Which? calls for post-Brexit rule change to protect victims of APP fraud

So which organisation is Which? suggesting should reimburse the cardholder who was the subject of an APP fraud scam? The bank that hosts the customer's account from which the monies were taken with the cardholder's agreement, or the financial institution who opended the account that receievd the fraudulent funds, i.e. the fraudster. The challenge is we are not preventing APP scam issues, we are just shifting liability from a customer who was "tricked' to their own bank.

Why not make the mobile operators pay, since they allow spoof SMS messages that appear to come from the customer's bank.

This article is misleading. Indeed PSD2 scope does not include consumer protection against fraud. However there is European legislation which does : directive 97/7/ec on the protection of consumers in respect of distance contracts, directive 2011/83/eu on consumer rights, directive 2005/29/ec on unfair commercial Practices, and directive 93/13/eec on unfair terms in consumer contracts All these directives should be part of the UK law... and they need to be maintained-enhanced post Brexit.

If banks or ASPSP:s as regulators call us, should foot the bill for APP fraud, the protection needs to be financed, i.e. end users of payments need to pay enough for the payment service to cover refund rights for fully authenticated credit transfers that prove to be fraudulent. In the payment cards industry the business model includes liability rules for cases where the payee is not paying back wrongfully received funds. The alternative protection is to add more security features that make payer life harder.The PSD 2 makes it harder for the payment service providers to reclaim monies from the fraudulent payee due to the "finality of payment rule" and most consumer protection regulations assume that the payee will repay the wrongfully received funds, which does not apply to fraudsters. The PAD regulation gives all EU citizens the right to obtain a payment account - so fraudsters have a legal right to "join" the payment service. The absense of sensible "scheme" rules in combination with instant payments, the internet/mobile networks and digital transaction verification are the  fuel components that propel this kind of fraud and will make a ASPSP liability rule expensive.