Currently, in the United Kingdom, according to media reports, hundreds of local financial institutions and fintech companies are making every possible effort to ensure that their activities comply with the new anti-fraud rules in the payment transaction area.
All UK institutions and firms operating in the financial sector must fully begin to comply with the abovementioned standards by October 7. At the same time, the current summer period has become very difficult for the United Kingdom in terms of fraud activity.
New rules from the Payment Systems Regulator (PSR) stipulate that all UK banks, fintech companies, and payment firms must return funds to customers who have suffered as a result of fraudulent activity. It is also indicated in this case that clients who have lost money as a result of criminal interference must receive compensation for damages within five days from the moment of the relevant incident. At the same time, many companies are not ready to implement a key system, underlining the settlement framework. The relevant sentiments among the players of the financial industry of the United Kingdom are reported by the media, referring to insiders who are aware of the appropriate state of affairs.
Many companies and organizations note that they have not been given enough time to adapt to the implementation of activities under the new system of rules. It is worth noting that these are not all claims and factors of discontent on the part of the financial industry of the United Kingdom to the new regulatory initiative. Many companies and organizations also rated the quality of the consultation process extremely negatively.
The final version of the anti-fraud rules in the financial services sector was negatively perceived by a large number of companies. In the context of the relevant dissatisfaction, the main claim is a hefty ceiling on refunds. Charles McManus, the chief executive officer of ClearBank, says that the whole process of forming a new system of rules was sclerotic and ambiguous.
At the same time, the regulator adheres to the position that claims regarding its initiative are unfair. Kate Fitzgerald, head of policy at the watchdog, noted in a comment to the media that the process of advising on the new rules for countering fraudulent activity in the financial industry has been underway for more than two years. Also, in the relevant context, it was noted separately that the regulator still continues to interact with institutions and companies from the mentioned industry, to ensure the timely and effective implementation of a new set of financial security measures against the threat from criminals. Moreover, Kate Fitzgerald stated that the watchdog would like companies to migrate to the new arrangement, for which they had until Tuesday, August 20, to register.
Also, within the framework of the new anti-fraud rules in the financial industry, a kind of fundamental innovation is that the responsibility, which in the past practice was assigned exclusively to the sender of the payment, begins to extend to companies that provided both the initial implementation of the fraudulent transaction and the completion of this operation at the stage of receiving money by the end user of services. At the same time, not every bank and not every fintech firm has the tools necessary to detect and prevent all threats. It is worth noting that in the context of this problem, the use of a statement about the fault of a financial institution in its inability to counteract fraudulent activity is not correct or at least unambiguously correct. Many companies and organizations do not have the appropriate tools due to limited material resources due to the scale of their business. In addition, one should not ignore the fact that scammers are gradually improving the algorithms of their operations, as a result of which the detection of their activity becomes more complicated.
The new rules stipulate that the maximum reimbursement is 415,000 pounds ($540,300). For some financial institutions and companies, this amount is too large in terms of their respective capabilities. Also, as part of the potential implementation of a negative scenario involving an increase in fraudulent activity, the practice of refunds for some organizations and firms at some point may become what is actually a source of permanent damage.
At the same time, it is worth noting that the new rules do not declare something like the absolute rightness of the client, which becomes a dogma and cannot be challenged or questioned. Banks and fintech companies may not pay refunds if they can prove that the transaction was made possible under the impact of fraudsters due to the gross negligence of the client. At the same time, there is still no definitive understanding as to how the mechanism of proving the consumer’s guilt will function and which result of such a practice will be the most common. It is worth noting that in this case there is a risk that the proof of gross negligence will transform into the territory of demagogue competitions and partly abstract arguments. At the same time, the materialization of such risks is only hypothetical and does not belong to the category of what can be called a guaranteed scenario.
