UK Treasury makes paying back consumers victim to APP fraud ‘compulsory’ for banks
The UK’s Treasury Committee has unanimously agreed that banks are not doing enough to protect its customers from losing money to fraud on their platforms.
In the report, the committee says it will make the currently voluntary Contingent Reimbursement Model (CRM) “compulsory” in legislation. The CRM acts as an industry code for how banks should reimburse consumers who have lost money through authorised push payment (APP) fraud.
The phrase ‘gross negligence’ used by banks to justify not paying back customers will also be redefined by regulators, who “should agree an accepted definition” so firms can’t interpret it to suit them.
“It’s a serious failure that banks weren’t already doing this,” says the committee on CoP
Titled ‘Economic Crime: Consumer View’, the government committee’s paper also says that as of March 2020 Confirmation of Payee (CoP) will be introduced. This means payee’s names must be confirmed before a payment is made.
“It’s a serious failure that banks weren’t already doing this,” says the committee. “The regulators should consider sanctioning any firm that misses the March 2020 deadline.”
Read more: UK Treasury Committee: Regulators must punish banks for IT failures
The report also stated banks need a 24-hour delay on all first-time payments, as well as carry out “targeted information campaigns” to reduce the number of money mules. In 2018 the committee says there were 40,000 cases “that bore the hallmarks of money mule activity”, including students selling their account log-in details to fraudsters.
“This new Treasury Committee report marks a much-needed investigation into economic crime in the UK,” says RSA Security’s fraud and risk intelligence unit director Daniel Cohen. “Fraudsters will constantly seek out weak points, so to keep pace with evolving fraud tactics, financial firms need to take a layered approach […]. This will help them embrace the opportunities that come with digital transformation whilst maintaining confidence in their ability to detect and respond to fraud, protecting both themselves and their customers.”
One of the last points in the report concerns de-risking, which is where banks can end their relationships with customers they deem to be risky. After finding whole sectors ruled out through de-risking, the report states banks “must be as transparent as possible” to give all individuals and firms “the best possible chance” of keeping their accounts and other financial services .
Those customer which find themselves in limbo and cannot reach a resolution with their bank will see the case “fully investigated”.
Read on: EBA’s migration deadline for SCA must be seen as a warning
