New rules from the Payments Service Regulator (PSR) to protect consumers

It is done with a few clicks of a mouse but Authorised Push Payment (APP) fraud cost UK consumers nearly £250 million in the first half of 2022. Typically, a fraudster, having earned the victim’s trust, will trick them into making an authorised bank transfer to an account they control. 

The problem is expected to become more severe over the next 12 months and there are myriad ways for a fraudster to trick a victim.  As the cost-of-living crisis persists, fraudsters will find new ways to defraud their victims with fake emails, websites, and social media adverts. 

Fraudsters often prey on victims through “too good to be true” offers, scare tactics or promises of financial returns. Financially stressed consumers are more vulnerable with promises of easy return on their “investments”, while romance fraud victims are often targeted because of the promise of love. 

Until now, there has been no defined recourse for consumers who find themselves out of pocket, with banks taking an ad hoc, case-by-case basis approach to refunds.  

That is set to change, with new rules from the Payments Service Regulator (PSR) giving greater protection to consumers. Experian expects the vast majority of cases will be reimbursed under the new scheme, potentially doubling the cost to banks and lenders to over £400 million. 

The change will bolter consumer protection but what does it mean for banks and their fraud prevention strategies? 

A holistic approach to information sharing 

Under the new proposals, liability for the refund will now be shared between both the Payee’s (the victim’s) and the Receiver’s (the account controlled by fraudsters) bank. Both parties, now thanks to this new joint responsibility, have an incentive to prevent APP fraud at source. 

This will put even more pressure on the onboarding stage, with tighter controls and checks to ensure that new accounts being opened are for legitimate purposes and are not, for example, ‘money mule’ accounts. 

Due to its complex nature - the many different interaction points involved in APP fraud such as social media adverts, phishing text messages - further stress the importance of information sharing between the Payment Service Providers (PSP). This will become critical in 2023, and beyond, to flag and stop potential suspicious activity. 

The new regulations will encourage this information sharing between sending and receiving parties and is a positive step, but it could also be a too narrow approach. Fraudsters may well be hiding their activity and suspicious behaviour in already-opened accounts not involved in the specific fraudulent transaction. 

To counter this – and move from a detective to preventative position – a more holistic approach will be best. Getting a more complete picture of the accounts and activity of suspected fraudsters will enable PSPs to better investigate fraudulent activity, and it would also be beneficial for PSPs to question their counterparts on historical transactions and behaviour across all their accounts too. 

Developments are happening in this area. Through the Credit Account Information Sharing (CAIS) scheme, Experian provides access to credit data from lenders, insurers and utility and telecoms companies, which provides a more holistic view on consumer’s past credit behaviour. 

PSPs should consider CAIS data sharing to enhance the information they have access to, as well as analytics, and also fraud data sharing consortiums, like National Hunter, to enhance their understanding of fraud risk. 

Collaboration is key 

Collaboration is key to addressing this evolving challenge. Collaboration in the fields of data sharing and innovation will be required from all market participants to develop new processes - only then will there be reduced losses for both the financial institution and their customers, improving the situation for all.