Future of Payment Review – six-months on – APP Fraud

Joe Garner’s Future of Payment review published in 2023 on behalf of the UK Government reflected the complexity of the current instant payment UK environment. The situation has allowed the UK’s early leadership in global instant payments to decline. The UK is starting to fall behind in terms of person-to-person payments made by bank account transfers. UK is ranked 9th in terms of the number of account-to-account transfers per capita, and it predicted to fall to 17th by 2027.

3.   Authorised Push Payment Fraud 

APP (Bank to bank account) fraud

Fraud in the UK has been described as reaching epidemic levels. 

The UK Government’s objective is, “Our ambition is to cut fraud by 10% from 2019 levels, down to 3.33 million frauds by the end of this Parliament.” 

Data shows there were 3.65 million frauds in 2022. In 2024 fraud prevention is being mandated, e.g. Payment System Regulator’s new regulations on banks reimbursing 100% of the clients’ defrauded amount, in 2023 banks’ customers received 40%.

To commit APP fraud a bank account is needed. 

Banks own the accounts and allow consumers to use theses accounts. The fee structure starts from free to £18+ per month. A comprehensive set of enhanced value offerings by various categories are included, e.g., mobile-phone insurance. 

There a set of regulations banks are obliged to follow to ensure the customers are genuine: ‘Know Your Customer’ (KYC) rules. In addition, banks need to check for money laundering, financing terror and if the owner is a PEP.

Authorized Push Payment (APP) Fraud 

Latest figures showed the total value in H1 2023 from H1 2022 was down 1% to £237 million yet the number of scams jumped 22%. The average loss was just over £2,000.

H1 2022 H1 2023 Change

 APP loses (£'000) £239,000 £236,610 -1%

Volume     90,480 116,000 22%

Av Loss     £2,641   £2,040 -23%

APP % of total Fraud losses 41%

Reported Cases* 116,000     *Unreported cases add 40%        

Currently, customers are protected from APP fraud by the Contingent Reimbursement Model (CRM) Code, which the Lending Standards Board (LSB) oversees. The Code ensures financial providers have a consistent approach to reimbursing victims of APP fraud. The PSR oversees the performance of banks and the results for 2022*** were:

By volume of cases (where there was full reimbursement):

• TSB fully reimbursed 94% of the APP scam cases reported to it, followed by Nationwide 91% of cases and Barclays 79% of cases.
• Monzo 6%, Danske Bank 7%, and AIB 12% of cases were fully reimbursed.

Value of APP fraud received by the payee bank per £’million of transactions. This shows smaller bank/PSPs received the highest value of APP fraud in 2022. For example, for every £1 million received into accounts at Clear Junction, £10,335 of it was APP fraud.

1.     Clear Junction                               £10,353

2.     BCB                                                  £7,079

3.     Cashplus Bank                                £5,916

4.     PayrNeet                                          £5,765

5.     PrePay Technologies                      £4,814

6.     Clear Bank                                       £1,575

7.     Revolut                                             £1,158

In the UK since Confirmation of Payee was introduced with the Model (CRM) code scammers now open bank accounts at banks that do not provide CoP. 

In the EU figures for APP Fraud are just beginning to show in Instant Payments.  The European Payment Council did find fraud was shifting away from malware to social engineering attacks*. Barclays UK found 87% of fraud originates off social media.

Smart Phones mobility is now part of both consumers’ and enterprises’ daily life. Smart mobile devices have become common in Europe enabling a wide variety of mobile and payment apps. These apps are an attractive target for scammers.  

FICO’s 2023** report showed 14 countries what customers liked best in instant payments:

• 87% admitted to the sheer speed with which funds are transferred.

• 76% like how easy instant payments is to use.

• 53% favoured instant payment accessibility. 

FICO believed if scammers, who take advantage of real-time payment users, were surveyed they too might have provided similar answers.

APP Fraud must be stopped before the payment is made as once the payment has been approved by the payer, it is gone and shortly out of the country. 

Banks must keep up-to-dated checks on the bank account owners’ personal data and account activities. Scammers have a clear behaviour pattern.  The incoming money is moved quickly to other bank accounts, and often again and again. Faster payments assign a transaction number so scammers network can be tracked so AI can show the networks. 

The key questions here are:

How up to date, time wise vs. instant payments is the customer information? 

If it’s a new payee, do you ask for facial recognition before making the payment?

 Thanks John

* https://www.europeanpaymentscouncil.eu/sites/default/files/kb/file/2023-12/EPC181-23%20v1.0%202023%20Payments%20Threats%20and%20Fraud%20Trends%20Report.pdf

** https://www.fico.com/blogs/real-time-payments-survey-reveals-growth-usage-and-scams

*** https://www.psr.org.uk/news-and-updates/latest-news/news/psr-publishes-first-app-scams-performance-report/