Transpact Blog Search

Click on the links below to expand and read the blog entries:

PSR's Catastrophe - See no Evil, Hear no Evil - Part 2

Wednesday, 16th July, 2024

The UK's Payment Systems Regulator (PSR) is forcing banks to introduce significant friction when making a payment, to reduce APP fraud.
This will break the UK payments system from the new regulations' start date of 7th October 2024 !
APP fraud is at epidemic levels, and needs to be stopped. But not in this way.

See our blog post below where we set out that maybe for every fraudulent payment stopped by the PSR's actions, maybe ten or more genuine payments that urgently need to be made will also be prevented from being made or delayed. This will cause a catastrophic breakage in UK payments.

The PSR publicly consulted on the soon to be mandatory regulations, and you can see our contribution to the consultation in the blog post below this one.

The PSR have now published their response to that consultation - at https://www.psr.org.uk/media/y0yfbiy1/ps24-3-fps-app-scams-reimbursement-compliance-and-monitoring-july-2024.pdf.
See in particular the PSR's response at points 5.20 and 5.21 (page 19 of the .pdf), where the PSR wrote:

5.20 We have considered whether the inclusion of data on the impact of non-automated interventions on the making of payments and any delays in payment as a result of any automated intervention is necessary for Pay.UK to effectively monitor compliance with the FPS reimbursement rules and the PSR with our FPS APP scams legal directions, and requirements.

5.21 We have in particular considered the proportionality of any such requirement. As the additional datapoints requested for inclusion do not relate to the monitoring of compliance with the FPS reimbursement rules, we consider it is appropriate to limit the datapoints that the sending PSP must retain and report to Pay.UK as the Faster Payments operator, to those we have set out. We consider that this is a proportionate and effective approach.
We therefore are not proposing any changes to the CDRS in response to this feedback.

If our understanding of this word salad is correct, the PSR are stating that they are not interested in monitoring nor learning if the UK payment system is breaking due to the PSR's new regulations. Instead, they will operate blind to any newly introduced payment delay, and to the magnitude of genuine payments which will now be impossible to make in the UK due to the new regulations.
All that is important to the PSR is that fraudulent payments are reimbursed. Genuine payments that are delayed or denied are clearly not important to the PSR.

It seems to us that the PSR are operating on a wing and a prayer, hoping that the friction they introduce will not cripple the UK payment system, but taking no interest in discovering whether their measures actually cause a payment breakage.

Given we are already seeing significant disruption in the making of some genuine payments even before the start date of the new PSR regulations, we fear for the future.

PSR's Catastrophe - See no Evil, Hear no Evil

Wednesday, 8th May, 2024

As we have noted below, the UK's Payment Systems Regulator (PSR) is breaking the UK payments system from the 7th October 2024 !

The PSR is forcing banks to introduce considerable friction when making a payment, to reduce APP fraud.
APP fraud is at epidemic levels, and needs to be stopped. But not in this way.

For every fraudulent payment stopped by the PSR's actions, maybe ten or more genuine payments that urgently need to be made will also be prevented from being made. This will cause a catastrophic breakage in UK payments.
Indeed, we have received multiple reports that the UK payment system is already breaking as the banks gear up for the change - though things are only going to get far worse.

The PSR have acknowledged in writing the dangers of genuine payments being prevented in their previous consultations on the matter.
But the PSR have decided to ignore their own warning, and not monitor whether the UK payment system is breaking.

In their latest consultation, the PSR have decided to monitor APP fraud claims occurring, but not to monitor the friction caused and number of denied payments that will result from their new regulations.
So from 7th October coming, when the UK payment system breaks, the PSR will be blind to the fact, and unaware of what is occurring.

Here is our official response to the PRS's latest consultation, notifying the PSR of this lapse.
Based on past precedent, the PSR seem to be a juggernaut set on an unchangeable course, and we believe it unlikely the PSR will take note of our warning of their self-inflicted blindness:


Dear PSR,

We are responding to the PSR’s consultation CP24/3 - The FPS APP scams reimbursement requirement: compliance and monitoring - https://www.psr.org.uk/media/vvmjkeno/cp24-3-app-scams-compliance-monitoring-april-2024.pdf.

