Liability shifts in authorized push payment (APP) fraud has long been a discussion point in the U.S.
While the Consumer Financial Protection Bureau (CFPB) considers regulation around the liability for APP fraud, the industry has been working to self-regulate and ideally avoid such regulation. Across the Atlantic, the United Kingdom has now passed legislation that will take effect in October 2024 and will split liability between the sending and receiving institutions.
In June 2023, the British Payment System Regulator (PSR) announced that British banks and building societies would need to reimburse victims within 5 days in cases where a bank account is controlled by fraudsters. This ruling applies to the British Faster Payments system where most of the fraud has occurred. Once this takes effect next October, it will split liability between sending and receiving banks.
Britain and the European Union’s Faster Payments platform have been in place for far longer than the U.S. systems, and they have seen a large amount of fraudulent activity.
The takeaway? Their experience is an excellent case study for U.S. organizations. As global and EU regulators work to get their arms around fraud and risk, U.S. regulators are considering the same protections for the U.S. market.
Know Your Customer and additional signals from fraud detection systems are great benefits to managing the risk of customers. However, how likely a customer is to be a fraud victim and send money is a much more difficult question to answer.
To safeguard your institution and customers, consider implementing these changes to begin mitigating risk:
Continue monitoring risk ratings and status of customers
Take into account the payees a customer is engaged with. Sudden changes in payee can significantly increase the risk of a transaction. Transactional risk systems should flag such payments.
Know Your Payee
The significant risk of the payee in the transaction must be offset with additional information collection where possible. The more you can add data by querying other systems or tools to fill in the gaps, the more you can mitigate risk and be prepared for potential recovery. Synthetic identities will disappear into the shadows, so assure that your customers are not engaged with these high risk entities.
Monitor receiving accounts for potential money mover or mule activity
Mules can be synthetics IDs that open accounts, or they can be good customers who have been convinced to accept deposits as a “business opportunity.” The most dangerous type, complicit money mules, are expert financial operators that are aware of their role and actively participate in mule activity. Identifying mule activity earlier in the process can help mitigate this risk. But remember, there is a continuum of stages and all exhibit different behaviors. Are you detecting all the typologies? Work with your AML team to leverage mule and transactional activity that may result in more risk.
Think creatively about how you can shine a light on risky payees
Create incentives for “verified payees,” which can highlight the other end of the transaction to mitigate risk. It’s also critical to educate customers on the risks associated with being a money mover.
Get Ahead of Emerging Fraud Threats With Proactive Solutions
Taking steps now to mitigate APP fraud risks can protect your institution and its customers in the long run. This can look like:
- Leveraging your existing AML and transaction monitoring systems to detect suspicious activity. Educating customers on best practices for avoiding scams.
- Applying data analytics to identify high-risk payees.
- Considering new products or services that provide enhanced security.
Getting ahead of APP fraud will safeguard your customers, strengthen your operations, and uphold your reputation. By assessing risks and implementing strategic solutions today, you can position your institution for resilience in the face of emerging fraud threats. See how Socure can help here.
With more than two decades of experience in the banking compliance and anti-money laundering industries, Geister is a recognized leader in the financial crime detection field. She has worked with many of the largest financial institutions as well as technology and data companies, both global and domestic, to help eliminate and reduce money-laundering, fraud, and related financial risks.
Authorized Push Payment Fraud Needs Accountability by the...
Claire Greene, payments risk expert in the Retail Payments Risk Forum...
Uncovering Hidden Threats: Why Auditing Your Portfolio for...
With regulators considering shifting liability for certain consumer scam losses on...