A key issue frequently covered on Payment Expert is fraud, focusing on topics such as how emerging technologies can help combat it and the measures governments are taking to support victims.
Recently, the spotlight has been on the latter, as payment service providers (PSPs), the government and regulators debate solutions. To some observers, it may seem that different stakeholders are trying to juggle responsibility rather than address the core issue – though this too is often brought up in discussions.
This extensive debate, however, has done little to curb the rising levels of Authorised Push Payment (APP) fraud. UK Finance reported that losses from this type of fraud amounted to £459.7m in 2023, highlighting the urgent need for effective action.
What actions are being taken? Two key regulatory measures are expected to help reduce APP fraud and improve reimbursement for victims. The first was the Payment Services (Amendment) Regulations 2024.
This regulation would allow providers to delay outbound payments for up to four business days if there are reasonable suspicions of fraud or dishonesty. However, the July election meant the Conservative-initiated legislation was shelved.
Separately, PSPs have already raised one key concern, this being the potential delay in processing payments. On the other hand, some also believe that a delay in payments may be necessary, with speedy transactions sometimes coming with unwanted risks.
Commenting on the new rules, Tamas Kadar, CEO and Co-Founder of SEON, a fraud-prevention firm, says: “After years of implementing measures to ensure the uninterrupted speed of payments, this change introduces a reduction in speed. While quicker payments offer many benefits, the rise of ‘instant fraud’ has become unavoidable.”
The government is confronted with this complex challenge, but Kadar believes that providing businesses in the payment process with additional tools to tackle instant fraud is a “prudent” approach.
He continues: “If activated, the delay would give payment providers more time to detect suspicious activity, making it harder for fraudsters to exploit ‘instant fraud’. However, if delays are incorrectly applied, they could negatively impact businesses’ cash flow and frustrate customers expecting swift transactions.”
The second regulation has generated significant discussion and debate this year. New rules regarding fraud reimbursement are set to take effect on 7 October. A major challenge with this regulation is the proposal to set the maximum reimbursement limit at £415,000, which would be shared between the paying and receiving firms.
As Ellie Burns, Head of Product and Customer Marketing at ID verification company IDnow, tells Payment Expert: “The UK payment services sector will have to step up its fraud-fighting game if it is not to drown in reimbursement fees.”
Time to sink or swim
Staying with reimbursements, conversations are still ongoing and the Payment Systems Regulator (PSR) is believed to be reevaluating the details, though it had previously said it wouldn’t budge.
Nevertheless, PSPs must learn to adapt and Burns believes that identity verification technology will be “pivotal” in both preventing fraud and ensuring compliance with these new rules.
“It remains true that there is no silver bullet for fighting fraud and the special difficulty in
detecting APP fraud lies in the fact that the transactions are put through by a genuine person who has been socially engineered to do so,” Burns added.
“Due to this, there will always be a need for human-led interventions, where automated solutions cannot yet provide ample protection.”
Burns pointed out that Know Your Customer (KYC) processes play a crucial role in cybercrime prevention, reducing friction for genuine customers and detecting high-risk or anomalous behaviour.
Additionally, it helps prevent the most vulnerable customers from being targeted by fraudsters and this approach improves the effectiveness of services by ensuring that the right payments go to the right individuals. Finally, as Burns explains, a targeted strategy can help optimise operations and increase transaction speeds.
How better to adapt than by implementing a robust strategy for preventing cybercrime and fraud? A targeted approach offers several advantages such as reassuring customers that the business is committed to protecting them.
However, transaction speeds may not be increased due to the first piece of regulation mentioned if PSPs are not well prepared. To prepare for the Payment Services (Amendment) Regulations, SEON’s Kadar also believes that technology will play a significant role.
Kadar emphasises that it’s essential to implement modern methods for intercepting suspicious payments before they are processed. Financial institutions are actively exploring how Artificial Intelligence (AI) can assist in this area. For instance, Visa is in advanced discussions to acquire Featurespace, a fraud prevention firm known for its successful use of AI.
However, he urges PSPs to begin preparing immediately, stating that “it pays to be proactive”.
“While we await official confirmation, there’s no reason to wait on assessing the operational impacts proposed regulations will have on established strategies,” Kadar remarks.
“This will likely involve redoubling efforts to bolster fraud prevention techniques and emphasising systems equipped with robust data analytics and reporting tools that can track and document every instance where a payment delay is invoked due to fraud concerns.”
What comes next?
Both pieces of regulation are far from the finished product and unfortunately for PSPs, it is hard to prepare for the unknown.
In the words of Kadar, “businesses should remain vigilant for any further amendments to the regulations, which may be forthcoming relatively soon”.
As noted, the PSR is looking increasingly likely to give in to the criticism from the sector, with the issue becoming the subject of a new consultation. This would see the maximum reimbursement drop from £415,000 to £85,000. Burns highlighted some of the reasons the sector is complaining.
Firstly, she said that the regulations might in fact increase the levels of fraud because it prioritises reimbursement over crime prevention and might lead to more reckless behaviour on the consumers’ part.
Secondly, the proposed refund amount is too high and could push early-stage businesses into bankruptcy. Third, the new rules fail to require social media companies, where a lot of APP fraud originates, to help pay for this.
Fraud continues to be one of the most significant challenges in the UK, and it’s in the government’s interest to collaborate with the payments industry to address these issues, particularly in light of the £22bn debt crisis.
The Labour government is developing plans to hold tech companies accountable for compensating victims of online fraud. As Burns explains, the proposal, introduced in June 2024, suggests that while banks will still be required to reimburse fraud victims, they could later reclaim some funds from tech companies.
“Given this major backlash in the industry, it remains to be seen if and how the new APP
fraud regulations will take effect in October 2024,” Burns concluded.