Out-Law News 3 min. read

APP scam measures ‘risk cottage industry for fraud’

A “cottage industry for fraud” could emerge if plans to introduce mandatory reimbursement for victims of authorised push payment (APP) scams in the UK are introduced without proper safeguards, a leading fintech entrepreneur has warned.

Jamie McNaught, founder and chief executive of cryptoasset exchange Solidi, told Out-Law that a system that guarantees refunds without appropriate checks and balances in place could also cause financial harm to any businesses that operate customer money accounts.

Jamie McNaught

CEO and founder, Solidi

It would not take too many reversals for us to become insolvent and there would not be much we could do about it

McNaught was commenting after the Payment Systems Regulator recently recommended making reimbursement of APP scam victims mandatory. The move would require legislative changes, but John Glen, economic secretary to the Treasury, has said the government is willing to “legislate to address any barriers to regulatory action at the earliest opportunity”.

Pinsent Masons’ David Crossan, an expert in APP fraud litigation, has warned that the move could create “a new type of APP fraud by the back door”. McNaught agreed, highlighting the potential for the new system to be ‘gamed’ by criminals.

McNaught said: “We know that there are legitimate victims of APP fraud, but we also know that there are ‘victims’ who are complicit in the scams. We know this because of the complex fraud systems we have in place. These people include ‘money mules’ who are directed by sophisticated criminals on how to move money around, including on cryptoasset exchanges, and who subsequently claim to be innocent victims of fraud. They seek ‘refunds’ whilst also sharing in the defrauded funds.”

“The perception may be that a new system of mandatory reimbursement would see banks pick up the bill in such cases but there would be many instances where they would look to reverse transfers of ‘defrauded’ funds to the destination bank. If those funds have gone to a collection account that has sufficient funds in it then they will be returned to the sender account and ultimately refunded to the victim, potentially without much incentive for banks to closely interrogate the circumstances of the case,” he said.

“For large organisations that operate client money accounts or customer accounts, from lawyers, accountants and estate agents, to e-money firms and cryptocurrency exchanges, this has potentially huge implications. It is a threat to any firm that dispatches goods to a customer. It would not take too many reversals for us to become insolvent and there would not be much we could do about it," McNaught said.

"The due process that currently exists for APP scam reversals is very, very poor and not transparent. We don’t get to see any of the evidence. If this continues under the proposed mandatory reimbursement scheme funds would be lifted from our client money account even if we suspect the customer is complicit in the fraud. There would be no way to disprove what the fraudster says. It would be our word against theirs. To my mind, this essentially creates a cottage industry for fraud,” he said.

Shah Hinesh

Hinesh Shah

Senior Associate Forensic Accountant

Regulators need to consider the potential unintended consequences... and design appropriate controls to mitigate against such risks

Unintended consequences could also arise from the fact ‘confirmation of payee’ protocols in the UK are not applied to all payments or implemented by all payment service providers, McNaught said. Efforts to combat fraud through the application of confirmation of payee could, for example, lead to legitimate transactions being blocked, with knock-on inconvenience and other potential harms to consumers and businesses, he said.

Hinesh Shah, a forensic accounting specialist at Pinsent Masons, said: “The proposed mandatory reimbursement scheme is designed to provide a safeguard mechanism for genuine victims of APP scams; a plan which most consumers would fully support. However, regulators need to consider the potential unintended consequences of such a scheme, including fraudsters taking advantage of a potential guaranteed refund by making fraudulent claims, and design appropriate controls to mitigate against such risks.”

In its consultation, which is open to 14 January 2022, the PSR has set out two ways in which mandatory reimbursement might be implemented.

One option it is considering is to require Pay.UK – the body that operates the UK’s national retail payment systems, including BACS and Faster Payments – to change the rules that apply to the Faster Payments scheme to require reimbursement for all APP scam victims who have “exercised sufficient caution”.

The alternative proposal under consideration is to require Pay.UK to incorporate into scheme rules a requirement for payment service providers to sign up to a PSR-approved code on reimbursement of APP frauds. A number of banks have already signed up to a voluntary reimbursement code, which provides for the compensation of victims of APP frauds and is funded by banks for this purpose.

Craven Jennifer

Jennifer Craven

Legal Director

Victims also need to understand the need to act quickly to trace and recover the money they have lost

According to UK Finance, £355.3 million was lost to APP fraud in the first half of 2021 and industry prevented a further £736.1m of unauthorised fraud in the period.

Jennifer Craven, an expert in civil fraud and asset recovery at Pinsent Masons, said “The scale of APP fraud is growing exponentially and shows no sign of slowing down. There needs to be greater co-operation between financial institutions to tackle and crucially prevent this sort of fraud taking place in the first place. Victims also need to understand the need to act quickly to trace and recover the money they have lost: the first step could involve contacting the relevant financial institution to determine where money has gone, but they should also consider the civil court remedies available to trace money and to identify the ultimate fraudster, as these can be extremely effective, depending on the facts of the fraud.”

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.