Proposals for industry body Pay.UK, which itself is sponsored by the banking industry, to enforce reimbursements for scam victims are “fundamentally flawed”, according to the Treasury Committee.
The UK’s economic regulator Payment Systems Regulator (PSR) had proposed that banks and building societies be responsible for the full reimbursement of victims of an authorised push payment (APP) scam. All reimbursements should be completed within two days of the fraud being reported in any cases in which the loss is over £100.
The PSR also proposed to hand the responsibility of implementing the mandatory reimbursement to Pay.UK. The Treasury Committee revealed concerns regarding handing over the implementation to the industry body.
The Committee suggested that Pay.UK would have a conflict of interest. Because the financial services industry guarantees Pay.UK, this conflicts with the body’s ability to enforce APP scam reimbursement rules. The situation is not made easier as many banks and building societies are strongly opposed to the reimbursement proposal.
Alongside a conflict of interest, the Treasury Committee suggested that Pay.UK represents a poor choice to carry out the work; as it has no regulatory or enforcement powers. Because of this, it could struggle to ensure that banks and building societies comply with the rules.
MPs have suggested that the PSR take control of its proposed process itself as one solution.
APP scams occur when a fraudster tricks someone into transferring money into another account. In 2021 victims were defrauded of over £583million as a result of APP scams alone.
The first half of 2022 saw APP fraud amount to around £250million. This figure represents almost half of total losses from fraud in that period. In November 2019, the Committee called for reimbursement of victims to be made mandatory for the entire financial services industry.
Harriett Baldwin MP, Treasury Committee chair, explained the flaws in the PSRs proposals. She said: “Victims of fraud have been waiting far too long for a fair and functional scam reimbursement scheme. However, while these new proposals are a step in the right direction, the way the regulator plans to implement them is fundamentally flawed. Putting an industry body in charge of reimbursing scam victims is like asking a fox to guard the henhouse.
“The regulator needs to take back control of the reimbursement process, rather than leave it in the hands of an industry body which is inherently conflicted.”
The issues with the PSRs proposed implementation plans may have created an opportunity for the banking industry to slow down the introduction of such plans. MPs have called for mandatory reimbursement to be fully implemented by the end of 2023.
Unfairly damaging open banking?
The PSR has proposed that the funding of scam reimbursement be split 50/50 between the sending bank and the recipient bank. Robert Sullivan, public policy & strategy director for Token, suggests that because payments initiated via open banking would be included in this, open banking-enabled A2A payments could be negatively affected.
The current proposals could result in banks introducing more warning screens and steps to A2A payment consent and authentication journeys. This could add more friction to the use of A2A for retail payments.
Sullivan also explained that there is a risk of banks slowing down payments as a result of these proposals. For example, by introducing a lower threshold for payments that are escalated for enhanced fraud checks.
Unnecessary for open banking-enables A2A retail payments to merchants
For these types of payments, merchants partner with a payment provider that pre-populates the merchant’s payment account details for consumers. Such a step ensures consumers do not change these following the demands of an APP scammer.
Merchants using open banking A2A payments are subject to additional due diligence by their open banking payments partner. This also means that merchants are at much lower risk of themselves being scammers.