Where a scam is taking place there is also a money mule at the other end waiting to receive the fraudulent funds.
Our data science team have developed machine learning mule propensity models, utilising functionality such as Advanced Payment Screening – assessing both incoming and outgoing payments – to detect the likelihood that a payment is being sent to a mule account.
Pay.uk has been tasked by the PSR to build and facilitate the reimbursement process between Payment Services Providers, but the design and delivery plan for this has yet to be communicated. Pay.UK is required to create the reimbursement rules through amending the Faster Payment rules by 7 June 2024. There will also be accompanying operational guidance.
The guidance has been amended so that a sending PSP can ‘stop the clock’ when contacting the receiving PSP, in order to gather evidence to inform their assessment of reported APP scam cases. They have also clarified the 35 business-day timescale within which the sending PSP must make a decision on whether to reimburse an APP scam case, under the policy. These amendments allow the sending PSP to make a more informed assessment. The receiving PSP may hold key evidence that will help inform the sending PSP’s assessment of any APP scam case, and it is right that enough time is allowed for it to gather and deliver this information.
At this time, only Faster Payments are covered. The PSR is considering giving a specific direction to CHAPS participants to support implementation of the comparable model for CHAPS (mirroring, where possible, the direction on Faster Payments PSPs). If it decides to do so, it expects to consult on the specific direction by the end of Q1 2024.
No, the forthcoming regulatory framework only covers payments that originate from, and that are sent to UK bank accounts.
Yes, any form of UK PSP account that receives a scam payment is in scope of the new regulations.
How will fraud types not covered by PSR regulations, such as international and crypto payment methods be treated?
These methods are out of scope of this regulation. Organisations employing these methods of payment and concerned about exposure to fraud risk should look to deploy prevention services such as LexisNexis® ThreatMetrix®.Yes, Pay.UK is required to create the reimbursement rules through amending the Faster Payment rules by 7 June 2024. There will also be accompanying operational guidance. Pay.UK must also publish proposals for effective compliance monitoring for obliged PSPs by 5 April 2024. Both the monitoring and reimbursement requirements must come into force together in October 2024.
They are not in scope at this time and we won’t speculate on future regulations, but it’s an interesting question and we will watch closely all future developments.
We are unable to provide direct advice on the regulations. Refer to section 2.18 of the June 2023 Policy Statement for guidance on Open Banking payments or seek specific advice.
This is not covered by the current regulations. Protecting against this form of attack requires additional behavioural biometric technology implemented within your customer journey to analyse customer behaviour signals and provide trust scores on the legitimacy of a customer's identity. Tools such as LexisNexis® BehavioSec® give you a new set of behavioural signals that transparently evaluates risk throughout the user journey, recognising an individual’s identity, not simply flagging potential fraud.
Telcos are regulated by OFCOM and it’s impossible to speculate here how this would work in practice across sectors. Big tech platforms that offer UK customer accounts capable of sending and receiving faster payments would be in scope. If the tech platform is simply enabling payments, they are not liable.
This is certainly a future possibility. There are various tactics receiving banks/PSPs could use to extend the window of opportunity to complete fraud checks on incoming payments and sender accounts. Asking customers to prove that the incoming payment is legitimate won’t be effective in reducing fraud, as the fraudster typically already has control of the recipient mule account.
Our fraud prevention solutions already leverage machine learning capabilities alongside digital identity intelligence and behavioural analytics to provide enhanced authentication, identity verification and fraud decisioning for customers. LexisNexis® ThreatMetrix® enables thousands of businesses globally to harness intelligence related to devices, locations, identities and past behaviours to confidently distinguish between trusted and fraudulent behaviour. Get in touch if you would like to learn more.
The PSR has provided specific guidance on the treatment of vulnerable customers. PSPs are also required to follow the Financial Conduct Authority’s guidance on the fair treatment of vulnerable customers. However, there is a real risk of a growing population of de-banked UK customers and UK banking sector will no doubt be monitoring this closely as the PSR rules are implemented.
There are investigations firms can conduct to determine gross negligence. Through consultation, the PSR has outlined a consumer standard of care when executing authorised push payments which includes giving due regard to scam warnings and prompt notification to their PSP of a suspected scam.
With guaranteed reimbursement, won't the Fraudsters just start claiming they have been frauded themselves and work together?
There is much speculation about the risk of ‘moral hazard’ as a result of this legislation. The PSR’s June 2023 Policy Statement covers this in detail, notably on page 33 (Table 4). However one leading bank which has already been operating a reimbursement guarantee for some time, said that this risk has not materialised amongst their customers.Give your customers greater protection and minimise the impact of the Payment Systems Regulator (PSR) split reimbursement model with enhanced payment risk assessment.
Learn MoreFraudPoint™ UK provides holistic identity risk assessment, uncovering difficult-to-spot suspicious connections and anomalies which might indicate a higher risk of fraud.
Learn MoreEnable cybersecurity and risk management through data science innovation and shared intelligence.
Learn MoreEmail addresses and their risk should be a key part of your organisation’s identity management strategy. LexisNexis® Emailage® is a powerful email risk scoring solution.
Learn MoreTransform human interactions into actionable intelligence.
Learn MoreIdentity management platform for verifying and authenticating an individual’s identity.
Learn MoreUnleash the power of global shared intelligence with the Digital Identity Network.
Learn More