The PSR’s APP reimbursement regulations, commencing on 7th October 2024, will break the UK payment system, because friction will be purposefully introduced into the making of payments in the UK. This friction will in a significant minority of cases lead to genuine non-fraudulent payments that need to be made becoming unviable. The friction that banks and PSPs will introduce to protect themselves in these cases will mean that the effort required by the payer to make the needed payment will not be viable.

As a result, a whole tranche of payments that are necessary in the UK will no longer be available to payers.

This introduction by the PSR will go against one of the PSR’s key roles - maintaining effective payment in the UK.

This is our strong and credible belief – and we may be wrong or we may be right.

But given the seriousness of the risks being introduced (which the PSR has acknowledged in its written consultations), it is imperative that the PSR monitors and measures whether payments in the UK are becoming unviable. It is imperative that the ‘compliance data reporting standards’ detailed in Annex 1 to the consultation above are expanded to include (by each paying PSP/Bank) the following metrics:

  • Number of payments declined to be made by paying PSP
  • Value of payments declined to be made by paying PSP
  • Number of payments made by paying PSPs where non-automated intervention with payer was made prior to payment
  • Value of payments made by paying PSPs where non-automated intervention with payer was made prior to payment
  • Average delay in payments (in minutes) where non-automated intervention with payer is made prior to payment
  • Average delay in payment (in seconds) caused by automated intervention with payer prior to payment

Only by collecting the above information can the PSR know whether the UK payment system is indeed breaking down, or continuing to function well.
If the UK payment system begins to break as we fully expect, and the above data points are not collected, then the PSR will be blind to the catastrophe and have no means of being aware of the breakage of the UK payment system.
The PSR will believe that all is functioning well, when in fact the UK payment system will be broken.

This cannot be allowed to happen.

Best Regards,

Andrew Kaye
CEO – Transpact.com


SRA's terrible reported treatment of Helen Coles in Axiom Ince scandal

Friday, 9th February, 2024

The Solicitor's Regulation Authority (SRA) has reportedly failed in its duties to protect clients of solicitors that it regulates.

In a case where a solicitor is reported to have stolen around £60 million of its clients' money, the Law Gazette (click here for article) reports that hundreds of thousands of pounds of Helen Coles' funds were paid into that solicitor's client account even when the SRA knew about serious issues at the firm, and had reportedly frozen funds from leaving that client account.

Solicitors in the UK are regulated either by the SRA or the BSB (Bar Standards Board).
For quirky historical reasons, BSB regulated solicitors are not allowed to hold client funds or client accounts, and so easy-to-use client-fund handling services have been developed by FCA authorised firms to allow those solicitors to protect and safeguard their clients' funds.

These services are available and are a boon for all solicitors (whether SRA or BSB regulated), and offer greater flexibility to solicitors. Because the FCA authorised firms deal in payments as a main business (whilst for solicitors client payment is purely an ancillary adjunct to their main business), the FCA authorised firms are able to eliminate money laundering through these payments - whereas solicitors have a reportedly terrible track record of money laundering hundreds of millions of pounds of client funds through their client accounts every year - supposedly being one of the world's main sources of money laundering. The FCA authorised firm's services also offer greater flexibility and potentially greater client protection.

So when law firm Axiom Ince's client account was frozen by the SRA, the SRA should have instructed Axiom Ince that any future incoming client account payments should be handled and safeguarded through one of the FCA authorised firms offering TPMA service to solicitors, and not through Axiom Ince's frozen client account.
These TPMA (Third Party Managed Account) payment services are what all BSB regulated solicitors use for client money handling, and are proven, are secure, and lower cost and less aggravation for a solicitor than running their own client account.

But instead, according to the news report, the SRA allowed Helen Coles' payment to be paid into the frozen client account of Axiom Ince, where it today remains under severe threat of being eaten up and lost.

We can see no excuse for this.


Date of Catastrophe for UK Payment System set by PSR - 7th October 2024

Monday, 8th January, 2024

The PSR (Payment Systems Regulator) have set the date for their new APP Fraud reimbursement regulations, which will lead to the destruction of the UK payment system - 7th October 2024.

The changes are already causing widespread payment disruption in the UK.

Already, an elderly customer of ours (who does not have online banking) spent an hour queueing in their bank branch to make a payment to our secure firm, only to be refused by their bank. They were not allowed by their bank to make the payment, as the bank were fearful that the bank might become liable for payment if the reason for payment later turned out to be a scam.

And this despite the payee, Transpact.com, being an FCA authorised firm clearly designed to prevent fraud and scam payments, and protect its users from scams - the very opposite of the bank's worst fears.

