Earlier this month, I wrote about the UK’s Information Commissioner’s call for organisations to prioritise protecting people. In that call to arms, the ICO reiterated that “data protection law is not an excuse, and it does not stop you sharing data that may assist with tackling fraud”.
I’d like you to keep that statement in mind as you read on. In case you need reminding, Fraud is the most frequently experienced crime in the UK, accounting for 39% of all reported crime in England and Wales.
Banks provide a unique perspective, with the UK industry collating reports of successful and prevented fraud. UK Finance’s latest report puts a total loss of £1.17 billion for 2023, but equally also recognises that its member prevented a further £1.2 billion in the same timeframe.
Authorised Push Payment (APP) fraud makes up a significant part of the losses suffered by victims, with £450 million lost in 2023. Whilst October 7th saw the introduction of mandatory reimbursement for customers that meet the required standard of caution, there remain many forms of fraud for which there is little prospect of reimbursement.
APP fraud, where victims are tricked into transferring money to fraudsters, exploit social media, telecommunications, and other platforms to devastating effect. Beyond financial losses, victims endure emotional trauma and a profound erosion of trust in payment systems and digital platforms.
The Payment Systems Regulator’s (PSR) recent report provides critical insights into these scams, highlighting the urgent need for systemic action and cross-industry collaboration.
The scale and impact of APP scams
APP fraud typologies are diverse, both in terms of the modus operandi (MO) and the channels through which the perpetrator reaches and socially engineers the victim. The PSR has sought to highlight that preventing APP fraud is not just the responsibility of banks - every sector has a role to play.
With that in mind, it has sought to evidence the role played by every sector using data from financial institutions. Key findings include:
• Social Media Platforms: Over half (54%) of APP scam incidents involved social media platforms, particularly Meta’s Facebook, Instagram, and WhatsApp. These platforms accounted for 18% of the total value lost, equivalent to approximately £61 million.
• Telecommunications: Fraudsters leveraged telecommunications for 12% of scam volume but caused the highest financial damage, accounting for 31% of total losses.
• Investment Scams: Though only 6% of incidents, investment scams were responsible for 24% of the total losses, underlining their disproportionate role in the harm caused by fraud.
Crucially for financial institutions and society, the detriment went beyond the temporary or permanent loss of money. Victims reported diminished confidence in payment systems, with one-third hesitant to adopt new payment methods post-fraud. Additionally, and perhaps crucially, 41% of victims expressed distrust in social media platforms, which must surely be bad for business if you’re running such a platform.
The case for data sharing
The PSR’s report underscores the critical role of data sharing in combating fraud. Collaboration between banks, payment service providers (PSPs), social media platforms, and telecommunications companies is essential to:
• Identify and Block Fraudsters: Sharing real-time intelligence can enable early detection of fraudulent patterns and block bad actors before they cause harm.
• Build Consumer Awareness: Public access to fraud data empowers individuals to recognise threats and take preventative measures.
• Enhance Ecosystem Resilience: Comprehensive data enables firms to refine fraud detection systems, mitigating risks across the digital landscape.
Actionable steps for combating fraud
More generally it is clear that financial institutions cannot defeat APP fraud alone, nor should they be left solely to foot the bill for other failings.
With that in mind, we need to embrace:
• Data Sharing Across Industries: Regulators should collaborate to enable and incentivise data-sharing protocols, ensuring banks, tech companies, and telecom providers collaborate seamlessly.
• Cross-Regulatory Collaboration: Collaboration between regulators like the PSR, Financial Conduct Authority (FCA) and Ofcom is critical to closing systemic vulnerabilities.
• Improved Consumer Protections: The PSR’s reimbursement mandate, effective October 2024, holds banks accountable for refunding victims. However, it does not provide incentives for organisations outside the financial services sector, thus making it essential that Ofcom make full use of the provisions within the Online Safety Act to ensure that social media and search firms are accountable for illegal content, some of which will lead to APP fraud.
• Technology-Driven Solutions: Innovations such as Confirmation of Payee (CoP) and AI-based fraud detection systems must be widely adopted. CoP, for instance, has already reduced misdirected payments, alongside behaviour- and device-based fraud and scams intelligence, there is significant potential to create friction for criminals.
• Public Awareness Campaigns: Whilst the Stop! Think Fraud campaign was a good start, educating consumers to change their behaviour isn’t something that can be achieved through a single campaign. Change takes time.
Looking ahead
Fraud in general represents a significant threat to the integrity of the digital economy and public trust. The UK is unique in committing to publish annual fraud data that highlights the volume, value and origins of APP fraud. Given the global nature of the digital economy, it is fair to infer that the situation, whilst not measured, is unlikely to significantly different elsewhere in the western world.
We’re unlikely to ever live in a world free of fraud, but reducing fraud risk necessitates that we unite as a society. Only the collective actions of businesses, regulators, and individuals will give rise to a resilient digital ecosystem where fraudsters find fewer opportunities to exploit and consumers can transact with confidence.