The Front Page of Fintech

The largest fintech community in the world. Subscribe to our newsletter to stay up to date on the latest in news opinions, and all things financial technology.

Image Description

The Front Page of Fintech

The the largest fintech community in the world. Subscribe to our newsletter to stay up to date on the latest in news opinions, and all things financial technology.

Image Description

A deep-dive into APP fraud in the UK - TWIF UK & Europe Long Reads

Part Two in a TWIF UK & Europe Long Read series on APP Fraud from Kartik Dabbiru

A deep-dive into APP fraud in the UK - TWIF UK & Europe Long Reads
Photo by Bermix Studio / Unsplash
đź’ˇ
Editors Note

This is Part Two of a Long Read series on APP fraud from Kartik Dabbiru. Check out Part One if you missed it.

If you are interested in guest writing a Long Read or have a topic you want us to cover, please reach out.

With a global understanding of the rise and impact of APP fraud, we can now focus on the situation in the UK. As one of the regions most affected by this type of fraud, the UK has been both a target for sophisticated scams and a leader in implementing countermeasures.

Recent findings from the Payment Systems Regulator (PSR) shed light on the current state of APP fraud in the UK:

  • Significance of APP fraud in Total fraud Losses: APP fraud losses amounted to ÂŁ341 million in 2023, reflecting  44% of all fraud in the UK. 
  • Increase in Scam Volume: Despite the decrease in total financial losses, the number of reported APP scam cases increased by 12%, with 253,000 incidents in 2023. This suggests that while fewer high-value scams are occurring, fraudsters are executing a greater number of smaller scams, increasing the overall frequency of attacks.
  • Reimbursement Rates: The proportion of money reimbursed to victims rose to 67% in 2023, up from 61% in 2022. However, there are still notable inconsistencies in reimbursement practices, with significant variation between CRM (Contingent Reimbursement Model) code members and non-members, as well as discrepancies even among CRM members. Likely, this will improve significantly with the introduction of the recent mandatory reimbursement regulation. 
  • High-Value Scams: Although only about 2% of APP scam cases involved losses over ÂŁ10,000, these high-value scams accounted for a staggering 52% of the total value lost in 2023. This highlights how sophisticated schemes, such as investment frauds or impersonation of officials, continue to yield significant returns for fraudsters, despite being less frequent.
  • Role of Non-Financial Entities: A 32% increase in purchase scams, driven largely by online platforms, emphasises the growing role of non-financial entities in facilitating fraud. This finding points to the need for enhanced cross-sector collaboration, where both financial institutions and non-financial entities work together to prevent and mitigate the impact of fraud.

These statistics underscore the critical need to focus on APP fraud, implement robust fraud prevention measures, introduce enhanced and streamlined communication methods to expedite fraud resolution and bring regulatory changes to protect consumers and businesses. As APP fraud becomes more frequent, despite a reduction in the average value of losses, it’s clear that a comprehensive, cross-sector strategy is essential to combat this growing threat.


APP fraud reimbursement and the Path Ahead

In response to the rising tide of victims of APP fraud, the UK introduced the Contingent Reimbursement Model (CRM) Code in May 2019. This voluntary code aimed to improve reimbursement rates for fraud victims, setting industry standards for how Payment Service Providers (PSPs) should handle these cases. However, the CRM Code had limited impact given the voluntary nature, with inconsistent outcomes for victims across different PSPs. It is worth noting that predominantly larger institutions had signed up to the CRM code but a number of challenger banks and smaller PSPs did not sign up to it at least initially.

Recognising these gaps, the Payment Systems Regulator (PSR) implemented new regulations specific to Faster Payment Systems on 7th October 2024. This new APP fraud reimbursement regulation mandates shared liability between sending and receiving institutions to reimburse APP fraud victims within 5 working days. This means that both parties will be responsible for reimbursing victims, with a reimbursement cap set at ÂŁ85,000 which is expected to cover 97% of scams. 

