In today’s digital age, authorised push payment (APP) fraud has become a persistent threat, causing significant distress and financial losses to victims.
The year 2019 marked a major milestone in customer protection from APP scams, with the introduction of the Contingent Reimbursement Model Code (CRM Code), governed by the Lending Standards Board (LSB), the primary self-regulatory body for the banking and lending industry. However, we have since argued that the name given to the code may have led to too much singular focus on reimbursement as the key solution to APP scams.
As the name suggests, the code sets out consumer protection standards, requiring firms that sign up to reimburse customers who fall victim to APP scams through no fault of their own. But crucially, the code also requires those firms to detect and prevent scams from happening in the first place, with the aim of helping to reduce the frequency of attack.
The sophistication and complexity of scams leaves everyone, even the most tech-savvy and aware, open to being a target
This is a vital component for customers because, while reimbursement can reduce the hit to their wallet, scams are emotionally distressing, carrying with them feelings of guilt, shame, worry and embarrassment. In fact, research from Canada Life highlighted that of people they surveyed who had been a victim of an APP scam or who knew someone who had, 55% said it had taken a toll on their mental health.
Let us also not forget that no one is immune to falling for a scam. The sophistication and complexity of scams leaves everyone, even the most tech-savvy and aware, open to being a target.
As well as emotional turmoil, the recent squeeze on incomes means a larger portion of the population is now financially vulnerable. Research shows that approximately one-third of UK citizens live payday to payday, making them very vulnerable to sudden financial shocks. Losing hundreds or thousands of pounds, even temporarily, due to APP fraud can push individuals into severe financial difficulty, potentially forcing them to rely on high-interest credit or plunge into a cycle of debt.
This financial strain is compounded by the cost of living crisis and prevailing levels of unemployment due to long-term illness.
So how do we go about enhancing protective measures and working towards a safer and more secure future for online banking and payments?
The work is already being done. Data shows that in 2018, the number of APP scam cases rose by 93%, with the rate of increase slowing to 45% in 2019 (when the CRM Code was introduced), 23% in 2020 and 6% by 2022. The Financial Ombudsman Service also recently highlighted that customers banking with CRM Code signatory firms are less likely to be scammed. This momentum must be maintained going forwards to ensure protections do not fall away.
The Payment Systems Regulator has outlined its position on tackling APP fraud, introducing mandatory reimbursement. While this is a positive step, reimbursement does not prevent customer harm, nor does it stop criminals walking away with full pockets.
This is why it is vital that signatory firms continue to serve their customers by preventing scams, and for other Payment Service Providers (PSPs) to follow their lead by committing to a new prevention code, being driven by the LSB, to ensure protections do not falter as the spotlight falls on reimbursement.
We encourage the regulators to make clear their view to PSPs that the industry should retain — as a minimum — the best practice on scam prevention and the fair treatment of customers that is currently set out in the CRM Code in a recast code. It is vital for regulators, financial institutions and individuals to collaborate in this endeavour, working towards a future where individuals are protected, their emotional well-being is prioritised, and the digital financial landscape becomes a safer space for all.
Emma Lovell is chief executive of the Lending Standards Board.