Despite the disagreements between the regulator and representatives of the financial industry regarding the new rules, there is a kind of common understanding that, against the background of the negative tendency of the growth of fraudulent activity, it is necessary to take measures to counteract the corresponding type of crime. In this case, the most problematic sector is so-called authorized push payment (APP) scams. In this case, the criminals, through deception and various kinds of psychological manipulations, force their victims to send money to accounts outside their control. In the United Kingdom alone, scammers, carrying out activities within the framework of the relevant concept, dogged millions of people. Last year, the total damage from this criminal activity was recorded at around 460 million pounds.
The current summer in the United Kingdom has been a particularly difficult period in terms of fraudulent activity. Local financial institutions have repeatedly warned their clients that criminals are coming up with new reasons to commit fraud to subsequently grab money. In the context of this challenge in the financial security sector, a very telling example is the fraudulent activity associated with an event such as concerts by Taylor Swift in London’s Wembley Stadium. Lloyds Banking Group Plc reported that more than 600 of its customers were deceived when trying to purchase tickets to the mentioned events. In this case, it implies interaction with scammers, which resulted in the loss of money for the victims. Lloyds Banking Group Plc reported that the personal damage of each customer who tried to buy a concert ticket amounted to about 332 pounds. Fraudulent activity caused several hundred people to face financial loss instead of immersing themselves in the world of live music.
The current state of affairs in the area of financial security contains clear and unambiguous signs of the need to take measures to counter fraud, which no one disputes. But at the same time, there is no agreement or compromise consensus on what strategy of action should be used to solve the problem. In this case, there is a risk that the search for a path may cause a lack of movement towards the goal.
Ben Donaldson, managing director for economic crime at industry lobby group UK Finance, talks about the desire to form such a compensation mechanism that would guarantee payments exclusively to genuine victims of crime. In this case, it was noted that the problem with the new rules is the priority of reimbursement over the prevention of crimes. Ben Donaldson says that an appropriate approach can make the situation worse. In this case, it implies a potential deterioration of the current state of affairs in the area of financial security. Ben Donaldson also suggests that the level of fraudulent activity will show an increase.
Currently, the issue of reimbursements to customers of banks and fintech companies affected by fraud is also being discussed in many European countries. Local regulators strive to establish mutual understanding with banks. In this context, attention is also drawn to the role of Big Tech in ensuring financial security and defining such a concept as gross negligence. In the European Union, there is an attempt to form such a system to counter fraud in the financial industry, which could later become a kind of platform for global following.
PSR claims that its approach stimulates lenders and payment companies to prevent crimes. The watchdog also notes that this concept provides permanent protection for victims.
The new rules were also radically negatively perceived by parties that typically receive more payments deemed fraudulent for every million pounds of transaction. As part of past practice, the receiving companies had no obligations related to the payment of refunds. Now 50% of the corresponding amounts will become their burden.
There is a widespread opinion among experts that the amount of refunds provided for by the new rules may become an obstacle to the implementation and scaling of innovative functional solutions in the financial industry. This factor can also potentially cause bankruptcy of fintech companies at an early stage of existence. Finance executives warn that the new rules may have a negative impact on the behavior of customers of banks and fintech firms. In this case, it is assumed that consumers, knowing about the mandatory compensation for damages, will act less cautiously as part of the transactions and will be more inclined to make and implement risky decisions. If such a scenario materializes, there is a high probability that a significant increase in fraud will be recorded.
Natalie Kelly, chief risk officer for Visa Inc.’s Europe operations, says attempts to stamp out these scams are like playing Whac-a-Mole.
Data from the United Kingdom Government indicates that nine out of ten local Internet users have experienced fraud in the digital environment.
It is worth noting that in the United States, increased attention is also being paid to ensuring security in the financial industry. In this case, even the giants of Wall Street found themselves in the zone of what can be called regulatory interest. The US Consumer Financial Protection Bureau is investigating how JPMorgan Chase & Co., Bank of America Corp., and Wells Fargo & Co. are handling and protecting victims on their Zelle payments network. It is worth noting that members of the Democratic Party in the Senate accused these banks of insufficient efforts to counter the threat.
