Skip to main content

Authorised Push Payment Fraud Performance Report

Volume 834: debated on Tuesday 14 November 2023

Question

Asked by

To ask His Majesty’s Government what assessment they have made of the authorised push payment (APP) fraud performance report published by the Payment Systems Regulator in October 2023.

My Lords, the Government are committed to tackling authorised push payment fraud and stopping customers falling victim to scams. The Government welcome the publication on 31 October by the Payment Systems Regulator of data on the levels of APP fraud and of reimbursement among payment service providers. This will ensure that firms are properly incentivised to combat fraud and explore all avenues to do so.

My Lords, this excellent report allows us at long last to see which banks are behaving best and worst in preventing and reimbursing fraud. One of the best ways to reduce fraud would be to stop fraudsters using UK bank accounts to receive the stolen money. We can now see from this report that Metro Bank, TSB, Starling and Monzo are the banks that receive and process the most stolen money. Smaller payment providers are even worse. For every £1 million received by Clear Junction, for example, more than £10,000 was stolen money, and almost 20% of Dzing Finance’s receipts by number were fraudulent. Now that we have this information, what are the Government doing to ensure that banks take real action to stop their accounts being used by fraudsters? Secondly, I congratulate Anthony Browne on his promotion yesterday, but what does that mean for his essential role as the Prime Minister’s Anti-Fraud Champion?

I congratulate the noble Lord, because he was a strong advocate for the publication of this data. As he says, it has indeed been revealing, and I assure noble Lords that action has already been taken on the back of it. On 27 October, the Financial Conduct Authority imposed restrictions on Dzing Finance Ltd, which was the worst-performing payment service provider for fraud volumes received. It now cannot on-board any new retail customers or allow any new incoming funds from retail customers for the purposes of issuances of electronic money or providing payment services without the written agreement of the FCA. In March this year, the FCA wrote to all payment firms, highlighting fraud risks and instructing them to take action to address this. Where issues are identified, the FCA will continue to take action. I also congratulate my friend in the other place on his appointment, but I assure noble Lords that his excellent work will continue under the work of the Home Office.

My Lords, the Payment Systems Regulator aims to provide consumers with better information about fraud and the risks associated with each bank and payment services firm. If the volume and value of frauds and scams enabled by particular tech sectors and social media platforms were also published, that publicity would drive those institutions to improve standards and protect users. Will the PSR be asked to direct all payment service providers to include in their APP fraud data submissions for the next publication the value and volume of fraud enabled by the largest social media and tech platforms?

My Lords, it would be interesting to look at that and at how that data might be collected. The point at the heart of my noble friend’s question is absolutely right. Banks have a responsibility in this area, and that is why the reimbursement obligation is coming forward, but others have an obligation in this area too. The recent Online Safety Act imposes new obligations on the largest social media companies and platforms to prevent their users being exposed to harmful content, including fraudulent content. I am sure those measures will make a real difference too.

My Lords, APP fraud rose by 20% in the first half of this year alone and, according to the Payment Systems Regulator, customers of banks and building societies have wildly different and divergent experiences of receiving compensation and restitution. While I welcome the mandatory reimbursement requirement that will come into force next year, in the meantime, what consideration is being given to mandate appropriate resourcing of out-of-hours fraud and complaints teams within banks to ensure that where an APP fraud has occurred it can be reported and acted on with appropriate speed?

As the noble Lord has noted, a significant step towards ensuring greater consistency and user experience will be the mandating of reimbursement; we already have 10 signatories to the voluntary reimbursement code. Of course banks need to have proper processes in place to deal with suspected fraud, and I think publications such as the data we had at the end of last month shine a light on how banks are performing and allow consumers to make informed choices about where they bank.

My Lords, UK Finance has published analysis that shows that 78% of APP fraud originates online and another 18%—especially high value —via telecoms. These companies face no reimbursement liability at all. Will the Government act to change that and make the telecoms and online companies liable?

As I have said to noble Lords, through the Online Safety Act, platforms and services in scope will be required to take action to tackle fraud where it is facilitated through user-generated content or via search results. They must take preventive measures to prevent fraudulent content appearing on their platforms and swiftly remove it if it does. Additionally, there will be a duty on the largest social media companies and search engines to prevent fraudulent adverts on their services. Ofcom has the power to fine companies failing their duty of care up to £18 million or 10% of annual global turnover, so there will be accountability in the system for online companies too.

My Lords, only 59% of the stolen money has been returned to customers, according to the PSR report. Can the Minister explain what pressures there are on bank directors to, as it were, take care of the customers’ interest? The regulators seem to be incredibly complacent that over 40% of the money still has not been returned. Is it not really a case of restructuring the FCA and the PSR, to ensure that customer representatives have the majority of the seats on the boards of those regulatory bodies so that they can get the protection they need?

My Lords, I believe that an alternative route forward is already in train: the mandatory reimbursement requirement, which will apply across all payment service providers. As I said, there is currently a voluntary approach in place; a mandatory approach will ensure a much more consistent response for consumers when it is introduced next year.

My Lords, the latest data from the Payment Systems Regulator shows that instances of payment card and remote banking fraud have fallen by 9% and 29% respectively, driven by greater use of much stronger customer authentication interventions. However, use of such initiatives varies markedly across the financial services sector. Does the Minister believe there is a case for stronger guidance on how digital banking platforms should make use of such technology?

The noble Lord is absolutely right that we need to use a range of tools to respond to fraud taking place through banking. The regulator does have the powers in place to ensure that payment services firms are taking the appropriate action, not just on reimbursement but to prevent the fraud in the first place.