The way we make payments is constantly evolving and one of the biggest changes is a significant rise in instant and A2A (account-to-account) payments. Research from Juniper suggests A2A transactions will increase from 60 billion global transactions in 2024 to 186 billion by 2029; an increase of 209%.
The real-time nature of these payments has made it easier to transfer money swiftly but it also presents a new challenge -- real-time fraud, making it difficult to reverse transactions, which fraudsters have been quick to exploit.
According to data from UK Finance, in 2022, 20% of consumers worldwide have been victims of payments fraud and 27% of those were victims of APP fraud. The latest figures in the UK show APP losses amounted to £459.7m and the total number of APP cases was up 12% to 232,429 in 2023.
To tackle this issue, the UK's Payment System Regulator (PSR) has implemented new rules that require banks to reimburse victims of APP fraud up to £85,000. The costs will be split equally between the sending and receiving banks.
The rules also give banks the authority to delay payments for up to 72 hours if fraud is suspected and mandate that victims be reimbursed within five days.
As other nations consider similar moves, the financial ecosystems of each jurisdiction must evaluate the potential risks. What lessons can they learn from the UK's approach, and how can they better frame their response?
While the measures in the UK are aimed at enhancing consumer protection, they may fall short when it comes to reducing fraud. The rules could also inflict long-lasting damage on the banking industry as challenger banks and payment firms struggle to afford to pay such high levels of compensation.
Criminals may try to exploit the UK's new reimbursement rules to increase their profits. Much like the exploitation of COVID-19 relief schemes, there is little stopping them from falsely claiming they've been scammed to receive up to £85,000 in compensation.
But it shouldn't be left to banks alone to solve the issue. Expecting fraud screening systems to catch every case is unrealistic. While advanced technologies have improved detection rates, they remain unable to stop all fraud.
Socially engineered scams are notoriously difficult to detect, as victims believe they are making legitimate payments. Victims are often coached to deny third-party involvement, making detection nearly impossible.
The rules to delay payments up to 72 hours may seem beneficial but how will banks determine which payments are suspicious, particularly for socially engineered scams?