Community

While I'm dismayed at the continued use of the "APP Fraud" oxymoron, I'm pleased to see a distinction being made between "Fraud" and "Scam". As Zelle makes it clear, Fraud is Unauthorozed Payment whereas Scam is Authorized Payment - they're not the same.

Great initiative. Hope they also create an open directory so recipients of SMS know the full name of the company behind cryptic SMS Headers.

In the blog post titled Variants Are Making Phishing Attacks More Lethal Than Ever in my company blog, I gave two examples of scams that worked by using misleading SMS Headers:

----------

... when you get a text, you need to look at the SMS Header and use your general knowledge / common sense to decipher who the sender of the message is e.g. “TM-HSBCIM? Ah it must be HSBC Bank”; “VK-GODDY must be Go Daddy”; and so on.

This works well – until it doesn’t.

BP-RTODPT is not RTO Department (DMV of India). This SMS Header belongs to a motor insurance company that uses the bait-and-switch dark pattern to sell you a policy that you don’t need.

Then there’s QP-ITDEPL, the header used by a scamster to send out texts about income tax refund. A poor sucker who got this SMS thought it was from the Income Tax Department, took the offer for refund to be genuine, clicked through the link, and lost INR 2.94 Lakhs ($3900) in the bargain.

----------

If only there was a directory, diligent users could have avoided falling victim to the scam by looking up the directory and realizing that the above two SMS Senders were not who they claimed to be.

I get the introduction of # symbol but, as far as I can make out, this feature would merely change the SMS Header from e.g. BP-RTODPT to #BP-RTODPT, which can still succeed at scamming the recipient of the SMS.

Do you have any data that customers of banks and financial institutions want personalized experiences or is just your hypothesis that they do?

If banks are going to be held liable for reimbursement for APP Scam due to proposed Drunk Under Lamp Post regulation, I totally get why they'd want to take preemptive action to nip the problem in the bud. But, even by modern best practice of using sample size of only 2000 to survey populations of 60M or more, TSB's sample size of 100 Facebook Marketplace posts seems very small.

A coupla years ago, there was a lot of Kool Aid that Google was showcasing UPI to Fed for USA's A2A RTP, which was then in planning stage. With Fed going ahead with another product for FedNow, that movie didn't end well.  

Hope this new Google-UPI movie has a better ending.

Sure why not, since I'm not anonymous, my triumvirate allegiance should be obvious:).

PSR is clearly a Drunk Under Lamp Post regulation triggered by votebank politics. It will be allowed to die a natural death after UK elections are over. Accordingly, PSR's regulatory stance will not be adopted even in UK.

Fraud v Scam: Who Is Liable For Cybercrime

I totally agree with Big Tech and point regulators to the message emblazoned on the HP t-shirt: "No RISC, No Gain".

It's easy to mitigate the risk of AR by banning sales but there wouldn't be any businesses left to justify the existence of regulators in that case.

Of late, the Chopra-Khan-Gensler triumvirate in USA has gone rogue and it's high time the US administration reined them in.

Totally agree with Jonathan Frost, if not many of the others. As I've highlighted before, banks will use mandatory reimbursement as the excuse to delay payments and earn float income under the pretense that they're "carrying out extra due diligence on the authenticity of the payment".

And I won't blame them. Forcing banks to reimburse APP Scam victims is Drunk Under Lamp Post regulation and such regs tend to have such Unintended Consequences. 

A2A solves problems for merchants caused by pro Consumer antifraud provisions in credit card. In other words, fraud / scam is a known feature, not bug, of A2A. Strongly doubt if A2A can adopt the credit card antifraud playbook and still remain attractive to merchants. 

Why Don’t UPI / Zelle Provide Fraud Protection?