Payment scam victims protected under voluntary bank code
29 May 2019
Victims of Authorised Push Payment (APP) scams are now more likely to get their money back following the launch of a new banking industry code, amid warnings that banks are being slow to use technology in the fight against financial crime
29 May 2019
The APP Code, developed by consumer groups and the banking and payments industry, follows work led by the Payment Systems Regulator (PSR). Banks which have signed up to the code have committed to deciding whether to reimburse victims of APP within 15 working days.
APP is a form of fraud where scammers trick victims into authorising a payment to another account. The fraudster can often pose as someone who has been employed by the victim, such as a builder or solicitor. The criminals then send the victim a fake invoice to get them to send money to a bank account controlled by the fraudster.
From the customer perspective, they are duped into transfering across Faster Payments, CHAPS or an internal book transfer, authorised by a customer in accordance with regulation 67 of the PSRs. This includes instances where the customer intended to transfer funds to another person, but was instead deceived into transferring the funds to a different person; or they transferred funds to another person for what they believed were legitimate purposes but which were in fact fraudulent.
During the first half of 2018, consumers lost £145.4m because of APP scams, while just £31m was returned, according to UK Finance.
The majority of the leading high street banks and building societies have signed up to the voluntary code, including Barclays, HSBC and Santander, and the protection will be available to individuals and micro businesses, as well as small charities as defined in regulation 2(1) of the Code.
The Code covers consumers who enter contracts for payment services, who are acting for purposes other than a trade, business or profession; micro businesses which employ fewer than 10 persons and whose annual turnover and/or annual balance sheet total does not exceed £1.75m (€2m); and smaller charities with annual income of less than £1m.
There is a recommended 15-day limit for firms to make a decision as to whether or not to reimburse a customer without undue delay, and in any event no later than 15 business days after the day on which the customer reported the APP scam, other than in exceptional circumstances.
Chris Hemsley, co-managing director of the PSR said: ‘APP scams can have a devastating impact on the people who fall victim to them. The code is a major step-up in protections and it reflects our strong belief that if somebody has done everything they can reasonably do to protect themselves, they should be reimbursed.’
Stephen Jones, chief executive of UK Finance, said: ‘In situations where both the customer and their payment service provider meet the required standards set out in the code, a customer of a firm signed up to the code who falls victim to APP fraud will still receive their money back.’
However, there have been calls for banks to make greater use of technology and artificial intelligence in the fight to prevent such frauds. Alex Boothroyd, senior banking fraud solutions specialist, SAS UK & Ireland, said: ‘All banks should be making a greater effort to leverage technology to combat scams and provide a safety net for customers that fall for highly sophisticated criminal techniques.
‘A sluggishness to implement suitable measures could cost banks millions if they simply deal with the repercussions of fraudulent activity, rather than tackle the issue at the outset and prevent fraud happening in the first place.’
Banks that have signed up to the code include: Barclays, HSBC (including HSBC, First Direct, and M&S Bank); Lloyds Banking Group (including Lloyds Bank, Halifax, Bank of Scotland, and Intelligent Finance); Metro Bank; Nationwide; RBS (including Royal Bank of Scotland, Natwest, and Ulster Bank); Santander (including Santander, Cahoot, and Carter Allen); and Starling Bank.
Payment Systems Regulator, Contingent Reimbursement Model Code for Authorised Push Payment Scams, effective 28 May 2019 https://appcrmsteeringgroup.uk/wp-content/uploads/2019/02/APP-scams-Steering-Group-Final-CRM-Code.pdf
Report by Phil Smith, Sara White