An open letter from Tide’s CEO on the new Authorised Push Payment Fraud refund regime…
… mandatory reimbursements may cost a household on average over £50 a year
Table of contents:
- Scams already a “national security threat” at c.£700m
- Scams likely to increase with reimbursement possibly to £1.5b
- Reimbursements may cost a household on average over £50 a year
- Prevention and law enforcement should be prioritised
- Tide’s recommendations
Scams already a “national security threat”
The UK has already become so attractive to fraudsters from around the world that Lloyd’s Bank recently called it a “national security threat”.1
Scams are the most prevalent and damaging crimes in the UK. From tricking customers to make transfers from their bank accounts, to impersonating companies and creating fake ads, fraudsters are reported to be scamming UK victims out of around £460m pounds per year according to UK Finance.2 Visa research shows that around 34% of scams go unreported to financial institutions.3 Therefore, the true figure is likely to be closer to £700m per year.4
Scams likely to increase with reimbursement possibly to £1.5b
From October 2024, the Payment Systems Regulator (PSR) will require all payment service providers5 (PSPs) to reimburse customers who have fallen victim to scams (also known as APP Fraud).
There are real concerns that the mandatory reimbursement regime will make scamming much more attractive. Fraud experts point to three key risks:
- Change of the Risk-Reward balance for fraudsters – Mandatory reimbursement is likely to make customers less careful, thereby increasing the fraudsters’ chances of success. In the end, fraudsters are criminal enterprises. They will invest more if there is a higher likelihood of reward. The UK is already highly attractive due to low barriers (English is widely spoken globally and the UK’s payment system is highly digitised) and has made limited progress on prevention and law enforcement (see below). The case for small-time criminals and organised crime gangs to increase their scamming activities is compelling once the chances of success are even further increased by the mandatory reimbursement regime.
- Fraudsters posing as victims – Criminals may pretend to be “victims”. “Free money” is available for a fraudster claiming to be a “victim” knowingly taking part in being scammed and then being reimbursed. People in financial difficulties may also pose as victims for a “quick win.” We also expect criminals to intensify their efforts to recruit members of the public (known in the industry as money muling) to secure illicit fraud claims for a percentage of the reimbursement.
- Purchase disputes claimed as scam – Effectively the reimbursement regime acts as free product purchase insurance. There is the risk of any purchase dispute just being re-labelled a scam for the purposes of being reimbursed by the transacting financial institution. While it is less likely for new products, this problem may become substantial in any second hand sales.
It is hard to see how the above effects will not lead to a substantial increase in scams. To our knowledge no reliable estimates have been pushed; we have continued to call on these to be made available by policymakers. Off-the-record industry experts suggest that scams might more than double to £1.5bn.
Reimbursements may cost a household on average over £50 a year
The reimbursements costs of £700m (today) to £1.5bn (potential) are so substantial that they will need to be passed on to customers once financial institutions have to reimburse scams.
While the headline of financial institutions reimbursing may sound attractive in the first instance, the fact that in the end all customers will pay for reimbursement is not well understood.
Focusing on the very high maximum amount that can be reimbursed of £415,000, the UK’s Payments Association has already warned that mandatory reimbursement is “simply not proportionate”.6 Even if the maximum was to be reduced by the PSR, the economic impact of the reimbursements is just too high to be absorbed by financial institutions. Payments are a very low margin business. Directly (through charges) or indirectly (through other products) costs will need to be passed on to customers to pay for mandatory reimbursement. Some players may not find this possible and withdraw from the market or particular customer segments, reducing competition to the detriment of customers.
Therefore ultimately, the reimbursements of victims will be paid by all customers in one way or another. The cost of the collective insurance is likely to amount to a £25-53 charge a year per household.7 To put this into perspective, £53 is the equivalent of a 0.25 penny increase in the rate of basic income tax.8
The ultimate economic effect is that up to £50 per year per household will end up in the hands of fraudsters.
Impact on speed of payments and control of funds
There will be a negative impact on service for customers wanting to make Faster Payments. In an effort to reduce the substantial costs of the mandatory reimbursement, financial institutions will hold and block more transactions and accounts for review and investigation. Payments in the UK will become much more burdensome.
This will lead to poor overall customer outcomes: everyone will pay more and face the burden of additional controls and even the victims, while financially reimbursed by direct and indirect charges on all banking customers, will be subject to the mental health stress of more scams.
Prevention and law enforcement should be prioritised
We believe that the focus should be on prevention and law enforcement instead of reimbursement. This is where progress urgently needs to be made.
Social media is the source of 76 percent percent of all scams.9 Not only do social media companies financially benefit from the advertising revenues of scams, they have the most relevant information that would help to prevent scams in the first place. Whereas financial institutions have to second guess scam transactions largely relying on pattern recognition, the limited data that is shared between financial institutions but often unrelated to the specific transaction, and the blocking of transactions at scale to investigate where there is suspicion, social media companies know all the detail from the advertisements and messaging that is going on on their platforms. Yet they are not required to share any data and have been exempted from the reimbursement regime. The new Online Safety Bill puts some obligations to prevent fraud on these platforms and the Government negotiated an Online Fraud Charter with the tech sector. But the charter is a voluntary agreement and the impact has yet to be seen.