Other key changes planned under the new regulation - 

  • The code is involuntary i.e. all PSPs are obligated to ensure protection and compensate fraud victims. This is no longer left to the choice of the sender PSP.
  • PSPs need to pay up within 5 business days, but they can pause the clock for investigations (up to 35 days max).
  • Reimbursement can be refused if the PSP is able to prove gross negligence on part of the victim only if vulnerability is not a factor in the victim authorising the payment.

It’s not very clearly defined as what constitutes gross negligence but it is going to be a very high bar for PSPs to reach. This has the potential to become a breeding ground for collusion between fraudsters and “victims” leading to increased instances of fraud and associated losses.

This Bloomberg article recently highlighted the risks associated with these new regulations, warning that while they aim to reduce fraud, they could also create new challenges, such as operational strain on banks, possible incentives for fraudsters and “victims” to collude, and unintended consequences for consumers.


The Role of Technology in Combating APP fraud

Technology has been a double-edged sword in the evolution of Authorised Push Payment (APP) fraud. On one hand, it has enabled fraudsters to develop more sophisticated scams, leveraging AI and Machine Learning to create convincing phishing attacks, deep fakes, and other forms of deception. On the other hand, these same technologies offer powerful tools for detecting and preventing fraud. To address the complexity of APP fraud, a multifaceted approach involving banking and payments network collaborations, communication service providers, and advanced technological systems is essential.

The Power of Network Collaboration: fraud consortiums

A key component in the fight against APP fraud is the establishment of fraud consortiums, particularly within the banking sector. These consortiums are collaborative networks where Financial Institutions share data and intelligence on fraud patterns, helping to identify fraudsters and prevent fraudulent activities across the industry. By pooling resources and information, Banks and PSPs can detect and respond to emerging threats more effectively.

In the UK, initiatives like the Banking Protocol have been instrumental in creating a unified front against fraud. This initiative has allowed banks to work closely with law enforcement agencies to prevent fraud in real-time. For example, in 2022, the Banking Protocol was credited with preventing over ÂŁ145 million in fraud and resulting in over 1,000 arrests. These results highlight the effectiveness of collaborative networks in disrupting fraud operations before they can cause significant harm.

Another example is the UK National fraud Database (NFD), where hundreds of thousands of records are added every year by the UK's fraud prevention community. This data and intelligence is shared in real time and online: 24 hours a day, seven days a week  allowing banks to leverage this data against fraud threats. 

The Role of Communication Service Providers

Communication Service Providers, including social media platforms, play a significant role in both exacerbating and preventing APP fraud. Social media has become ground zero for most fraudsters to launch scams, often by impersonating trusted entities or spreading misinformation to manipulate users into authorising payments.

For instance, in 2022, a sophisticated scam circulated on social media, where fraudsters posed as representatives of well-known banks, convincing users to transfer funds to "secure accounts" to avoid fraudulent activities. The ease with which these scams spread across platforms highlights the need for social media companies to be more proactive in detecting and blocking fraudulent content.

In response, some platforms have begun to implement stricter verification processes and AI-driven monitoring tools to detect and remove fraudulent accounts. Mobile network providers are also voluntarily playing their part in preventing fraud by highlighting some inbound calls as “suspected scams”. However, there is still much work to be done. Collaborative efforts between social media companies, mobile network providers and financial institutions are crucial to developing more robust solutions. The introduction of Reimbursement Claims Management Systems (RCMS), currently being built by Pay.UK, is a step in this direction. RCMS aims to enhance the monitoring and reporting of fraud by facilitating seamless communication between the Sender PSP, Receiver PSP, Pay.UK and the victim to try and understand fraud patterns better which will eventually help in  reducing the spread of scams. It still remains to be seen how easy it will be to integrate with RCMS. 