Over the next ten months, banks will start preventing their customers from making more and more standard payments, as they prepare for the new regulations which will make banks fully liable to reimburse their customers' payments that they handle, at an eye-watering loss for the banks.

If a bank believes there is even a small hypothetical risk that a payment might be fraudulent, the customer will be required to provide evidence to the bank that the payment cannot be fraudulent.

In many cases this will not be possible. So the payment will be refused.

At the very best, the payment might be permitted after the customer provides the bank with reams of evidence to demonstrate the payment is safe. Which will take the customer hours and hours, or days, to gather, produce and submit to the bank.

So the end of efficient, simple payment in the UK is imminent.

Equally harmful, as the 7th October approaches, banks will start seizing incoming payments and holding them in suspense out of the recipient's control - until the recipient bank can ascertain that the payment will not be used for fraud.

So unlike today, when a payment is paid into your bank account and you have full access to the payment immediately and within seconds thanks to the UK's Faster Payment Service - increasingly from now onwards incoming payments will be subject to seizure and significant delay - leading to cashflow and serious liquidity issues.

This is all by design - it is what the regulator (the PSR) desires - in its ham-fisted attempt to stop the increasing and terrifying APP scam fraud epidemic currently ravaging the UK.

And there is no question that urgent change is desperately needed to stop the unbelievably large and damaging APP fraud epidemic. Such urgent change is possible and easily achievable, but not in the shape of the PSR's catastrophic new regulations.
We have already posted about the three simple and almost cost-free changes that will almost eliminate APP fraud today.

Instead of implementing necessary and targeted methods to stop APP fraud in its tracks, the PSR is instead content to destroy the UK payment system, and seize-up UK payments in a botched attempt to lessen APP fraud.

Will the regulations work ?

No !
They may reduce APP fraud a little (but only a little) initially, but fraudsters will quickly find work-arounds to the new regulations, which are actually an invitation to increase and mass manufacture fraud.
And in the meantime, the UK payment system will be intentionally hamstrung and become broken for millions of users.

The coming chaos and cost to the UK economy and consumers and businesses is hard to imagine.


Destruction of the UK Payment system - Part 3

Thursday, 19th October, 2023

Open Letter to Chris Hemsley, CEO of the Payment Services Regulator (PSR):

Dear Chris,

I am writing following your open letter of 11th October 2023 to 4 charities concerning the PRS’s APP Fraud reimbursement regulations (at https://www.psr.org.uk/media/zj1l2oll/open-response-to-which-ageuk-victim-support-and-trading-standards-11-10-2023.pdf).

In the letter your state:

  • It is also important to state here that we want payment firms to take responsibility for protecting their customers at the point a payment is made. In doing so, we expect the new reimbursement requirement to lead firms to innovate and develop effective, data-driven interventions to change customer behaviour. Our consultation does not shift away from this position – a high standard of customer caution will incentivise greater steps from PSPs to drive more targeted and risk-based interventions, and the industry’s work on enhanced fraud data sharing will support this

  • Our policy is a world first and there are no other comparative protections that exist for victims of APP fraud.

  • In our policy statement, we accepted that moral hazard is a valid risk that should be managed.
    We have introduced policies to encourage customer caution and consider that a claim excess is an appropriate mechanism to manage the risk of moral hazard alongside the many actions PSPs can take to prevent APP fraud

In the first bullet point, you clearly state that banks are now mandated to stop suspect payments from leaving a payer’s bank account, despite the payer’s instruction to pay, or face the prospect of the bank becoming liable for the whole payment (half reimbursed by the payee’s bank).
This may be a catastrophic misstep by the PSR, as the vast majority of such suspect payments will be genuine and not APP scams.
In order to prevent APP scam payments, all suspected APP scam payments are soon to be forced to be stopped by the paying bank.
Since the vast majority of such suspected payments will be genuine payments which need to be made, some urgently, it is predictable and inevitable that huge numbers of genuine and necessary payments will soon be prevented in the UK. The UK’s payment system will be broken.

You as much as recognise this in the second bullet point, where you state that the PSR’s actions are a ‘world first’, and there are no other comparative protections around the world.
The reason for this is obvious – no other jurisdiction is misinformed and willing to impose such damage on its own payment system and its economy by taking such self-damaging steps.

