Out-Law News 4 min. read

Mandatory reimbursement among proposals to crack down on UK payment scams

Man with bank card and laptop


The UK’s Payment Systems Regulator (PSR) has laid out plans for further measures to stop authorised push payment (APP) scams, including possible mandatory reimbursement of scam victims.

The proposals, contained in a consultation paper (74-page / 856KB PDF), cover publishing scam data, intelligence sharing and mandatory reimbursement of APP scam victims.

Financial services expert Andrew Barber of Pinsent Masons, the law firm behind Out-Law, said “The PSR’s proposals for the publication of APP scam data and most significantly making reimbursements of scam victims mandatory have scope to make a real difference for consumers. However, the PSR will need to be careful to ensure consumer benefit does not result in undue burden on PSPs and does not create barriers to market entry for new PSPs. Smaller PSPs in particular should carefully consider the options proposed by the PSR for mandatory reimbursement of victims, assess the impacts those options may have on their business, and provide detailed responses to the consultation. In this regard, it would be particularly interesting to read the responses from the industry on these proposals.”

Barber Andrew

Andrew Barber

Partner

The PSR will need to be careful to ensure the consumer benefit of mandatory reimbursement does not result in undue burden on payment service providers and does not create barriers to market entry

The PSR is proposing that the 12 largest payment service provider (PSP) groups in Great Britain, which include most of the UK’s High Street retail banking brands, along with the two largest PSPs in Northern Ireland outside those PSP groups, will have to publish comparative data on levels of  APP scams, on reimbursement levels for their customers that are APP scam victims, and on which PSPs accounts are receiving the fraudulent payments.

Mila Pencheva, financial services expert of Pinsent Masons, said: “We anticipate this is data the designated PSPs already monitor and collect. However, putting this data in the format the PSR expects and ensuring it fully covers the proposed metrics will likely require some operational effort by PSPs”.

“PSPs explicitly caught by the proposals should already be assessing what changes they need to make to their data gathering processes, as well as the associated costs, to comply with the proposals. Arguably, all PSPs should consider whether they should start gathering the proposed data metrics both to ensure appropriate protection of their customers and to anticipate any potential future widening of the scope of the direction,” she said.

The PSR also recommended making reimbursement of APP scam victims mandatory. This would require legislative changes which, according to the PSR consultation announcement, are on the UK Treasury agenda.

 “Making reimbursement for scam victims mandatory would be ground-breaking for the industry but may come at a high cost for PSPs,” said Barber. “The proposals will likely result in PSPs having to provide increased pay-outs and put complex systems and processes in place to comply with the new rules. Those changes may have a disproportionate impact on smaller PSPs but equally users of those PSPs should be afforded the same protections so as to create a level playing field.

David Crossan, an expert in APP fraud litigation, said: “A separate concern is whether this creates a new type of APP Fraud by the back door. We have acted on a number of claims where the potential claimant is suspected of playing some role in the fraud, even passively or in a very minor way. The checks and balances on mandatory reimbursement will be critical to ensure the PSPs can still defend themselves again claims where there is a question mark over the appropriateness of claimant’s conduct and query how this will be assessed.” 

The PSR said it would task the financial services industry with improving intelligence sharing between payment service providers (PSPs) to improve scam prevention.

In addition to the three main proposals in the consultation paper, the PSR said it would also be exploring the balance of liability between sending and receiving PSPs, and developing proposals on how it could use its existing powers to address any issues.

The regulator will examine the value of voluntary action by PSPs and facilitate industry coordination to bring voluntary efforts together.

Herring Andrew

Andrew Herring

Partner

The existing voluntary measures provided some protection for consumers, but business customers remain relatively unprotected from scams unless they hold relevant insurance

Mila Pencheva said: “The PSR’s express support of and engagement in the work on improving intelligence sharing in the industry and its dedication to consider further measures to tackle APP scam in the future is welcome. However, there is little detail on these topics in this consultation paper so it is hard to gauge exactly what the consequences for consumers and the industry will be at this stage.”

The consultation paper revealed the number of reported APP scams had almost doubled between the first half of 2019 and the first half of 2021, with losses due to APP scams rising by 71% in the same period. In the first six months of 2021, 106,164 APP scam cases were reported with a total value of £355.3 million, up from 57,549 cases worth £207.5m two years previously.

In 2019 a voluntary code of conduct allowing victims to claim reimbursement for APP was introduced. It was followed in 2020 by the introduction of ‘confirmation of payee’, which requires banks and customers to check that account details are correct before a payment is made. The PSR said there was evidence confirmation of payee had helped prevent some types of APP scams.

However, the regulator added more needed to be done as levels of reimbursement varied widely and many customers were not covered by the voluntary code.

Litigation expert Andrew Herring of Pinsent Masons said that while the existing voluntary measures provided some protection for consumers, business customers remain “relatively unprotected” from scams “unless they hold relevant insurance”.

“The banking sector has made great strides to protect its customers, with UK Finance reporting recently that advanced security systems used by banks prevented £736m being taken by fraudsters in the first half of 2021,” he said. “Unfortunately, many APP frauds in the commercial arena are not spotted until it is too late to take effective legal recovery action. However, where mistakes are identified quickly, swift legal recovery action using tools such as Freezing Orders and Norwich Pharmacal / Bankers Trust Orders can be highly successful, and it is therefore important to respond quickly and take specialist advice if you do fall victim to these frauds.”  

Economic secretary to the Treasury, John Glen, said the government wanted liability and reimbursement requirements on firms to be clear so that customers are suitably protected.

The consultation is open until 14 January 2022.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.