Banks and tech companies face liability for online fraud in UK

Tensions are rising between UK banking and payments companies and social media firms over who should be responsible for compensating people if they fall victim to online fraud schemes.

From October 7, banks will be required to start compensating victims of so-called authorized push payment (APP) fraud up to £85,000 if those affected have been tricked or psychologically manipulated into handing over cash.

APP fraud is a form of scam where criminals try to get people to send them money by impersonating people or companies selling a service.

The £85,000 refund could prove costly for the big banks and payment firms. However, it is actually less than the mandatory repayment amount of £415,000 that the UK’s Payment Systems Regulator (PSR) previously proposed.

The PSR backed down on its offer to pay the high maximum compensation following industry backlash, with industry group the Payments Association in particular saying it would be far too costly for the financial services sector.

But now that mandatory fraud compensation is being launched in the UK, questions are being asked about whether financial firms are facing the brunt of the costs of helping fraud victims.

On Thursday, London-based digital bank Revolut accused Meta to fall short of what is needed to combat fraud globally. The Facebook owner announced a partnership earlier this week with UK lenders NatWest and Metro Bank, to share information about fraud activities occurring on its platforms.

Woody Malouf, Revolut’s head of financial crime, said that Meta and other social media platforms should help cover the costs of reimbursing fraud victims and that without sharing responsibility for this, “they have no incentive to do nothing about it.”

Revolut’s call for big tech platforms to financially compensate people who fall for scams on their sites and apps is not new.

Tensions have been high between banks and tech companies for some time. Online fraud has increased dramatically in recent years due to an acceleration in the use of digital platforms to pay others and buy products online.

In June, the Financial Times reported that the Labor Party had drawn up proposals to force tech firms to reimburse victims of fraud originating from their platforms. It is unclear whether the government still plans to require tech firms to pay compensation to victims of APP fraud.

A government spokesman was not immediately available for comment when contacted by CNBC.

Matt Akroyd, a commercial litigation lawyer at Stewarts, told CNBC that following their victory to reduce the maximum reimbursement limit for APP fraud to £85,000, banks “will get another boost if their efforts to push the government to impose some regulatory liability on technology companies are also successful.”

However, he added: “The question of what regulatory regime might cover those companies that do not play an active role in PSR’s payment systems and how is complicated, meaning this issue is not likely to be resolved anytime soon.”

More broadly, banks and regulators have long called on social media companies to work more closely with UK retail banks to help tackle the fast-growing and ever-evolving fraud threat. A key request was for tech firms to share more detailed information about how criminals abuse their platforms.

At a UK financial industry event focused on economic fraud in March 2023, regulators and law enforcement emphasized the need for social media companies to do more.

“We’re hearing anecdotally today from all the firms we talk to that a lot of this fraud is coming from social media platforms,” ​​Kate Fitzgerald, head of policy at PSR, told attendees at the event.

She added that there is a need for “absolute transparency” about where fraud occurs so that regulators know where to focus their efforts in the value chain.

Social media firms not doing enough to combat and stamp out attempts to defraud internet users was another complaint from regulators at the event.

“What’s missing a bit is that social media companies at scale run suspicious accounts that are involved in fraud,” Rob Jones, director general of the National Economic Crime Centre, a unit of the UK’s National Crime Agency, said at the event.

Jones added that it was hard to “break the inertia” at tech companies to “really get them to go after it.”

Meta rejected suggestions that it should be held liable for paying compensation to victims of the APP fraud.

In written evidence to a parliamentary committee last year, the social media giant said UK banks were “too focused on their efforts to shift liability for fraud to other industries”, adding that this “creates a hostile environment which plays into the hands of the hands”. by fraudsters”.

The company said it can use real-world information from big banks through its Fraud Intelligence Reciprocal Exchange (FIRE) initiative to help stop fraud and evolve and improve its machine learning and AI detection systems. Meta called on the government to “encourage more inter-professional collaboration like this”.

In a statement to CNBC on Thursday, the tech giant pointed out that banks, including Revolut, should look to join forces with Meta under its FIRE framework to facilitate data exchanges between the firm and major lenders.

FIRE “is designed to allow banks to share information so that we can work together to protect the people who use our respective services,” a Meta spokesperson said last week. “Fraud is a cross-sector problem that can only be solved by working collaboratively.”