APP Fraud Prevention: Compulsory Action Doesn't Mean Banks Lose Competitive Edge

In 2022, Authorised Push Payment (APP) fraud overtook payment card fraud for the very first time in terms of financial value. In H1 of last year alone, victims of this particular crime authorised payments totalling almost £250 million to accounts operated by fraudsters, with purchase scams accounting for 56% of APP incidents reported.

The seriousness of the issue is clearly reflected in provisions laid out in the Financial Services and Markets Bill soon to become law.

Not only does the Bill eliminate any legislative doubts that may have lingered around the responsibility banks have to protect their customers from APP Fraud, it will also see the introduction of compulsory measures squarely aimed at tackling the issue.

Incentivising action: reimbursements and responsibilities

The Financial Services and Markets Bill, among other things, requires the Payment Systems Regulator (PSR) to establish a system for mandatory reimbursement of APP fraud over the Faster Payments system (which accounts for 98% of APP scams). And do so quickly.

While the intricacies of how this will be done are still to be defined (with some debate over the best approach in terms of enforcement), 2 things are clear based on proposals already floated by the PSR in association with this issue.

• Banks are definitely expected to go ‘beyond the basics’ when it comes to protecting customers from APP fraud – processing sort code and account details correctly is definitely not enough to escape liability for any resulting losses.
  
  
• Both sender and receiving banks will become responsible for reimbursing losses as a result of APP scams.

The idea is that this legislation creates a universal incentive…a financial one…for banks to be better. Better at detecting potential perpetrators. Better at taking measures to prevent customers authorising payments they really shouldn’t. And better at identifying links in the chain; those banks not currently increasing their maturity in adoption of fraud prevention technology, processes and data sharing initiatives to uncover potential money mules involved in APP scams, will certainly need to play catch up to those who do.

The introduction of a stick doesn’t mean there’s no carrot

Will this mean banks already ahead of the game in this area lose a valuable competitive edge? A key differentiator?

Well, no. In fact while there may soon be an incentivising ‘stick’ prompting those in the payment chain to ‘do the right thing’, the introduction of any kind of mandatory action certainly doesn’t (and shouldn’t) create a level playing field where no one stands out.

Banks that look for innovative ways to protect their customers and, perhaps most importantly, are able to do so while minimising excessive friction in order to maintain a good customer experience, will instil trust and undoubtedly be the ones in the best position to expand their customer base. And rightly so.

Striving for this kind of advantage is actually an important part of the solution. In a recent speech on the subject, Managing Director of the PSR, Chris Hemsley, summed it nicely be saying “Innovation and competition play an important role when combatting fraud. Firms that are better at it, should have an advantage and attract more customers”.

With new APP scam performance league tables now also part of plans to tackle the issue, there is certainly good reason for organisations to be competitive about the level and efficacy of measures they introduce. It’s also worth pointing out that, while both sending and receiving banks will now be liable for reimbursement of scams under new rules, liability is likely to be weighted based on which organisation has acted most diligently to avoid APP scam scenarios.

Can enhanced measures be introduced without compromising CX?

Firstly, it’s worth stressing that a frictionless CX is not the goal here. A degree of friction, where it accompanies a clear commitment to customer protection, is expected and in fact can become a tool of trust. Customers are reassured to know that a serious issue is being taken seriously.

An additional text message, for example, asking a payer if they know/trust the beneficiary of a payment (where the beneficiary specified is not on an existing list of known recipients) before a payment is authorised might add time to the process but could be the prompt someone needs to think twice without delaying the process needlessly.

Reducing unnecessary friction is the key, and that’s something that can be achieved by introducing purposeful interventions in the payment process (like the additional text mentioned above) while also integrating additional measures into existing fraud prevention protocols.

For instance, a person looking to open an account for their ‘investment consultancy services’ may not flag as being associated with previous fraud and check out in terms of ID but the fact the phone number they are registering for the account is a ‘pay-as-you-go’ number may be cause for concern as something that doesn’t align with the expectations of a purported service.

Ensuring on-boarding processes are equipped to spot such ‘mismatches’ can make a big difference to preventing APP scams. Interestingly, we are also working on solutions right now to help financial service providers assess – at on-boarding stage - the propensity of an account holder to become a money mule. Given that recipients of APP scam funds are often mules, this could also be an important area of focus (and also serves to highlight how interconnected fraud detection solutions need to be).

Leveraging pKYC solutions is another important opportunity, as these tools can help banks maintain a more real time situational awareness of customer accounts that enables red flags for APP fraud to be detected that may otherwise slip through the cracks between review cycles.

Sharing intelligence is the best way to fight APP fraud

Working closely with banks and other financial services providers on this very issue and helping them harness the syndicated fraud data held in National SIRA as the foundation of their APP scam prevention measures, we have seen positive results. And we will continue to participate in initiatives, like the EY FinTech Lab sandbox, that promote innovation in this field. But we also know that more collaboration around data is needed.

If sending and receiving institutions knew more about the respective payers and beneficiaries involved in any given payment, not just within the UK but also for cross-border payments, we would undoubtedly see a drop in successful scams, as it would equip the financial firms involved to better understand the riskiness of specific payments and act accordingly.

Tech sprints we have participated in around APP fraud prevention bear this out. We’re also currently involved with an exciting sandbox initiative looking at how data sharing can be used to create a risk score for payments based on checks run against sender and beneficiary accounts.

By collaborating effectively on APP fraud data sharing initiatives, organisations have nothing to lose, but perhaps everything to gain in terms of tackling a worrying issue head on and building customer trust.

What’s more, while sharing data may be the necessary framework for change, enough scope exists for individual organisations to innovate their own specific suite of solutions based on that intelligence. So just as compulsory action across the industry doesn’t mean competitive advantage has to take a hit, neither does data collaboration. And that’s got to be good for the future of finance.