Not only is prevention-at-source wanting, law enforcement needs scaling up to catch criminals once a fraud is committed. While fraud in general makes up about 40% of all crime, it receives only 1% of police resources.10 The Conservative government, under Prime Minister Rishi Sunak, promised 400 additional officers11, unlikely to be enough by a wide margin given the scale of scams. The National Crime Agency (NCA), City of London Police (responsible for coordinating the fight against fraud nationally) and local police forces just do not have the required resources. Fraud, despite clearly documented evidence from banking transactions and Know Your Customer (KYC) information identifying the perpetrators, is rarely followed up creating an environment where fraud pays. Small-time criminals as well as front persons of international criminal gangs benefit at scale in this environment where conducting fraud has no, or little, consequences.
The advent of generative AI, while bringing immense benefits, unfortunately hands fraudsters another tool to increase the sophistication and ramp up the scale of their scams. The new mandatory reimbursement rules are likely to inadvertently boost the incentives to leverage this technology to the fullest. We have already seen signs of deployment by fraudsters.
It’s vital that the authorities ramp up their action on prevention and law enforcement without delay.
Tide’s recommendations
With fraud poised to accelerate when the new regulation kicks in, we are calling on policymakers to significantly step up their fight against fraud.
On Reimbursement
- Quantitative impact assessment of policymakers to be made public. This allows a better assessment of the scale of the likely impact and allows law enforcement and industry to adequately prepare. It will also facilitate a public debate about whether the general public is willing to pay – directly or indirectly – for collective insurance that is the economic effect of mandatory reimbursement.
- Postponing or at least careful phasing in of any reimbursement regime starting once prevention and enforcement measures are in place. Even with some clarity on the expected outcomes is made available, there will be significant uncertainty. In the face of such risks, it seems to us that postponing or at least phasing in – with a clear ‘kill switch’ if fraud were to spiral out of control – should be considered. This would also allow prevention and law enforcement progress reducing the risks.
- Inclusion of Social Media and Telecoms in the reimbursement regime. Leaving fairness and the commonly accepted legal principle of “polluter pays” aside, this is vital to encourage prevention-at-source.
On Prevention
- Mandatory data sharing: mandatory data sharing to prevent fraud by expanding the existing Confirmation of Payee (CoP); or equivalent services. CoP, an existing service that allows Tide to check whether the name of a payee matches the account and sort code details provided, should be extended. This service can make a vital contribution to preventing fraud:
- Mandating all financial institutions to take part in CoP, as currently not all of them are
- Mandating Payment Service Providers to add risk assessment data (e.g. how many non-fraudulent transactions they have undertaken)
- Mandating social media and telecommunications companies to maintain adequate records of all their advertisers and users, and contribute to CoP data by linking in their records (e.g. via the payment details they hold on advertisers)
- Customer choice: giving customers a choice about the level of fraud protection they seek. This will empower customers with more complex needs the opportunity to opt out of fraud controlling and transaction blocking.
On law enforcement
- Anti-fraud tax: Tide has repeatedly called for a fraud tax on the entire value chain from social media (where much of the fraud originates) to telecoms (where much of the fraud communications take place) to financial institutions (where the payments run through). UK Finance states that 76 percent of scams originated from online sources and 16 percent of cases originated in telecommunications.’12
A very small levy of less than 1p on each post, call/SMS and payment transaction could fund the large law enforcement effort required without stretching HM Treasury‘s tight public finances.
Our calls for actions are not alone with – most recently – CIFAS, the UK’s fraud sharing data, intelligence and learning service, called for drastic improvements to fraud prevention and enforcement through its Fraud Pledges 24 initiative. Rarely has there been such universal call for action by the three key industry bodies: The Payments Association, UK Finance and Innovate Finance. The Home Affairs Committee supported the call for drastic action after its review of the state of fraud in the UK and HM Treasury said there were “significant problems”13 with the proposed mandatory reimbursement rules.
Despite our concerns about unintended consequences of reimbursement, we remain fully committed to playing our part in the fight against fraud:
- Tide has intensified its efforts to ensure we are systematically ready for the PSR October’s deadline and that our members are further protected
- Investing heavily in advanced machine learning models to better detect potential fraud
- We participate in Confirmation of Payee – we call for this to be made mandatory across the industry
- We continue to work with agencies, including law enforcement (such as the Police and the National Crime Agency), CIFAS, UK financial trade bodies (including UK Finance and Innovate Finance), Stop Scams UK, amongst others, to ensure our members and their money are protected
Sources
- The Telegraph, 6 May 2024: One in 50 crimes start on Facebook and Instagram
- UK Finance Annual Fraud Report 2024 (reporting for 2023): £459m for APP Fraud losses for 2023
- Visa’s The impact of APP scams white paper
- £459m is the reported figure for APP Fraud losses in 2023, according to UK Finance. It does not include any unreported APP Fraud.
- Tide is a PSP
- Bloomberg, 15 May 2024: Payment Firms Urge UK to Scale Back Fraud Victim Plan
- £700m to £1.5b of potential reimbursement costs to be passed on directly or indirectly to 28.4m UK households (£25 to £53). ONS: Families and households in the UK: 2023
- 1p of basic rate income tax estimated to yield £6b p.a. HM Revenue and Customs Statistics: Direct effects of illustrative tax changes
- UK Finance Annual Fraud Report 2024 (reporting for 2023): p.7
- City AM, 10 May 2024: From Lloyds Bank to UK Finance, here’s who’s paying for the City of London police
- Gov.uk: World First Agreement to tackle online fraud
- UK Finance Annual Fraud Report 2024 (reporting for 2023): p.7
- Financial Times, 20 May 2024: UK City Minister hits out at watchdog’s fraud refund plan