In an unprecedented move, the Payment System Regulator (PSR) confirmed new mandates for payment companies and banks that will go into effect in early 2024. New rules aim to ensure victims of Authorised Push Payment (APP) fraud get reimbursed and help mitigate attacks.
The fraud liability shift has a far-reaching impact on an industry and individual level. It adds another layer of complexity for financial institutions (FIs) fighting sophisticated, prolific APP fraud and new account fraud (NAF). Not only does it make it difficult for FIs to safeguard their institutions and customers, but it can also significantly impact their revenue and cost base.
Regardless of whether you're an incumbent or a challenger, you need to act fast to strengthen your fraud prevention approach because the PSR proposed regulations make your institution accountable for fraud—even if the victim authorised the payment.
This liability shift’s challenges and opportunities were the main topics of discussion in a webinar hosted by The Paypers featuring moderation by Conny Dorrestijn of Shiraz Partners, a Fintech entrepreneur and industry-recognised thought leader in European Fintech; Rob Rendell, Global Head of Fraud Market Strategy and Prevention and Subject Matter Expert at NICE Actimize; and Robert Brooker, Head of Fraud & Forensics at PKF GM.
This blog covers the liability changes that affect both your institution and your customers. It explores how you can transform your fraud detection strategies to protect your customers, assets, and reputation against risk.
Currently, in the case of APP fraud, it’s not always easy for victims to get their money back. The new PSR scheme will establish a timeline for reimbursement that will likely range between four and five days, which has potential long-term implications for both consumers and banks.
A critical consideration of the liability shift is the possibility of consumers becoming less cautious, because in the majority of scenarios, the victim will be fully reimbursed, and that onus is no longer their burden. This could open the door to a new trend of collusion between scammers and a rise in first-party fraud and false claims associated with APP scams.
APP fraud is a major threat, especially in the UK, where APP fraud losses totalled GBP 485 million in 2022. On a global scale, NICE Actimize has documented a 146% increase in the year-over-year (YoY) attempted dollar amounts for fraud and a 92% increase in attempted fraud transactions YoY. At a more granular level, data from NICE Actimize indicates a 17.4% increase in APP scams globally. This is all driven by the global adoption of real-time payments, which is anticipated to reach USD 5.2 trillion by 2028.
Under the new PSR reimbursement model, FIs could face higher fraud losses and may have to double fraud loss reimbursement plans given the shared 50/50 liability split between the sending and receiving bank. While we’ve seen banks making substantial strides in establishing digital controls to mitigate new account fraud, it’s particularly challenging to identify APP scams because the victims are executing the transactions themselves.
Despite the 17% decrease YoY in scams in the UK market, this is only what’s been reported as part of the CRM process. Many industry insiders expect that scam dollar amounts and reporting will spike in 2024 and 2025.
Money mules are another top concern for FIs. Our research shows that on new accounts that turned fraudulent in 2022, 59% demonstrated money mule activity within the initial 45 days. ‘Fraudsters are getting crafty; they’re getting into these accounts on the books at financial institutions and then very quickly turning around and doing fraudulent acts with new accounts,’ Rob Rendell explains. ‘We saw this throughout the pandemic where PPP (Payment Protection Program) fraud and unemployment benefits all had to work their way out of state agencies and government agencies into the financial institutions and then move from the financial institutions back out into the ecosystem. The money mules were the pathway for that to happen.’
‘Fraudsters are getting crafty; they’re getting into these accounts on the books at financial institutions and then very quickly turning around and doing fraudulent acts with new accounts.’ – Rob Rendell
Fraud trends are often cyclical. If we look back at 2008 during the last economic downturn, first-party fraud drastically increased because of constraints on consumers. Due to economic stressors, typically good customers were increasingly committing first-party fraud.
With a potential global economic crisis looming, FIs may experience a mirroring of this surge in first-party fraud activity in the near future.
In response to the trajectory of these fraud trends against a backdrop of economic and liability shifts, FIs must transform their fraud detection methodologies. This requires a transition from detection at the start of the transaction to coverage across the entire fraud life cycle to ensure they’re effectively identifying the markers of complex risk.
Although the PSR is a UK-based organisation, other countries will likely follow suit, particularly considering that liability extends to overseas transactions. Already the urgency to implement more advanced, holistic monitoring and detection approaches to combat threats and scams associated with real-time payments isn’t isolated to the U.K. FIs in the U.S., for example, face growing pressure from the Consumer Financial Protection Bureau (CFPB) to respond via real-time detection capabilities to the growing influx of consumers falling prey to scams.
For FIs, the impact of the unfolding regulatory and fraud landscape goes well beyond fraud losses. ‘We now know that for banks there’s more on the line than just money,’ says Conny Dorrestijn. ‘It’s also the reputation. In general, as much as consumers will do anything to prevent it because they know what a hassle it is when [scams] happen, banks will do everything possible to prevent it because of the reputation risk.’
‘We now know that for banks there’s more on the line than just money; it’s also the reputation.’ – Conny Dorrestijn
However, implementing the tools to mitigate real-time fraud and scams and protect their customers can be difficult given the breadth of existing cost issues and other burdens. So how should FIs start?
Historically, fraudsters were often more circumspect, operating in the dark web and hiding in encrypted messaging boards and apps. Now, they’re increasingly bold and operating out in the open on platforms like Facebook and WhatsApp. Their evolving behaviours demand a corresponding evolution from a fraud prevention standpoint.
From a process, technology, and collaboration perspective, FIs must address these changing behaviors. And they must embed these strategic tactics into their fraud prevention programs:
FIs that leverage data more effectively via next-generation AI, data intelligence, real-time behavioural analytics, and purpose-built machine learning models will have more accurate data that speeds up decision-making. These capabilities enable FIs to obtain a contextual, complete view of customers throughout all payment types and channels. Using high-quality data helps FIs to accurately identify unusual customer behaviours and activity and recognise specific social engineering scams and fraud typologies, while enhancing fraud analyst productivity and efficiency.
‘Ultimately, there’s a lot of responsibility on PSPs and consumers, and we need to get that balance right in the first place to ensure it’s set up correctly, and then I do feel it will make a difference,’ Robert Brooker concludes. ‘Because if we don’t get it right then, unfortunately, we’ll probably be encouraging fraudsters as opposed to deterring them.’
‘Because if we don’t get [the balance] right then, unfortunately, we’ll probably be encouraging fraudsters as opposed to deterring them.’ – Robert Brooker
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now