New UK Fraud Rules Set to Empower Victims

New rules come into force in the UK today designed to provide consumers with stronger powers of redress in the event they fall victim to authorized push payment (APP) fraud.

Regulator the Financial Conduct Authority (FCA) has mandated that fraud victims can now complain to the bank that receives funds sent in error to a scammer, as well as their own bank.

Both banks have to receive the complaint, with the consumer able to escalate their case to the Financial Ombudsman Service (FOS) if they’re not happy.

APP fraud occurs when an account holder is tricked into making a payment to another account, such as in BEC or CEO fraud.

There are two main types: with malicious payee fraud the victim authorizes a payment for what they believe to be legitimate purposes, but it’s actually a scam; while in malicious redirection the victim intends to pay a legitimate payee but the fraudster directs them to pay a third party instead.

APP fraud losses jumped 44% between the first half of 2017 and the same period last year to reach £145m in the first six months of 2018, according to UK Finance.

The banking group argued last year that the government should levy a payments tax to create a fund which could be used by the industry to compensate the growing number of victims.

The FOS has claimed in the past that a common strategy of the banks in APP disputes — to blame the customer — is increasingly difficult to do given the sophistication of scams.

A new voluntary code is being drawn up for the industry, which should also clarify when lenders are liable to pay up.

These will include a duty of care placed on the part of the banks, including processes to confirm the name on the destination bank account.

“This industry collaboration is key to tackling fraud and improving outcomes for consumers and businesses alike,” argued Equifax head of ID & fraud, Keith McGill.  

“These new [APP] rules will directly benefit consumers falling victim to this type of fraud by giving them stronger redress with the recipient bank or building society being used by the fraudster, in addition to their own.”

What’s Hot on Infosecurity Magazine?