Last week UK Finance published their annual fraud report ‘Fraud the Facts 2019’. This year’s report noted that authorised push payment fraud was up by 44% – so what does this leap in the statistic actually show? And how does it fit into the wider context of industry concerns and actions around this type of scam?
An Increase in Authorised Push Payment Fraud – or Just More Reporting?
UK Finance only started collecting data for publication on push payment scams in 2017. In this year’s report, they’ve provided a wealth of information on the different guises this fraud can take and have split the reporting figures into two categories, those where individuals were the victims and those where it was businesses.
What we don’t know in any detail is where they gathered their statistics from. The report states that four additional UK Finance members have been reporting since January 2018. Depending on the size and customer base of those four new reporters, it is credible that the 44% increase comes from more reporting rather than more fraud.
On the other hand, it’s likely that push payment fraud is significantly under-reported. Reporting relies on it having been investigated or indeed reported to the bank by the victim. Many victims, realising that they have been tricked into paying a fraudster, may be too embarrassed to report it. It would be interesting to know if banks accept every case reported to them as authorised push payment fraud and include the cases in these statistics. If a bank determines, rightly or wrongly, that it’s actually a case of buyer’s remorse, do they exclude the case from the reported statistics?
It is noticeable that authorised push payment scams against individuals (78,215 cases) are significantly more frequent than those against businesses (6,408). Without understanding the makeup of the banks that contributed to this report, it is difficult to determine if this is an under-representation of the fraud against businesses because those banks reporting predominantly serve consumers.
How Do We Fight Authorised Push Payment Fraud?
Reducing authorised push payment fraud is not easy, and the UK Finance Annual Fraud Report lays out ways in which the industry is looking to tackle it. FICO customers have had significant success in reducing authorised push payment fraud using our machine learning and analytics, in some cases lowering cases by as much as a third.
While some industry initiatives are moving ahead quickly, others are stalled. For example, the Confirmation of Payee Service, initially due to be in place by July of this year, has been delayed due to the complexities of the IT required. While It is likely that this service will reduce authorised push payment fraud against individuals if not that against businesses, it’s now very unlikely to be in place to prevent cases in 2019.
Another industry initiative, the Contingent Re-imbursement Model, sets out circumstances where banks will refund those who have been scammed out of funds. If this encourages banks to take steps to improve their processes and technology, it could see cases of authorised push payment fraud decline. However, if it just means the bank loses rather than the scammed individual or business, all it does is shift the liability.
It is also possible that in 2019 authorised push payment fraud could become more attractive to fraudsters. PSD2 and the mandatory use of Strong Customer Authentication makes significant steps to stop other types of payment fraud. We know that fraudsters rarely just go away. With better protection stopping unauthorised payments, they may switch their attentions to authorised push payment fraud, which isn’t protected by Strong Customer Authentication.
My prediction is that we will see another increase in push payment fraud during 2019. This will partially be down to more reporting (PSD2 also makes reporting it mandatory) but also due to an underlying increase as fraudsters go after what is still low-hanging fruit.