APP fraud is a growing problem for banks

Authorised push payment (APP) fraud is currently rampant in the UK. In the first half of 2021, cases rose by a shocking 71% and for the first time overtook card fraud in terms of the amount of money stolen.

These scams involve consumers and businesses being tricked into sending money to criminals using either stolen or invented identities. They target consumers using fake websites, emails and phone calls to circumvent bank’s stringent security checks.

One reason for this increase is the introduction of real-time payments via the Faster Payments scheme in the UK. Launched back in 2008, the scheme enables real-time payments online or via smartphones or self-service machines. During the Covid-19 pandemic, consumers and businesses increasingly adopted digital payments.

However, these payments are irrevocable. In the case of APP fraud, the victims cannot reverse the payment once they know they have been conned. Understandably, this has made the UK a much more attractive market for criminals.

Growing problem for banks

According to the figures from banking trade body UK Finance, APP fraud rose from £208 million in the first half of 2020 to £355 million for the same period in 2021, a year-on-year increase of 71%. Applying the same growth to the second half of the year, the total losses from APP fraud for 2021 are forecast to reach £819 million.

While it is consumers that suffer both financially and emotionally from these scams, banks are also left footing the bill in many cases. For example, TSB has refunded 97% of all bank fraud cases under its Fraud Refund Guarantee.

While the figures may differ between banks, they all face the same impossible challenge – either absorb the losses of their clients or face losing those customers due to a lack of protection.  And all amid a rapidly rising source of fraud.

In 2020, banks paid £207 million of the £479 million total cost of APP fraud, amounting to 43%. Given the predicted growth in losses, banks could have paid out as much as £400 million in compensation once the 2021 figures are published.

These losses could increase. In an effort to curb APP fraud losses, the UK Payments System Regulator (PSR) is pressing for banks and other payment providers to publish fraud data and to make reimbursement to victims mandatory, an initiative that has government support.

John Glen, economic secretary to HM Treasury said in November that the government will “legislate to address any barriers to regulatory action at the earliest opportunity.”

Verifying identity before money is stolen

Identity lies at the heart of APP fraud.

What is needed is a way to verify people’s identity on both sides of a transaction prior to any money changing hands. Fortunately, the infrastructure already exists through Open Banking, in which banks have already invested £1.5 billion.

The UK banks have verified the identity of 98% of the UK’s banking population, data which can be securely shared via Open Banking.

Using this information, such a system would not only significantly reduce bank’s losses, it would also enhance banks’ reputations as trusted and reliable custodians of clients’ money. Furthermore, it would put banks at the centre of the fight against fraud.

This type of system already exists elsewhere in Europe. Sweden launched its Bank-id in 2003 and it is now the largest electronic identification system in the country with a 94% usage rate among smartphone users with more than 6.5 million active users. It is owned and operated by several Swedish and Scandinavian banks.

A similar but independent BankID scheme operates in Norway which also acts as a utility, owned and operated by a number of banks.

Originally conceived as a way for consumers to log on to their online banking accounts, the system has expanded its scope as consumers increasingly conduct more transactions digitally. BankID is now used confirming online payments and even signing official documentation.

The scheme has proved to be successful in reducing payment fraud from 1% to just 0.00042% of transactions.

The same system is needed in the UK – a digital identity utility that protects people’s data and makes it safe and simple for users to prove their identity.

The key to any successful utility is adoption. The involvement of banks and businesses can help to build a brand that the general public can trust and a system that will ultimately limit the financial, psychological and emotional impact of APP fraud.