Tackling scams requires a team effort – but the EU is on track to create a blame game

As EU law-makers update Europe’s payments laws, they want to tackle the bloc’s growing number of impersonation, romance and investment scams. Clamping down on these types of scams demands close collaboration between banks, telecoms companies, online platforms and public authorities.

However, Members of the European Parliament (MEPs) instead want to force these players to fight among themselves over who has to compensate consumers. This would be a big step backwards. What MEPs now propose would create a culture of blame-shifting – and a new ‘honeypot’ for scammers. EU Member States must avoid making a rash decision and should therefore reject Parliament’s proposal.

Europe’s payments laws have helped drastically cut basic forms of fraud in recent years, like purchases made using stolen card credentials. But fraud has evolved, for example by tricking consumers into making payments under false pretences, and will continue to evolve. A key characteristic of these scams is that they span across multiple services and platforms, so there is not one service provider that has full visibility of the fraudster’s interactions with their target.

Take romance fraud: the fraudster might make contact with their target over a dating app; move their communications onto instant messaging services, where they eventually ask for money; and then the person affected will make a payment over a payment network.

There are two effective tools to solve this problem: closer co-operation and information sharing across the ecosystem, and education programmes to help consumers quickly spot when they are being scammed. Yet MEPs want to take the proposed Payment Services Regulation (PSR) in a direction which would undermine both these tools.

MEPs’ proposals would undermine trust and co-operation by creating a culture of blame-shifting. Banks would be incentivised to ‘over-report’ potential fraud to telecoms companies and online platforms, so that the banks would have less liability. This would make it harder for telecoms and platforms to prioritise their anti-fraud efforts to have the most impact. Telecom firms and online platforms would also have fewer reasons to share intelligence about emerging threats with banks – since banks could use that information to shift more liability to the telecom firms and online platforms who co-operate with them.

The second problem is that guaranteed reimbursement undermines the effectiveness of education campaigns and allows users to be less vigilant. It also encourages a ‘honeypot’ effect by encouraging more people to participate in fraud: which can be as simple as falsely claiming that a purchase has not been delivered, or allowing a personal account to be used by fraudsters to launder money in return for a share of the profits.

In Europe, banks in the Netherlands and the UK systematically compensate consumers – and they also report the highest rates of scams. Banks in these countries identify significant numbers of cases where fraudsters pose as ‘victims’, and my research shows that rates of scams in these two countries are higher now than before consumers started being reimbursed.

For example, in the first year that the largest Dutch banks agreed to compensate customers for bank impersonation fraud, that type of fraud’s share increased from 53% to over 75% of total fraud, and losses doubled from €26.2 to €47.6 million. Other European countries have performed better by avoiding such automatic reimbursement, and focusing instead on consumer information campaigns and developing cross-sectoral projects, for example by filtering out spam calls and SMS messages.

EU law-makers could take much more sensible steps to help stop scams than the flawed proposal adopted by MEPs. Banks, telcos and platforms all have incentives to act. Many are participating in initiatives to educate users and work with other companies to address the problem. Good examples are the ‘Tech Against Scams’ coalition and the ‘Global Signal Exchange’ information-sharing platform. Law-makers could help make these initiatives more effective by ensuring existing laws, like the EU’s data protection regulation, do not preclude sensible steps to fight fraud.

Companies whose services are exploited by fraudsters are also already subject to extensive EU regulatory obligations, such as rules on cybersecurity and online safety – many of which are relatively new and could prove very effective in the fight against fraud. Ensuring these existing laws are fully implemented makes more sense than imposing new ones, which would have uncertain impacts.

For example, the EU could use its online safety laws to encourage the ecosystem to develop common industry codes of conduct to tackle scams. If such codes were developed in collaboration with banks and telecoms firms, with each playing their part, Europe could finally see a joined-up, effective and EU-wide approach to tackling the recent outbreak of scams.

By contrast, forcing banks, telecoms firms and platforms to fight over their liability for fraud is a bad idea. It would create an unedifying ‘blame game’, undermine education campaigns and make scams more lucrative for fraudsters. Member States will be under pressure to agree to the changes proposed by MEPs in order to get the EU’s new payment law passed. But national governments should stand firm – otherwise, European consumers will become an even more attractive target for scammers.