Ever heard of “Authorised Push Payment” (APP) scams?
APP scams are a type of bank account fraud that so concerns leading UK watchdog Which? that it submitted its first “super complaint” to the UK’s Payment Systems Regulator (PSR) in September 2016.
The PSR has responded – but have so far resisted calls to make banks do more to reimburse consumers.
What is an APP scam?
APP stands for Authorised Push Payment. A “Push Payment” describes a direct payment made from a consumer’s bank account to another account (like a Faster Payment, CHAPS or Bacs payment). Such a Push Payment is Authorised when the consumer gives consent for the funds transfer.
Note that a “Pull Payment” is used to describe credit and debit card payments as well as Direct Debits. And also note that, unlike APP fraud, “unauthorised payment fraud” refers to situations where payments are made without the knowledge of the consumer.
How many APP scams happen each year?
The PSR estimates “an annual volume of APP scams in at least the tens of thousands, and possibly hundreds of thousands.”
But the PSR also says that “the data on the scale and types of APP scams of poor quality.”
A total of 1.5m cases of all UK card fraud was reported in 2015, according to Financial Fraud Action UK.
What types of APP scam exist?
There are two types of APP scam:
Malicious Misdirection – where the victim is “misdirected” into paying money into a scammer’s account in exchange for legitimate goods or services.
Malicious Payee – where payment is made in exchange for scam goods or services.
The PSR says their “… best estimate is that malicious payee APP scams make up between 85%-95% of total APP scams.”
What is a “super-complaint”?
“Super-complaint” is a term relating to consumer regulation that has been around for 15 years now. According to the UK’s Enterprise Act of 2002, if current features of a UK consumer market are assessed to be “significantly harming to the interests of consumers” the PSR says that certain consumer bodies can make a “super-complaint” to which the relevant authority has 90 days to respond. In this case, the relevant authority is the PSR (Payment Systems Regulator) of the FCA (Financial Conduct Association) – according to obligations laid out in the Financial Services Act of 2013.
What was the main point of Which?’s super-complaint?
In its first ever super-complaint, Which?’s main contention is that “many consumers lose large sums of money to fraudsters after they are tricked into authorising bank push payments, and … the conduct of banks … contributes to this consumer harm.”
Which? are looking to establish a change in liability so that banks do more to reimburse consumers when funds are stolen. Which? research says 37% of “transfer fraud” victims polled received no refund from their bank.
What has been the PSR’s response to the super-complaint?
The PSR says that, for a start, “the way in which banks work together in responding to reports of scams needs to improve.”
Encouragingly for consumers, the PSR admits (although rather tentatively) that “there is some evidence to suggest some banks could do more to identify potentially fraudulent incoming payments and prevent accounts coming under the influence of scammers.”
But in the key area of “… making banks liable for reimbursing victims of APP scams” the PSR says that, “… the evidence we have been able to collect is not sufficient to justify a change in liability.”
Where are we now?
The PSR has said that they will announce further findings in the second half of 2017 and will continue to “…consider whether it would be appropriate to propose changes to the obligations or incentives of banks for these scams.”
In the meantime, the usual scam warnings apply – do NOT transfer funds unless you are absolutely sure of what you are doing. And do not be tempted to be rushed into anything. If a business is rushing you, be suspicious.