Advanced AI and Machine Learning in Fraud Detection and Prevention

AI and ML have become essential tools in the fight against APP fraud, offering unparalleled capabilities to analyse vast amounts of data and detect fraudulent activities in real-time. These technologies enable financial institutions to not only prevent fraud but also to resolve incidents more effectively, reducing the financial and emotional toll on victims. My team and I are building a communication and workflow platform entirely focused on automating/accelerating the resolution of FinCrime and fraud incidents. 

Real-Life Examples and Impact of AI/ML in Fraud Detection

One notable example of AI-driven fraud detection is HSBC, one of the world's largest banks. HSBC has implemented AI and ML algorithms to monitor transactions and identify potentially fraudulent behaviour. According to a report by Forbes, HSBC’s AI systems analyse over 1 billion transactions annually, using pattern recognition to flag suspicious activities. This system has been instrumental in reducing false positives by 20%, meaning fewer legitimate transactions are wrongly flagged as fraudulent, and more actual fraud attempts are caught before they cause harm.

Another example comes from Barclays, which has also integrated AI into its fraud detection systems. Barclays’ AI tools can monitor and assess the risk of each transaction in real-time, comparing it against known patterns of legitimate and fraudulent activities. The system uses machine learning to continuously improve its accuracy as it processes more data. In 2022, Barclays reported that their AI systems helped prevent £150 million in fraudulent transactions, showcasing the significant impact of these technologies.

In the United States, JP Morgan Chase has employed AI to enhance its fraud detection efforts. The bank’s AI-powered fraud detection system processes an estimated 5 million transactions per day. The machine learning models used by JP Morgan Chase are designed to adapt to new fraud tactics, ensuring that the bank stays ahead of fraudsters. As a result, the bank has seen a 50% reduction in fraud-related losses, according to a report by American Banker.

AI in Fraud Resolution and Customer Experience

AI is not just limited to detecting and preventing fraud; it also plays a crucial role in resolving fraud cases quickly and efficiently. For instance, Lloyds Bank has implemented AI-driven tools to streamline its fraud resolution process. These tools help the bank’s fraud teams assess claims more accurately and prioritise cases that require immediate attention. In 2022, Lloyds reported that its AI system reduced the average resolution time for fraud cases by 30%, allowing customers to receive reimbursements more quickly.

Another case is Wells Fargo, which uses AI to automate parts of its fraud investigation process. The bank’s AI systems can sift through transaction data, identify patterns, and compile reports for human investigators. This has significantly expedited  the resolution process, with Wells Fargo reporting a 40% decrease in the time taken to resolve fraud cases. Additionally, the bank has noted a 25% improvement in customer satisfaction scores related to fraud handling, as victims experience less stress and uncertainty during the resolution process.

The Growing Role of AI/ML in the Financial Industry

The use of AI and ML in fraud detection is becoming increasingly widespread. According to a report by Juniper Research, Financial Institutions globally are expected to spend over $10 billion on AI-driven fraud detection systems by 2027. This investment is driven by the clear benefits AI provides in identifying and mitigating fraud risks.

Moreover, a study by McKinsey & Company found that banks using AI and ML for fraud detection have reduced their costs by an average of 30%. The study also highlighted that these banks are more agile in responding to new fraud threats, as AI systems can be updated and re-trained more quickly than traditional rule-based systems.

Generative AI: Preparing for Future fraud Scenarios

Generative AI is another cutting-edge technology being explored for fraud prevention. This type of AI can simulate various fraud scenarios, helping financial institutions prepare for and defend against new types of fraud that have yet to emerge. For example, Mastercard has begun using generative AI to stress-test its fraud detection systems. By simulating a wide range of potential fraud attempts, Mastercard can identify weaknesses in its defences and improve its systems before real-world fraudsters can exploit them.

This proactive approach has already yielded results; in 2023, Mastercard reported a 25% improvement in its fraud detection rates following the implementation of generative AI. The company expects this technology to play a key role in its ongoing efforts to stay ahead of increasingly sophisticated fraud tactics.

