Trends

PUSH PAYMENT FRAUD REGS COULD HAVE UNINTENDED CONSEQUENCES FOR CONSUMERS & FINTECH FIRMS

The UK's Payment System Regulator is rolling out reimbursement rules for push payment fraud that could significantly increase costs for fintechs and potentially harm financial inclusion.

PUSH PAYMENT FRAUD REGS COULD HAVE UNINTENDED CONSEQUENCES FOR CONSUMERS & FINTECH FIRMS

As fraudsters continue to prey on U.K. consumers, posing as staff of their banks or other trusted organisations to convince them to send large sums of money through authorised push payments (APPs), the U.K.’s Payment Systems Regulator (PSR) is taking action that could have serious implications for fintechs (financial-technology firms) and banks.


APP-fraud losses totalled around £500 million in 2022. Although the amount of money lost declined by 17% in 2022, the figures represent a 6% increase in the number of victims. In 2022, 207,372 incidents of APP fraud were reported, with individuals and businesses falling victim to scams and transferring funds to accounts controlled by fraudsters pretending to be their banks or financial-services brands. Even the most tech-savvy, financially aware consumer is not immune to this type of fraud.


While we all agree that consumers need more education and protection from fraudsters, what the PSR is proposing could inadvertently trigger a multitude of unintended consequences that could hurt financial-inclusion efforts as firms face escalating costs.


Under the PSR’s new APP-fraud requirements, which are due to come into force at the end of 2023 or the start of 2024, banks and payment providers that directly use the Faster Payments Service (FPS)—and indirect payment service providers (PSPs) connecting to it—will need to reimburse victims of online APP fraud within five days. Customers will not be reimbursed if they are found to have acted fraudulently or with gross negligence or if their transactions involved cryptocurrencies or international payments.

Without clearly defined reimbursement parameters, who decides whether a customer has acted with gross negligence, and how does this differ from naivety? Many in the payment industry are concerned that malicious players will pretend to be vulnerable and thus be automatically entitled to reimbursement, even when acting intentionally and with gross negligence.

John Goodale

John Goodale

Executive Director, Head of Europe, Ubiquity

Unintended consequences may stifle consumer experiences

APP-fraud reimbursement is a mixed blessing for consumers, too. With customers demanding smooth and secure omnichannel payment experiences, banks and payment providers strive to make them as speedy and seamless as possible. Although consumers will benefit from more protections under the APP requirements, they’ll also suffer more friction in their payment processes, as it is likely that smaller PSPs may seek to mitigate fraud risks by adding more authentication measures, particularly for payments flagged as higher risk.


Friction in any payment process means more frustration for customers, especially when making urgent, high-value payments. Examples include a consumer making a bank transfer to buy a car at a dealership or paying a deposit when buying a home. Not having their payments authorised in legitimate scenarios such as these results in humiliated and angry customers—and worse still, potentially lost deals.


Smaller PSPs may seek to mitigate fraud risks further by capping the amounts transacted through the Faster Payments Service. This potentially throws the entire business model of Faster Payments out of the window. Why would banks and fintechs offer Faster Payments if they bear the risks of APP fraud at the end of the process?

APP-fraud countermeasures can work, but more collaboration is needed

Measures to stop the spread of APP fraud are having some success, such as Confirmation of Payee (CoP), the payee-checking service designed to help prevent APP scams and misdirected payments. With CoP, consumers setting up a new payee (or changing the details of an existing one) can prevent payments from going to the wrong account. CoP is a great example of how collaborations between banks, financial-services players and others are improving intelligence sharing and helping to promote customer awareness and education.


But deeper collaboration with other industry sectors, including telecommunications and social-media operators, will be required. UK Finance data shows that 78% of APP scams start online and 18% via telecommunications, including texts and calls. Social-media platforms account for the greatest number of online fraud cases—around three-quarters of online fraud starts on social media.


No matter how the new APP-fraud requirements play out, they still don’t solve the underlying issue of stopping APP fraud at the source. According to the PSR, an APP fraud can only be successful if facilitated via a payment. But banks and fintechs are often downstream from abuses of mobile networks and social-media platforms via phishing, smishing and other methods used to perpetrate APP fraud, with no line of sight on what happens upstream before their customers come under attack.


And as long as banks and fintechs bear the costs, other industries have little incentive to collaborate or share intelligence that could stem the flow of fraud. While some PSPs are working to capture data on fraud sources, the wider fraud ecosystem requires more action across industries to stop fraud wherever it originates.


Read the full article in International Banker.

John Goodale is responsible for Ubiquity’s business expansion in the U.K. and Europe, and helps companies struggling with staffing, technology, and economic uncertainty improve their customer experience management. A payments and retail industry veteran, John has decades of experience in a variety of markets such as the U.K., Europe, North America, Brazil, and Russia. Before joining Ubiquity, John held several senior roles in sales, product, technology, and management consulting within multiple organizations, including TSYS, KPMG, Crosscard, GPS, and Zwipe. He is based in London.

    Share

    Outsource with confidence

    To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will enable us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent may adversely affect certain features and functions.