The UK Payment Systems Regulator (PSR) is mandating banks and payment organisations to reimburse victims of Authorised Push Payment (APP) fraud, where losses totalled almost £500m in 2022 alone. With a policy start date of 7th October 2024, how does your fraud management strategy measure up?
In today’s digital-first world, we are fortunate to hold our money at our fingertips, with round-the-clock access to our finances through online channels. However, as technology advances, so do the tactics of fraudsters – seeking to exploit vulnerabilities for financial gain. With fraud attacks growing in sophistication and regulatory bodies seeking to hold any ill-equipped organisations accountable, the need for robust fraud detection and prevention technology has become paramount for UK-based Financial Services organisations.
A growing threat
The first half of 2023 witnessed a surge in sophisticated cyber threats in the UK, with fraudsters leveraging cutting-edge technologies such as artificial intelligence (AI) and machine learning to stay one step ahead of traditional security measures. According to the Cyber Security Breaches Survey, published by the UK Government, there were 2.39 million instances of cybercrime across UK businesses in the last 12 months, resulting in 49,000 instances of fraud. From this, the UK Government estimates that cybercrime costs an annual average of £15,300 per victim for businesses, exemplifying the magnitude of this growing threat faced by the Financial Services industry.
One of the primary drivers of the evolving fraud landscape in the UK is the rapid digitisation of financial services. As more transactions move online, the attack surface for cybercriminals widens, making it imperative for UK-based organisations to fortify their defences. A study by UK Finance revealed that financial fraud losses across payment cards, remote banking and cheques reached £726.9 million in 2022, emphasising the sheer impact of digital financial fraud in the UK.
Challenges in Authorised Push Payment
Authorised Push Payment (APP) fraud stands out as a formidable challenge for the Financial Services sector. APP fraud occurs when a fraudster deceives someone into sending a payment to an account outside of their control.
The significance of this threat is underscored by the fact that fraud incidents have surpassed all other crime types in the UK, with APP fraud alone accounting for 40% of fraud losses in 2022.
In a stride towards enhanced transparency, comprehensive data for the year 2022 has been published by the Payment Systems Regulator (PSR), shedding light on critical aspects of APP fraud. This includes information on victim reimbursement from the largest 14 banking groups, the funds sent and received by each payment firm due to APP fraud and a breakdown of the UK’s 14 largest banking groups alongside nine other smaller firms that ranked among the top 20 highest receivers of fraud.
For the first time, stakeholders have access to a detailed comparison report of how effectively different banks have tackled APP fraud and treated victims throughout the past year, providing valuable insights into the industry’s performance. This initiative aims to empower consumers and foster a more informed approach to choosing financial service providers.
This newfound accountability amongst Financial Services means it’s more important than ever to ensure that a robust fraud prevention, detection and management strategy is put in place – otherwise, organisations run the risk of losing out to better-equipped competitors. With the policy coming into place on the 7th October 2024, organisations can take between 6 to 12 months to get ready for the new requirements.How does your organisation measure up?
The PSR has focused on 3 key metrics for its evaluation of how organisations handle APP fraud cases. These are:
Metric A: Percentage of reported APP fraud losses refunded by value and volume
This metric visualises the extent of an organisation’s commitment to victim restitution. A critical driver for this metric is having the right systems in place to detect a scam – for example, in-app warning notifications to the user before following through with the payment. Microsoft tools like Dynamics 365 can be utilised to automatically redirect notifications from various fraud detection organisational email mailboxes to one unified platform. This provides organisations with a holistic view of the magnitude of fraud attempts to deal with them more efficiently.
Metric B: Value and volume of APP fraud sent per £1 million of transactions
This data highlights how much money consumers lost to APP fraud for every million pounds of transactions sent by the 14 major UK banking groups. There is less variation between organisations using this metric, suggesting that customers from all 14 banks are similarly likely to experience APP fraud, regardless of customer background or the size of the organisation.
Metric C: Value and volume of APP fraud received per £1 million of transactions (Non-directed PSPs and Directed PSPs)
This data identifies smaller banks and payment firms (Non-Directed Payment Service Providers (PSPs)) and UK major banking groups (Directed PSPs) that received the highest value of APP fraud in 2022 per million pounds of transactions. One reason for organisations facing higher volumes of APP fraud is having less, or delayed, onboarding checks. This gives fraudsters the opportunity to quickly open and close an account without being detected for malicious activity. Moreover, a weak inbound transaction monitoring system creates greater risk for APP fraud.
Incremental revolutionised Virgin Money’s business banking customer onboarding without compromising on security – read all about it here.
Are you ready? Mandatory reimbursement requirements and interventions
In a forward-looking approach, mandatory reimbursement requirements for victims of APP scams are set to come into force in October 2024. This means both sending and receiving firms will be held liable for reimbursing APP fraud victims in most cases.
The PSR also implemented interventions to enhance data sharing and prevent scams. The rollout of the name-checking service, Confirmation of Payee, combats APP fraud by checking that the name on the payee’s account matches the name and account details shared by the provider. This further demonstrates the commitment to securing the UK’s financial landscape against fraudulent activities.
This comprehensive analysis of APP fraud metrics serves as a vital tool for consumers, regulators and financial institutions alike, fostering a culture of accountability and transparency in the fight against financial fraud. As data continues to be collected and reported, stakeholders can anticipate further insights into the industry’s performance, facilitating informed decision-making and safeguarding against the ever-evolving landscape of financial crime.
As the threats continue to evolve, Financial Services organisations must be well-equipped to deal with fraud and manage customer fraud journeys in a way that is quick, transparent and effective. Telefónica Tech is a member of Microsoft’s Inner Circle for the fifth year running with a wealth of experience in creating exceptional, secure customer experiences in the Financial Services industry. Contact our team of experts today to learn more.