One of the main facets of our Customer Success team at Callsign is to stay abreast of the latest developments in the fight against economic and financial fraud. This goes beyond understanding the latest changes – as fraud SMEs, it’s also about making sure we’re assessing the potential positive and negative impact for our customers.
One such meaningful change to this landscape is the UK Payment Systems Regulator's (PSR) new reimbursement requirement for Authorized Push Payment (APP) fraud within faster payments. This comprehensive framework is set to come into place in early 2024 and aims to protect victims and promote accountability within the financial system.
The framework consists of several key policies, and in this blog post I will delve into their significance, and the potential impacts to Payment Service Providers (PSPs) and their customers in combating financial fraud.
This could essentially create a de-banked population of vulnerable customers.
Reimbursement Requirement: Safeguarding Victims
The PSR's reimbursement requirement ensures that sending PSPs reimburse almost all customers who fall victim to APP fraud. By extending this protection, the policy prioritises victims' rights and establishes a robust framework for reimbursement.
The exceptions to this are:
- civil disputes
- payments which take place across other payment systems
- international payments
- payments made for unlawful purposes.
The exceptions above, whilst understandable from a UK policy perspective, may lead to an increase in fraud for a period. This was called out in the June Response to the Consultation, and while this is to be expected, there is much that PSPs can do to mitigate this. One area we’ve been working on with our clients to mitigate this is around our fraud models, which are helping improve the detection of first-party fraud.
Another area which will need particular attention and clarification is the use of international payments and crypto currency systems to exit the funds. As we know, fraudsters attack the weakest link in the chain and with these channels not being incentivized to collaborate, split the financial losses, or be reported within the biannual APP balanced scorecard, they may be targeted as the less protected exit points within a PSP.
Cost-sharing: Collaboration for a Safer Financial Ecosystem
To foster a sense of collective responsibility, receiving PSPs are mandated to pay sending PSPs 50% of the reimbursement amount. This cost-sharing approach encourages PSPs to work together, making fraud prevention and reimbursement a shared objective across the financial ecosystem.
It makes sense that PSPs who currently have over their market share of mule accounts will start to introduce more stringent onboarding policies. As a receiving PSP, they will now be mandated to cover 50% of the reimbursement value, which is a cost of fraud they had not previously catered for. This may lead to PSPs reacting more severely to mule accounts. As fraudsters target individuals to use their account as a mule, it could lead to vulnerable people being left with no bank account and a flag against their identity when trying to open new accounts. This could essentially create a de-banked population of vulnerable customers.
From a collaboration perspective, several of our clients already perform inbound payment assessments. This is where they evaluate their own receiving accounts for mule risk at the point a faster payment is being received. So, the data is already there for most PSPs and the sharing of this data will be a seismic shift in reducing APP fraud.
Exceptions for Fraud Claims: Balancing Accountability and Victim Protection
While the reimbursement requirement covers most cases, exceptions exist – or instance, where customers have acted fraudulently or with gross negligence. This policy strikes a balance between holding individuals accountable for their actions and ensuring genuine victims receive the support they need.
At Callsign we are already using a combination of indicators to identify first-party fraud for our clients. Via temporal models, behavior analysis, and insight into telephony data we can provide real insight into APP scams and a customer's behaviour within a session.
The operational costs for PSPs to support this process could be astronomical.
Timely Reimbursement: Swift Justice for Victims
Recognizing the importance of timely restitution, sending PSPs must reimburse customers within five business days. The ability to pause the reimbursement process in specific cases ensures a fair assessment while prioritising the rights of the victim.
The operational costs for PSPs to support this process within the 5-day time scales could be astronomical. It will require near real-time integration with all PSPs to notify any fraud attacks, coupled with fraud analysts’ time and effort which will be needed to investigate and speak with affected customers at length.
Claim limits and excess: Striking the Right Balance
By removing the previous minimum threshold of £100 for APP fraud claims, the PSR ensures that victims, regardless of the amount involved, are eligible for reimbursement. While the PSR has not proposed a maximum level of reimbursement for APP fraud claims, ongoing discussions may lead to future guidance. .
The option to apply a claim excess empowers sending PSPs to mitigate the risk of fraudulent claims. Through consultation, the appropriate level for this excess will be determined, aiming to find a balance between discouraging false claims and providing support to genuine victims.
To promote timely reporting and discourage delayed claims, sending PSPs have the option to deny APP fraud claims submitted more than 13 months after the final payment to the fraudster. This policy incentivises victims to come forward promptly and enhances the effectiveness of investigations.
Striking the right balance between providing adequate restitution and managing potential financial risks is crucial for sustainable fraud prevention measures. Clarity around this point (particularly reimbursement limits) will help organizations in determining the policy action on the payment.
Vulnerable Customer Protection & Addressing Complex Fraud Scenarios
Recognizing the unique challenges faced by vulnerable customers, the PSR mandates that the claim excess and customer standard of caution must not be applied to them. This safeguard ensures that those at higher risk receive the necessary protection and support.
The reimbursement requirement extends its protection to cases where customers are deceived into authorizing payments to accounts controlled by fraudsters. This inclusive approach acknowledges the multifaceted nature of financial fraud and provides comprehensive coverage for victims caught in these "multi-step" fraud cases.
This ethos is at the core of how we design solutions for our customers. When you truly know your customer and you know their behavior, you can accurately manage the trade-off between an opportunistic fraudster and a true victim. What makes this significant is the potential this provides to automate the training of aftercare claims, which remains a significant operational challenge for several banks we have talked to.
A step in the right direction
The UK PSR's new reimbursement requirement represents a significant step in the fight against economic and financial fraud.
There’s likely any doubt that these key policies within the regulatory framework ensure protection for victims and promote accountability among PSPs. However, as with the introduction of Strong Customer Authentication (SCA) a number of years ago, the industry will need to implement yet another bolt-on to a legacy system or face the situation and costs of an infrastructure transformation programme to meet these changes. Alternatively, you could partner with experts in this sector like Callsign, where our vision for the last decade has been to deploy an immensely flexible Orchestration Engine, which will make adherence to these new regulations possible via simple policy changes and limited integration effort.
Together, we can create a more flexible and secure financial ecosystem, fostering trust and safeguarding the interests of individuals and businesses alike.