The group of MPs said firms should consider retrospectively reimbursing victims of authorised push payment fraud and introduce a 24-hour delay on all first-time payments, providing time for consumers to consider if they are being defrauded.

More than £600m was stolen from consumers in the first half of 2019, confirming that economic crime is a serious and growing problem in the UK.

Contingent Reimbursement Model

The Treasury Committee’s report Economic Crime: Consumer View also said the “Contingent Reimbursement Model” should be compulsory. The Contingent Reimbursement Model is a voluntary financial services industry code which sets out how its signatories should reimburse money lost to consumers via authorised push payment (APP) fraud.

Financial firms have been warned since 2016 that they have been failing in their duty to protect customers by not linking information on account names to payments. MPs on the committee said banks should consider whether refusing to retrospectively reimburse customers who relied on the payee name is “fair and just”.

It added that regulators should define the term “grossly negligent” to provide consistency on whether or not a consumer is reimbursed.

Confirmation of Payee

The report also said that firms missing the Confirmation of Payee deadline of March 2020 should be sanctioned. At present, when a payment is sent, the initiator of the payment must give the payee’s name, account number and sort code. The latter two are cross referenced and confirmed with the receiving bank, but the payee’s name is not.

Confirmation of Payee, which is set to be introduced in March 2020, involves the payee’s name also being confirmed. The committee said it was a “serious failure” that banks weren’t already doing this.

Faster Payments

Faster Payments are an instant transaction which are normally processed in seconds. Fraudsters rely on this speed to move money into a series of accounts before consumers and banks are aware.

But the report pointed out that very few first-time payments need to be received instantaneously. It suggested there should be a mandatory 24-hour delay on all first-time payments, providing time for consumers to consider if they are being defrauded.

All future payments to the same account could flow at normal speed. If an initial payment was needed instantly, a customer could ring their bank and additional checks could be carried out for the funds to be released.

Recommendations

The report also made recommendations about running targeted campaigns warning students about the dangers of becoming a money mule; “de-risking” where a bank ends its relationship with a customer it deems to be too high-risk; and clarifying the reporting procedures for economic crime.

Rushanara Ali MP, the Treasury Committee’s lead member for the inquiry, said: “The Treasury Committee’s report examines the scale of economic crime faced by consumers, ways that financial firms are combatting economic crime, how economic crime is investigated, and consumer’s rights and responsibilities.

“To ensure that consumers are protected, it should now be compulsory for financial firms to reimburse money lost to victims of authorised push payment fraud, and they should consider doing so retrospectively.

“There should also be a mandatory 24-hour delay on all first-time payments, allowing consumers time to consider the risk that they are being defrauded.

“The Government and regulators should take on board all of the committee’s recommendations to enhance consumer protection in the face of this harmful tide of criminal activity.”

Stephen Jones, UK Finance chief executive, said: “Investing millions in security systems to defend customers, supporting law enforcement in disrupting criminals and helping customers protect themselves from scams are core priorities for the finance industry.

“The authorised push payment voluntary code is a key part of this work and provides important protections for customers of signatory firms from authorised push payment scams. Nevertheless, we welcome the committee’s recommendations that issues of liability and reimbursement should best be addressed by new laws rather than just a voluntary code alone, and the recommendation that third parties should be liable for the associated costs to financial services when they are responsible for data breaches that increase the risk of payment scams.”