According to preliminary estimates, by 2028, the total amount of losses from APP fraud in the six leading real-time payment markets, including India, Brazil, the United Kingdom, Australia, the United Arab Emirates, and the United States, will reach about $8 billion. This forecast is contained in a joint report by Miami-based global payments software maker ACI Worldwide Inc., and GlobalData.
It is worth noting that the dissatisfaction of the financial industry of the United Kingdom with the new rules received some kind of political support from the previous government of the country. The PSR’s then-managing director Chris Hemsley resigned in early June. Currently, the mentioned support has actually been canceled.
In the United Kingdom, financial institutions that are leaders of the local banking system and their digital competitors, including ClearBank and Revolut Ltd., insist that large technology companies should share some of the burden of paying damages from fraud. This position is based on the statement that most of the relevant crimes are committed on social media platforms. Revolut’s UK chief executive officer Francesca Carlesi says her company is preparing for new rules but also wants to make sure that fewer and fewer people in the United Kingdom are impacted by fraud.
Tony Craddock, director general of the Payments Association, is a lobbyist for delaying the entry into force of the new rules. According to him, an assessment of the actual costs has not been carried out. He also drew special attention to the lack of clarity regarding what corresponds to such a concept as gross negligence. It is worth noting that many experts and analysts say that the lack of unambiguous formulations that do not imply any kind of ambiguity or the possibility of different interpretations can lead to deterioration or even cancellation of the effectiveness of any rules. It is also important that in this case, potential demagoguery can be used by both financial institutions, fintech companies, and users. It implies the formulation of such interpretations that are most beneficial from the point of view of the interests of the mentioned parties.
Tony Craddock published a post on LinkedIn that contained a statement about some signs that the United Kingdom government may be going to instruct the PSR to either delay or dilute the APP fraud rule changes.
Representatives of the UK payment industry also note that Pay.UK — the organization that’s setting up the communication infrastructure between sending and receiving banks to settle reimbursements — won’t have on-boarded all of the roughly 1,500 banks and firms by the October 7 deadline. This means that it will probably be necessary to perform some settlements manually. There is also an opinion that the old and new rules will work in tandem.
As of mid-August, one demo of the new system had been held. At the same time, there was not a single test run. The relevant information was published by the media with reference to insiders who used the right of anonymity and noted that this data does not belong to the public category.
A representative for Pay.UK said its system is ready. Also, in the relevant context, it was noted that this system will be fully functional for in-scope payment service providers who need it by the deadline in October. Currently, the mentioned organization is focused on gaining hundreds of companies that have already faced the problem of fraud.
PSR has expressed its interest in forming an understanding of how companies are moving forward following its requirements.
It is worth noting that about five years ago, financial institutions practically did not protect customers who were victims of fraud or risked facing related problems. Since 2019, the ten largest banks in the United Kingdom and their units, including Barclays Plc, Lloyds, HSBC Holdings Plc, and NatWest Group Plc, have voluntarily signed up to the Content Reimbursement Model Code under the Lending Standards Board. Also, some small companies, which are not covered by the mentioned code, return the money voluntarily.
Since the launch of the code, the amount of reimbursement has more than tripled. Also against this background, a practice has developed among scammers, according to which they prefer to attack clients of companies that do not have the specified voluntary obligations. The corresponding position of criminals is related to the fact that organizations and firms that have joined the code or simply comply with similar norms have improved their capabilities to counter threats.
According to the payments watchdog, 67% of the total funds lost by victims of fraudulent activity were reimbursed in the United Kingdom last year. At the same time, there are very different indicators of relevant activity among banks. Some financial institutions reimburse 90% of the funds, while other lenders pay less than 10% of the total amount of money stolen by fraudsters from their clients.
Sara Cass, chief compliance officer at IFX Payments, says that issues related to the activities of hundreds of small companies under the new rules are still relevant.
It is worth noting that, with a high degree of probability, scammers will also prepare for October 7. Criminals are reacting to new methods and systems of counteracting their activities.
As we have reported earlier, UK Banks Cut Costs.
