/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Which? calls for post-Brexit rule change to protect victims of APP fraud

Consumer group Which? is urging the UK Government to introduce a post-Brexit rule change that would force banks to reimburse victims of authorised push payment fraud.

  5 4 comments

Which? calls for post-Brexit rule change to protect victims of APP fraud

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Currently, 18 banks are signed up to a voluntary code of conduct that should see victims of bank transfer scams reimbursed.

The latest figures show that more than £200m was lost to APP fraud in the first six months of 2020. But despite the introduction of the code of conduct, just 38% was reimbursed to victims. That’s a fall on the second half of 2019, when 41% was returned.

In August, Which? published a report alleging that scam victims were facing a lottery when it came to getting their money back, with banks applying the code poorly and inconsistently. Reimbursement rates by individual banks fluctuate dramatically, with one firm fully reimbursing just one of victims, whereas another had fully reimbursed 59%. Which? believes the current lack of consistency means many customers face a lottery when it comes to trying to get their money back.

Not all banks are signed up to the code, and the Payment Systems Regulator currently lacks powers to force banks to make reimbursements under the EU's PSD2 Directive, which prohibits EU member states from pushing payment service providers to go beyond the terms set out in the legislation.

The consumer champion argues that a post-Brexit change in legislation would provide the regulator with the power to direct the Faster Payments Scheme to introduce a new guarantee into its rules that includes protection for victims of APP fraud - similar to the guarantee in place for direct debits.

In a statement, Which? says: "Which? believes that by making these changes the Government can show that it will use the legal flexibility resulting from Brexit to benefit consumers - and could potentially cut the amount consumers lose to bank transfer fraud by tens of millions of pounds a year."

Digital payments will be discussed in depth at EBAday 2020. For delegate passes, register now and join leaders from across Europe's payments ecosystem as EBAday addresses 'The Turning Point in Payments Transformation'.

Sponsored [Impact Study] 2024 Fraud Trends in Banking, Insurance, and Beyond
 

Share

5
5
 
 
 

Related Company

Channels

/regulation & compliance /retail banking /security /payments

Keywords

brexit

Comments: (4)

Kevin Smith

Kevin Smith Director at Riskskill

So which organisation is Which? suggesting should reimburse the cardholder who was the subject of an APP fraud scam? The bank that hosts the customer's account from which the monies were taken with the cardholder's agreement, or the financial institution who opended the account that receievd the fraudulent funds, i.e. the fraudster. The challenge is we are not preventing APP scam issues, we are just shifting liability from a customer who was "tricked' to their own bank.

A Finextra member 

Why not make the mobile operators pay, since they allow spoof SMS messages that appear to come from the customer's bank.

Dulce Alvarez

Dulce Alvarez Manager Business Analysis at JP Morgan Chase

This article is misleading. Indeed PSD2 scope does not include consumer protection against fraud. However there is European legislation which does : directive 97/7/ec on the protection of consumers in respect of distance contracts, directive 2011/83/eu on consumer rights, directive 2005/29/ec on unfair commercial Practices, and directive 93/13/eec on unfair terms in consumer contracts All these directives should be part of the UK law... and they need to be maintained-enhanced post Brexit.

A Finextra member 

If banks or ASPSP:s as regulators call us, should foot the bill for APP fraud, the protection needs to be financed, i.e. end users of payments need to pay enough for the payment service to cover refund rights for fully authenticated credit transfers that prove to be fraudulent. In the payment cards industry the business model includes liability rules for cases where the payee is not paying back wrongfully received funds. The alternative protection is to add more security features that make payer life harder.The PSD 2 makes it harder for the payment service providers to reclaim monies from the fraudulent payee due to the "finality of payment rule" and most consumer protection regulations assume that the payee will repay the wrongfully received funds, which does not apply to fraudsters. The PAD regulation gives all EU citizens the right to obtain a payment account - so fraudsters have a legal right to "join" the payment service. The absense of sensible "scheme" rules in combination with instant payments, the internet/mobile networks and digital transaction verification are the  fuel components that propel this kind of fraud and will make a ASPSP liability rule expensive. 

Related news

/security

APP fraud losses hit £456 million in 2019

/security

Which? calls for Government action on APP fraud as losses spiral

/security

Banks denying refunds to scam victims who ignore new warnings

UK banks extend deadline for funding APP fraud compensation

Pay.UK knocks back Faster Payments fees to cover APP fraud

/payments

MPs call for backdated APP fraud reimbursements and Faster Payments delays

[Webinar] PREDICT 2025: The Future of AI in the USFinextra Promoted[Webinar] PREDICT 2025: The Future of AI in the US

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept