Resource Center

Of the £609.8 million stolen through fraud in the UK last year, payment scams (or authorised push payment fraud or APP scams) accounted for 41%. These are the known figures, but there will be far more unreported incidents, such is the embarrassment felt by those who have fallen victim to scammers, for example, a romance scam.

Payment fraud has been a silver bullet for scammers, and they’ve continued to evolve their tactics, tricking millions into authorising payments into bank accounts within their control. Two distinct developments have driven growth in recent years. The rise of faster payment systems, which has given people the ability to send life-changing sums of money in real time with only limited protection schemes in place, and the ongoing economic uncertainties making more people susceptible to scams.

Measures such as the contingent reimbursement model introduced in May 2019 to reimburse “blameless” victims instead left many exposed. Reimbursements were determined by the banks and being refused in many cases on the basis that fraud warnings were being shown and ignored at the point of payment.

There has also been intense focus on educating consumers about scams both from consumer groups and the banks themselves. The vast media attention on the various types of payment scams has helped keep awareness high. However, both consumers and businesses were, and still are, falling victim to payment scams.

Payment scams reached unprecedented levels last year and look set to double by 2026. Much more needs to be done to address it.

The Regulator Is Stepping In - What Will It Mean for Banks?

The Payment Systems Regulator (PSR) has set in motion a series of proposals to better protect consumers from payment scam losses, and two key elements stand out.

Firstly, reimbursements above a minimum threshold of £100 are to be mandatory. The minimum threshold, however, has been challenged by some banks, because for those on low incomes, it’s not an insignificant amount. A quarter of all losses to payment fraud is under £100. Furthermore, fraudsters tend to target people on low incomes or with a poor credit history. The recent rise in “loan fee scams” has highlighted the fact that fraudsters are increasingly pursuing a higher volume of lower value scams. Amidst a cost-of-living crisis, there are calls for the threshold to be removed. This would make all reimbursements mandatory unless there are exceptional circumstances.

The second key element within the PSR’s proposals addresses liability. Currently, victims of payment scams go to their own banks to get their money back. But it is clear that some liability must be placed at the door of those financial services providers where the fraudsters have managed to open seemingly legitimate accounts. The PSR’s proposals aim to place stronger incentives on both the banks that  send the payment  and the receiving organization to do more to detect and prevent scams from happening in the first place. It is proposed that the payer’s bank will reimburse the victim and then apply to the receiving organization to be reimbursed for 50% of the costs. It’s notable that the receiving organization may not be another bank but could be another type of financial institution — for example, a credit card issuer. For the first time these other types of financial services providers will have to look at how they manage the fraud risk of payments being made to them for the purpose of scam prevention.

However, the regulator has also highlighted its desire to address the whole ecosystem of “upstream polluters” whose behaviours enable fraudsters — behaviours that banks have no control over. For example, fraudsters are increasingly using social media or infiltrating WhatsApp groups with friendly offers of quick cash. There are also services that allow fraudsters to set up fake websites that will take payment details.

While this is not generally in scope for either the PSR or the Financial Conduct Authority, others such as OFCOM can look to force such organizations to take responsibility for their roles in the soaring levels of scams. There are calls for these organisations to come together in a coordinated approach to tackle what is now considered a national security threat.

Unintended Consequences of PSR Regulation of APP Scams?

In every economic downturn, first-party fraud tends to see a surge. With the current cost-of-living challenges and so many experiencing financial hardship, will the PSR’s proposals push first-party fraud to higher levels? Will mandatory reimbursement make it too easy and attractive for someone in need of funds to say they have been a victim of payment fraud with each of the banks they hold accounts with? This includes the opportunity to make some easy money by collaborating with fraudsters as, for example, money mules, where legitimate accounts are used to “cash out” fraudulent funds.

There is no sharing of this information and the activity takes place through existing and legitimate accounts, making it an almost impossible challenge for banks.

What Can Banks Do Differently to Meet These New Requirements?

The PSR proposals will increase pressure on the banks to do more than they are doing today to prevent scams from happening in the first place. It’s a significant challenge for the banks which, in fairness, are acting on the instruction of their customers when they initiate a payment.

At FICO, our work has shown that scams can be disrupted and often stopped in their tracks. There are two key factors to achieving this — machine learning analytics and highly personalised customer communications.

1. Needles in a Haystack — Pinpointing the Unusual Behaviour

People are creatures of habit. The ability to understand and pinpoint accurately, and in real time, which transactions have “out of pattern” characteristics will be extremely valuable in understanding when a scam might be taking place. Developments in machine learning and artificial intelligence have made this possible.

At FICO, our self-calibrating behavioural analytics technology monitors and identifies the normal behaviour of each individual based on their personalised transactions. It then identifies behaviours outside of these normal patterns. The technology continually adjusts, adapts and reassesses what is deemed normal behaviour for any given time period, enabling a more refined decision on the status of the transaction. For example, money transfers during December would understandably be higher than in November.

Given the constantly changing nature of scams and the severe lack of data available, this development in behavioural analytics technology is a far more effective way to shut fraudsters down fast and is proving to be a powerful weapon in the war against scams.

2. When Warnings Become Invisible, It's Time to Get Personal

Most customers are seeing generic messages and warnings each time they make a payment. These messages are so ubiquitous they have lost meaning and customers simply click through them. The intended impact of the message to the customer is no longer there. For example, Confirmation of Payee (CoP) was introduced to help prevent scams. However, millions have put themselves at risk by ignoring warnings that bank account details do not match when making a transfer.

When a transaction truly falls outside of the normal range, what is needed is communication that is personal and expanded far beyond generic warnings on a payments screen. This means asking customers about the transactions they wish to make in real time, with details pertinent to the specific transaction and using the customer’s channel, or channels, of choice. Providing them with friendly advice and asking relevant questions can help them think again. There is less chance of this kind of communication being ignored.

Conclusion — Catching the Scammers in Action

Ongoing awareness campaigns for both consumers and businesses have an extremely vital role to play, but they can only go so far. Voluntary industry measures have also been limited, but they have brought greater attention to the fact that more needs to be done.

Now that the regulator has stepped in, banks must look to the tools that will help them recognise the signs of an authorised push payment scam in progress and disrupt the journey with effective communication, ensuring customers know what is going on.

Scams are complex and greater collaboration between a wider range of organisations is needed. While financial institutions are the primary focus right now, other organisations, including social media giants, are coming under the spotlight too.

How FICO Can Help You Fight Scams

FICO helps our customers detect and deal with cases of authorized push payment fraud. We also have resources available to help you learn more about the issues and the potential solutions you can deploy:

• Adapting Fraud Strategy to the Era of Real-time Payments
• Digital Consumer Banking and Fraud Survey
• The Evolution of Fraud Management Solutions – The Priorities of Decision Makers Exclusive FICO research from analysts OMDIA
• Blog: Stopping Scams with Artificial Intelligence and Machine Learning

As the independent standard in credit scoring, FICO® Scores are the leading credit scores used extensively across the lending ecosystem. 2022 marked the first year in over a decade the average FICO Score did not increase, while the industry’s attention remained on topics such as alternative data and

BNPL. Here are the five most-viewed posts from 2022 on the FICO Blog related to FICO Scores.

1. FICO Fact: How Alternative Data Enhances the Accuracy of Consumer Credit Profiles

Joanne Gaskin discussed that when we talk about alternative data, we focus on how it can help bring millions more people into the mainstream credit ecosystem. An important benefit of finding new broad-based data sources and incorporating them into widely-used credit scoring models is the ability to provide greater visibility into the overall profile of an applicant population.

FICO® Score XD 2 allows for exactly that. Developed by FICO in partnership with LexisNexis Risk Solutions and Equifax, this innovative credit score utilizes alternative data—data not included in the traditional credit bureau file. The inclusion of this alternative data leads to a more reliable estimate of consumer credit risk and helps score more than 26.5 million previously “unscorable” consumer files.

In addition to bringing new consumers into the system, alternative data also provides more clarity on credit files for consumers who are “credit retired,” meaning they have not used credit in at least six months, and consumers who only have negative information in their file. There are many reasons why a consumer may be inactive and gaining this insight can be challenging. FICO® Score XD 2 solves this problem by incorporating public records and property data from LexisNexis Risk Solutions, supplementing credit file data with this public registry information.

Read the full post

2. BNPL in Credit Reports: How Could This Data Impact FICO Scores?

Ethan Dornhelm dove into a hot topic of Buy Now, Pay Later (BNPL) plans, which allow shoppers to make purchases and pay for them in installments over a defined period. According to the research from Cornerstone Advisors, these point-of-sale short-term installment loans with low credit amounts have been increasing in popularity during recent years for retail purchases like clothing, household goods, electronics, and more. BNPL loans are cited as a potential driver of greater financial inclusion, both in terms of consumer access to the BNPL loan themselves, as well as access to credit products that could enable unbanked and underbanked consumers to establish (or re-establish) their credit histories with one or more of the Consumer Reporting Agencies (CRAs). 

As BNPL loans become a more commonplace form of credit used by consumers, these loans could also become an important factor in consumer credit reports, and by extension, in the FICO® Scores based on those credit reports. While the BNPL product offers consumers some attractive features, it is essential that both lenders and consumers alike understand the potential impact these BNPL loans could have on consumers’ credit scores. All FICO Score versions can consider BNPL data, provided that the information is reported and made available to be incorporated into the algorithm.