Community

Agree Ed. In our son’s case his cash ended up in a non-CoP UK bank, so a UK mandating would at least help to close the door. In terms of consumer education (for account holders) …. it would help that effort if these scams could be referred to with something the general public can actually understand and that better describes the problem. Such as Identity Fraud Scams, for instance …. and not ‘APP fraud’ which appears in every media headline but is so tenuous even bankers struggle with it (despite it being essentially derived from bankers’ speak).

Thanks Jackie. When your bank’s app is in your phone, you are carrying their software (SaaS). Essentially you’re carrying a miniaturised branch around in your pocket and we need to be maximising the advantage of this … Applying modern use of in-app messaging or message-based-chat would make the phone line - where you have to be “taken through security” and are more often than not subjected to ‘hello 1989’ IVR before you are permitted to even talk to a human - largely redundant. It would be trivial instead to ping an app (push) notification and then serve up the ‘last three transactions’ …. “did you spend £15.22 at Aldi in Jesmond yesterday?” or whatever, in the App with a Y/N? field. No phone call required, utlising SCA (instead of the first two characters of your mother’s maiden name etc) and strong assurance for the account holder that they’re communicating directly with their actual provider.

APP fraud is identity fraud and banks should implement Secure Provider Authentication (SPA).

To protect their customers from the indignity, the anxiety and the shame of being scammed, Banks need to focus energies on SHUTTING THE STABLE DOOR to prevent more of this from happening in the first place.

Some people will always get scammed but right now that door is way too ajar.

Big banks are just too easily impersonated and their comms channels to customers vulnerable and too easily compromised by their own behaviours.

Last month our son at Uni fell victim to an APP scam and they emptied his account. Sufficiently sophisticated to fool a young adult with just a few yrs of banking familiarity.

First a bogus txt from ‘Royal Mail’ about parcel redelivery: enough to elicit an address and bank name. Next an 0800 inbound call from ‘Santander’s fraud team’ alerting to suspicious activity. And so, driven by a fear of losing all his money … he lost all his money.

Banks say “we will never contact you by…“ and “we will never ask you to ….” but the uncomfortable truth is they do and they have (less now than in the past) - and it’s those behaviours the scammers are exploiting.

In the follow up with Santander’s real fraud team they’d called him on three different 0800 numbers, none of which he had any means to validate as real. At the start of each call he was “taken through security checks” but they gave him NO means to authenticate THEIR identity.

Why? They could have sent an OTC to their App on his phone and recite it once he’d opened the App to view it using SCA. They’re leaving account holders vulnerable because it’s secure comms ONE WAY but NOT the other.

Hardly a surprise that APP fraud on FPS now outstrips fraud on the card networks (which for so long held top billing). Significant for the customer tho as fraud on the former is far harder to recoup than the latter are your article points out.

PSD2 gave banks no choice but to spend on SCA to ensure the account holder is verified by two factors when opening their App.

Implementing 2FA to provide equivalence in the other direction ~ for the account holder ~ is non mandatory. So whilst it's technically trivial to enable, it’s a chunky £upgrade which needs to be signed off internally.

Cost being commensurate with size / age: the CMA9 are the natural laggards and loom large on this heat-map.

When the CRM payouts (mandated or otherwise) exceed the internal cost to upgrade I guess the decision becomes easier.

Banks, cc companies (and any fintech that’s able to pivot) is rushing to the UK BNPL market because big positions are being taken in this niche corner of consumer payments, which is pre-regulation.  It's hot.

Some trying to incept in this space (hoping to morph to something more profitable) others just covering positions, heat seeking or simply just the plain fear of missing out.

Merchants just want to shift more gear and will engage with pretty much anything that might lower or equate to their current merchant service charges.

But it’s a perfect storm for UK consumers, easily enticed by the accessibility of instant credit and allured by the “have what you want when you want” messaging which underpins it. 

And okay BNPLs may not yet be making money and may not yet vbe taking extortionate fees, but it is driving gross consumer credit upwards (household debt) and when disposal income is flat and the friction to get credit lowers the pain spreads elsewhere. 10% of BNPL customers are already in arrears and 54% of BNPL payments in the UK are being made on credit cards.

Worse of all, the traditional unsecured consumer credit market, such as hire purchase agreements, credit card limits and even payday loans, is regulated to ensure affordability checks are made and repayment capability assessed.  There’s no such overarching checks with BNPL, no tethering, no repayment dashboard.  Consumer can get hitched with as many BNPLS as they like: with the consumer left with the responsibility to assess their own gearing to repayment metric. 

We know how this ends. Did someone just say Wonga?!

When they said Open banking would pave the wave for killer apps, I doubt this is what they had in mind.

Subprime 2.0, The Sequel

Subprime 2.0, The Sequel

Subprime 2.0, The Sequel.

Like I said …. A scammer’s delight https://www.telegraph.co.uk/business/2021/10/02/millions-stolen-barclays-accounts-monzo-fraudsters/

... use case for SRC diminishing. 

After 3 or 4 years hard effort, which in some cases included an unrelenting fight just to stay in the game, it’s encouraging to see a number of indicators pointing to meaningful traction amongst the first wave of challengers (Class of 2014/5).

The developments in the past 5 years of the Fintechs and Challengers with ambitions in the UK retail banking market have acted as zero investment proof-of-concepts for the CMA9.  The so called ‘disrupters’ have usefully proved customer demand for new elements that can add value to banking apps.  These include the ‘pulse’ balance line (Monzo), card freezing (Revolut), the aggregated ‘single customer view’ (Tandem) and not least the ‘Marketplace’ concept (Starling).

In 2018 we’re just starting to see big banks following along with Barclays card freezing, Lloyds doing account aggregation, HSBC integrating FPM and First Direct moving towards a ‘marketplace’ model.  Fair to say that PSD1 has proved some moderate success here as they would never have got there that quick.

Looking on: the UK’s premature entry into Open Banking is likely to give the Challengers even more of a boost.   The CMA9 are getting increasing lost in the squabble around how an unknown, untrusted and frankly unwelcomed TPP can be consented and then access the ASP's customer account.  It’s one that will continue to distract for the 18 month clock that is now running since the EP&C approved the key Technical Standards for Open Banking last week.

This is a real opportunity for the Challengers (non-CMA9) to compound their momentum over the incumbents by concentrating on a more collaborative approach with symbiotic FinTech alliances that are able to become PSD2 compliant by September next year.  This is cutting a much happier path and one that in time the bigger banks are likely, again, to follow.