26th April 2018
On 7 November 2017, the Payment Systems Regulator (PSR) issued a consultation paper in relation to ‘authorised push payments’ , which considered how financial institutions deal with push payment fraud, as well as how customers are compensated once a fraud has taken place. (The paper referred to all ‘payment service providers’, who enable the transfer of funds using a payment system. On the basis that most individual and commercial customers will have a bank account, we will refer to ‘banks’ in this note. Our comments will apply generally, however, to all payment service providers.)
Payments are described as ‘push payments’ when the payer obtains the payee’s account details and instructs their bank to send (or push) money to it. The opposite ‘pull payment’ is where the payer provides the payee with the relevant account details, and the payee is authorised to take (or pull) funds from the payer’s bank account.
A push payment fraud will therefore involve the fraudster somehow persuading the consumer to organise a transfer from the consumer’s account to the fraudster’s account. Examples could include:
In most cases, the customer will notify the bank only after the payment has been made, by which time the fraudster will have made off with the funds by transferring them out of the offending bank account and possibly out of the country. These types of frauds are being increasingly reported in the mainstream press, as well as the financial services industry’s perceived inconsistent treatment of such frauds, with some banks admitting fault for allowing the fraud and reimbursing the victim; while others do not.
UK Finance have published data on this growing problem , citing that there were 19,370 cases in the first six months of 2017, with over £101.2 million being sent by customers (both individuals and business) who had been tricked into authorising a payment. Around 88 per cent of those payments were made by individuals, losing on average £3,000; with the remainder being made by businesses who lost on average £21,500 per case.
The figures indicate that almost a quarter of those losses (£25.2 million) were returned by financial providers, but there are now calls for changes to legislation and/or to the regulatory framework, so that banks are required to do more.
A ‘super-complaint’ was submitted by the consumer action group Which? to the PSR in September 2016 entitled ‘Consumer safeguards in the market for push payments’ . Which? argued that consumers do not receive sufficient protection from this type of fraud, compared to the protections in place for other types of fraud (for example credit card and direct debit frauds). Which? suggested that where such frauds have taken place, legislation or regulation should be changed so that:
On 28 February 2018 the PSR announced the outcome of its consultation, confirming that it will proceed with plans to better protect victims of push payment scams.
The PSR believes that banks have a role to play in preventing such scams, and that having no responsibility to reimburse customers provides weak incentive for banks to take responsibility for doing so. The PSR will therefore implement a scheme that makes reimbursement contingent on the actions of the banks both sending and receiving the funds when a push payment scam occurs.
As from March 2018, the PSR has established a dedicated steering group, comprised of industry and consumer representatives, to ensure that the contingent scheme is designed in the best way to minimise fraud and to protect victims. In addition, as from September this year, a new industry code will also be implemented, which the Financial Ombudsman Service (FOS) can take into account when determining customer complaints about push payment fraud.
The PSR has confirmed that the steering group must have regard to simplicity, transparency and the cost, benefits and impact of the contingent scheme, and that the scheme must be underpinned by the following core principles:
UK Finance has also drafted a set of best practice standards that banks should follow when responding to reported push payment scams , which are:
Retail banks offering push payment services have agreed to implement these standards by the third quarter of 2018.
UK Finance are also seeking to take various further measures, including:
There is no doubt that tackling push payment fraud is a top priority for financial institutions, consumer groups, industry representatives and regulators alike. It will now be even more incumbent on banks to ensure that they have taken steps to address push payment fraud.
As yet there is no consensus on exactly the measures that banks will be expected to take to prevent push payment scams and reduce their impact, but these could involve increased consumer education and awareness; the collection and publication of scam statistics; complying with best practice standards (including those proposed by UK Finance); increased transaction data analytics; and further Know Your Customer (KYC) requirements.
If you would like any further advice or assistance in relation to push payment fraud or any other lender services issues, please do not hesitate to contact Louise Power, Rachel Elgar or any member of Walker Morris’ Banking Litigation team.
 https://www.ukfinance.org.uk/authorised-transfer-scams-data-h12017/ in Notes to Editor