by James Hunt, SME - Payments, Feedzai

Share this post

In a decisive move to fortify the financial sector against the ever-evolving threat of authorised push payment (APP) scams, the recent policy statement PS23/4, issued in December 2023 by the PSR, forces banks to revamp their strategies. With a looming deadline of October 2024 for implementation, it’s imperative that banks swiftly adapt and evolve their approaches to counter these sophisticated scams effectively. 

Here’s an in-depth look at the top five key themes that can be taken from the policy, each demanding immediate attention and action:

  1. Shift From Fraud Detection to Fraud Prevention: This pivot is fundamental. Banks are urged to focus on proactive measures for protecting consumers from APP scams, transcending beyond mere compliance. By leveraging advanced analytics, AI, and machine learning and using all available data, banks can look to identify potential scams before they occur. It’s crucial to move beyond just transactional data. Supplementing this by understanding consumer behaviour patterns, demographic and relationship information, and unusual logins and password resets can help to anticipate and mitigate risks.
  2. Collaborative Efforts for Implementation: The fight against APP scams cannot be solitary. I can’t overstress the importance of a unified approach in combating APP scams. Collaboration between banks, regulatory bodies, and payment systems is essential. This involves sharing information and insights on emerging fraud trends, jointly developing fraud detection and prevention standards, and creating channels for rapid communication and response to threats. By working together, these entities can create a more robust, cohesive defence against financial crimes, ensuring a safer consumer environment and maintaining the financial system’s integrity.
  3. Adherence to New Compliance Guidelines: The policy sets clear guidelines for Pay.UK and Payment Service Providers (PSPs). It is critical to adhere to the new compliance guidelines. Banks must integrate these guidelines into their operational frameworks to ensure they are compliant and effectively protecting their customers. This involves regularly updating their systems and practices to align with evolving standards, training staff on these changes, and conducting regular audits to ensure ongoing compliance. It’s about creating a compliance culture permeating every aspect of banking operations.
  4. Innovative Fraud Detection Techniques: Criminals continuously innovate; financial institutions must do the same with their fraud detection techniques. The dynamic nature of financial scams necessitates a move beyond traditional methods by asking different questions of traditional data points. Banks should also explore emerging technologies like behavioural biometrics and deep learning, which can provide a more nuanced and contextual understanding of customer behaviour. Integrating these advanced technologies into existing systems and flipping the questions we ask on traditional data points allows for a more layered and sophisticated defence mechanism capable of detecting subtle anomalies indicative of fraud. This proactive approach and real-time analysis significantly strengthen the bank’s ability to protect its customers from sophisticated and evolving scams.
  5. Continuous Monitoring and Improvement: The fight against APP scams is ongoing. The importance of a dynamic and responsive approach to fraud prevention can’t be overstated. Financial institutions should establish specialised processes focused on monitoring emerging scam tactics and adapting fraud prevention strategies accordingly. These processes should employ a combination of data analytics, customer feedback, and industry reports to stay ahead of the curve. Banks should also engage in regular education programs for their staff and customers, fostering a proactive culture of awareness and vigilance in the face of evolving financial threats.

The PS23/4 policy statement is pivotal in strengthening the banking sector’s defences against APP scams. By focusing on these critical areas, banks can significantly enhance their capabilities to protect their customers and maintain the integrity of the payment system. 

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?