The pervasiveness of authorised push payment (APP) scams, a scourge costing billions worldwide, is propelling the banking industry into a fresh era of accountability and collaboration. As fraudsters persistently exploit consumers & businesses, the new Payment Systems Regulator (PSR) consultations pursue vital questions: How can financial institutions safeguard the public from scams more effectively? And what roles do the banks play in this new frontier?
The core issue lies in rectifying a long-standing imbalance - the focus on monitoring outbound transactions for fraud while the inbound ones remain largely neglected. But with the PSR's new regulations, the tide is changing.
There will be a renewed focus on identifying and closing mule accounts, in order to disrupt scammers' capabilities to dupe consumers out of potentially life-changing sums of money.
The PSR requires banks to refund consumers for APP scams unless they are "grossly negligent," although it does not identify what that means. Still, for the first time, the policy spotlights both sending and receiving banks by splitting fraud liability equally between them.
Banks do scrutinize inbound transactions, but primarily from an anti-money laundering (AML) perspective, not for fraud prevention. Can they simply use their AML technology to meet this requirement? Sadly, the answer is no.
AML technology is very important, but it is not efficiently equipped to meet the novel requirements of monitoring inbound payments in real-time for fraud prevention. This task requires technology similar to that used for transaction fraud, which can handle real-time, large-scale decisions.
Most banks are shifting towards unified systems instead of creating siloed structures. Their aim is to extend their transaction fraud solutions to inbound payment monitoring. If successful, this could lead to greater efficiency. However, it is not as clear-cut as it sounds. Inbound payment data is sparse and may not be sufficient to effectively detect money mule accounts when analysed in isolation. Therefore, banks need to quickly determine whether their current tech stack is suitable for inbound payment monitoring and, if not, identifying the necessary adjustments that need to be made.
While there is some debate about the exact timeline for the implementation of the regulation, there’s little doubt that it will eventually be put into effect . Here are some critical steps banks can take today to prepare for inbound payment fraud prevention:
Preparing technology stacks for the regulation isn’t enough. We must also consider the societal impact. Though a significant stride forward, the PSR regulation presents intricate complexities and potential challenges. While it aims to protects scam victims, its execution must be handled delicately to avoid inadvertently creating an army of underbanked individuals, especially among the vulnerable customers the regulation intends to shield.
There has been a notable uptick in the number of young people becoming mules. If we don’t get it right, there could be dire consequences for these young individuals. For example, a nineteen-year-old who either wittingly or unwittingly agrees to deposit GBP 500 into their account with the promise of keeping GBP 100 may not fully understand that they could face a potential lifetime of financial exclusion due to their involvement in the mule scheme. Just imagine thousands of individuals unable to secure loans, credit cards, bank accounts, or even jobs.
It is, therefore, critical that the right tools are used, and appropriate care is given to decisions regarding whether an account is a mule account or not, as the consequences of getting this wrong could also be huge. This will be the balancing act that banks have to face in the ongoing fight against the rise of scams.
Yet, amidst the challenges, the PSR regulation is fostering a remarkable transformation: fortified collaboration among banks. There are multiple groups working to enable banks to collaborate better and create additional data points that can be used to gauge the risk level of beneficiary accounts. This cooperative approach and data sharing among banks can expedite mule account identification and communication, significantly mitigating fraud risks.
Moreover, although originating in the UK, the PSR regulation is now attracting global attention. Banks around the world recognise the necessity to confront the menace of scams and implement regulations for scam liability. The rising demand for scam liability and the imperative to fortify public trust in the financial system indicate the global acceptance of this next stage of fraud prevention.
Hardeep Rai is Head of Product, Fraud & Identity at Feedzai. He has over 10 years of experience in banking and the financial services industry. Prior to joining Feedzai, Hardeep held several roles at Lloyds Banking Group where he remained until 2020 when he was Senior Product Owner in Fraud Prevention & Auth Lab. He joined the Feedzai team in 2020 and is the current Head of Product, Fraud & Identity, where he helps the fight against the ever-evolving financial crime landscape, fraud prevention, and identity theft. He earned his Bachelor of Science in Economics from the University of Birmingham.
Feedzai is the world’s first RiskOps platform, protecting people and payments with a comprehensive suite of AI-based solutions designed to stop fraud and financial crime. Feedzai is trusted by leading financial institutions to manage critical risk and compliance processes, safeguarding trillions of dollars of transactions while improving the customer experience and protecting the privacy of everyday users.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now