Upcoming Innovations: RCMS and UK Finance’s Initiative

Looking ahead, new initiatives like the RCMS by Pay.UK and a similar system being developed by UK Finance are poised to play a crucial role in the future of fraud prevention. RCMS is designed to monitor communications across various platforms, identifying and reporting potential fraud in real-time. This system will work in tandem with existing fraud detection tools, providing an additional layer of security.

UK Finance's initiative, meanwhile, focuses on creating a centralised fraud prevention hub where financial institutions can access shared resources and intelligence. This hub will integrate with existing systems, including AI-driven tools, to offer a comprehensive approach to fraud detection and prevention.

These systems, once fully operational, are expected to significantly reduce the incidence of APP fraud by enabling more effective monitoring and faster response times. As these technologies continue to evolve, they will play an increasingly important role in protecting consumers and businesses from the ever-present threat of fraud.


What the UK Can Learn from Others?

As the UK grapples with rising APP fraud, it can gain valuable insights by examining how other regions, such as the European Union (EU) and Singapore, have tackled similar challenges.

The European Union: Reporting fraud data and Strong Customer Authentication (SCA)

  • Reporting fraud data: According to the EBA and ECB Regulatory Technical Standards, Payment Service Providers must report Fraud data to regional competent authorities, which is then aggregated and analysed by the EBA and ECB. 
  • Impact of SCA and CSC: The EU's implementation of Strong Customer Authentication (SCA) and CSC under the Payment Services Directive 2 (PSD2) has had a profound impact on reducing payment fraud. According to the European Central Bank (ECB) and the European Banking Authority (EBA), fraud rates for transactions authenticated through SCA are significantly lower than those without SCA. However, it is worth noting that SCA (implemented also by the UK) alone is not going to play a significant role in reducing APP fraud. The Common and Secure Communication (CSC) aspect of the RTS stands to implement secure channels for communication between various parties involved in payment transactions, particularly between account servicing payment service providers (ASPSPs) and third-party providers (TPPs)

Singapore: Holding Communication Service Providers (CSPs) Accountable

  • CSPs' Role in fraud Prevention: Singapore has taken a unique approach by holding Communication Service Providers (CSPs) liable for fraud reimbursement if it's found that they did not take adequate measures to prevent fraud. This policy emphasises the importance of cross-sector responsibility in combating fraud, recognizing that financial institutions alone cannot address the entire spectrum of fraud risks.
  • Case Study: In 2022, Singapore reported a 25% year-on-year increase in fraud cases, but the financial impact was mitigated by the strict regulatory framework that holds CSPs accountable. This approach ensures that all stakeholders involved in the digital payment ecosystem, including telecom companies and social media platforms, play a role in protecting consumers.

Lessons for the UK

The UK's recently implemented APP fraud liability regulations could be significantly strengthened by adopting a more rigorous approach, similar to the EU’s SCA and CSC requirements. By ensuring that both domestic and cross-border transactions are secured through strong authentication and communication practices, the UK could see a substantial reduction in fraud rates. 

Moreover, the UK could benefit from fostering greater cross-sector collaboration, taking cues from Singapore’s model where communication service providers (CSPs) and other non-financial entities are held accountable in the fight against fraud. This approach would create a more comprehensive fraud prevention strategy, addressing gaps in the current system and reducing the incidence of APP fraud. 

Additionally, the UK can refine its regulatory framework by learning from these global examples and continue engaging with the industry, ensuring that it not only responds to current fraud trends but also anticipates future challenges. This includes enhancing the role of the Financial Conduct Authority (FCA) in overseeing the application of new technologies and protocols that strengthen payment security.

By learning from these international practices, the UK can bolster its defences against APP fraud, ensuring that both consumers and businesses are better protected in the increasingly digital financial landscape.


Part Three will be the final part in this Long Read series and look at how to bridge the gaps between communication and education as well as advice for consumers and a call to action.