Sergey Nivens - Fotolia

Banking regulatory body wants a ‘tripwire’ to flag APP fraud

Banking code of practice organisation wants banks to monitor where authorised push payment scammers are sending stolen money

An organisation that provides a code of practice for banks has called on signatory banks to introduce transaction monitoring technology that can identify authorised push payment (APP) fraud.

The Lending Standards Board (LSB) provides independent oversight of banks that voluntarily sign up to its Contingent Reimbursement Model Code. As part of the code, the LSB has set a deadline of December 2023 for banks to be monitoring payments to enable them to spot suspicious accounts that may belong to scammers committing APP fraud.

APP fraud, which sees criminals use fake websites and emails to trick consumers into authorising payments to them, caused losses of $789.4m to UK citizens in 2021, which could rise to $1.56bn by 2026, according to a report from payments software supplier ACI Worldwide and analytics firm GlobalData.

But the scammers are tricking people into making payments to bank accounts set up to support their crime, so monitoring for the issue will reveal to banks where stolen money ends up, enabling them to reclaim it and reimburse victims.

LSB CEO Emma Lovell said: “It is essential that firms do all they can to stop criminals from opening bank accounts and using their services to receive scam payments. Strengthening the code’s provisions means putting in place another tripwire for fraudsters looking to steal people’s savings – not to mention the money needed for essential living costs.”

A project in Estonia is showing the way for banks to prevent APP losses through information-sharing technology. The platform, established to enable the sharing of information between banks in real time, was originally designed to expose money laundering and was known as AML Bridge. It is known simply as the Bridge after its use was expanded for stopping APP fraud.

The platform from Estonian tech startup Salv, which was set up by former Skype executives, is currently used by 10 Estonian banks.

Read more about authorised push payment fraud

Salv founder and CEO Taavi Tamkivi recently told Computer Weekly that it became obvious the platform could also be used to track APP fraud, and because the criminals committing the fraud are also using the banks, it is possible for the money to be tracked and returned to customers.

“The platform allows crime fighting teams within the banks to warn each other and send real-time information about fraudulent transactions. The criminals are sending the money from bank A to banks B and C,” said Tamkivi.

“As soon as the victim realises something is wrong, they can contact the bank. Maybe the money has already gone, but the bank can share the information with other banks to see where it has gone.”

In a recent trial, banks on the Bridge platform reported that 80% of APP fraud was detected and the money reclaimed.

The LSB’s code already requires banks that are signed up to reimburse customers who lose money through no fault of their own. 

The Payment Systems Regulator (PSR) is currently consulting on a proposal for mandatory reimbursement for victims of scams where more than £100 is stolen.

Lovell said: “We share the PSR’s drive to ensure more victims are reimbursed where they are not to blame for the success of a scam, but are eager to ensure that fraud detection and prevention continue to be prioritised alongside reimbursement.

“Reimbursement can repair the financial impact on the victim, but it is still very much a lose-lose outcome. Victims lose because they will feel the after-effects and trauma of being scammed, even after reimbursement, and society loses as organised criminals reap the rewards of theft.”

Read more on IT for financial services