I ask you once again, please reconsider, and step back from the abyss of damage that the current well-intentioned proposals will result in.

One final unconnected point:
I strongly believe that you have made a very significant error in what you stated in the third bullet point.
The PSR has not introduced policies that will produce sufficient customer caution.
Once the PSR’s policies are in place, we will see media advisors like Martin Lewis appearing on TV informing consumers that if they pay by bank transfer and their purchase turns out to be a scam, then they will receive the vast majority of their money back. These commentators will correctly and rightly urge and demand consumers to pay by Faster Payment to protect themselves. This is inevitable.
The threat of loss of excess will clearly not prevent many, many consumers from making payment in a negligent manner given the gains promised, in situations where they would never make those payments today, and the PSR is actually promoting and facilitating mass fraud in the UK by requiring almost full consumer reimbursement by banks despite a consumer’s absolute (but not gross) negligence.

I do hope you will take this letter to heart – because if not it seems to me that the PSR is set on a most destructive course for the UK economy.

This is an open letter, and published on our website.

Best Regards,

Transpact.com


Destruction of the UK Payment system - Part 2
Our response to the Payment Services Regulator's consultation on their soon to be introduced rules

Friday, 25th August, 2023

The PSR (Payment System Regulator) is pushing ahead with its catastrophic plans to make banks liable for their customers' payments, if the payment turns out to have been fraudulent.

Making a payment in the UK will become a nightmare experience as a result for consumers, who will have to provide copious evidence to their bank to show that their payment request has little risk of being payment for a scam.
The friction introduced when making a payment will be enormous and many bank customers will suffer very poor payment experiences.
Worse, some types of genuine payment which are handled smoothly today will simply become impossible to make in the UK - the customer's bank will simply refuse to make payment.

Here is our formal response to the PSR's latest consultation on the matter:

Dear PSR,

I am writing on behalf of my firm in response to the PSR’s consultation CP23/7 - Authorised push payment scams: The consumer standard of caution (https://www.psr.org.uk/media/rzkpdubm/cp23-7-consumer-standard-of-caution-consultation-paper-aug-2023.pdf).

This response is not confidential and can be freely disseminated – in fact, it is being published on our website.

Please note that all parts of this response are part of our response to CP23/7, and not only the answers to specific questions.
Please take all parts of this response into account as part of our response.

1) Gross Negligence vs Not Meeting Expected Caution
In previous consultations and drafts concerning the new APP fraud reimbursement rules, the PSR has strongly implied that a consumer would be regarded as being grossly negligent when they have not met the expected level of consumer caution.

In fact, the current consultation actually states that explicitly in the introduction to chapter 2, where it states:

‘We also stated that there would be two exceptions to this general reimbursement obligation:
• Where the consumer seeking reimbursement has acted fraudulently (‘first-party fraud’).
• Where the consumer has acted with gross negligence (the ‘consumer standard of caution’).’

From the above, it is clear that if the consumer does not meet the ‘consumer standard of caution’ then they will be regarded as being grossly negligent.

However, the actual PSR drafted rules to go into force do not match the above statement, and now provide the consumer with more reason to be lackadaisical and unconcerned in their affairs.
The consumer can now either be grossly negligent but still meet the level of expected caution OR the consumer may not meet the PSR’s newly drafted level of caution but only in a negligent and not a grossly negligent manner - and since they were only negligent in not meeting the consumer level of caution, they will still be entitled to almost full reimbursement.

Providing the consumer with the ability to be negligent in meeting the consumer expected level of caution, but still being entitled to almost full reimbursement, means that consumers will be able to pay for all sorts of dubious goods and services and investments with complete abandon, and as long as they were only negligent and not grossly negligent then they can expect almost full reimbursement from their bank when things predictably go wrong.
This would be a disastrous state for the UK economy, and will break the UK payment system (as explained in the point below).

2) Monitoring
It is indisputable that the introduction of the PSR’s proposals will cause significant friction and delay to a large tranche of UK payments which are currently paid smoothly and experience neither delay nor friction.
As banks require more and more evidence from paying customers to demonstrate that their payment is not a scam risk, more and more friction will be experienced by customers.

Further, a number of payments which are today possible will be refused by banks in the future as too risky, due to the PSR’s new rules.
The majority of these refused payments will be valid payments which are wrongly red-flagged as possible APP frauds. We repeat, it is inevitable that the majority of payments rejected by banks will be legitimate payments – the banks will need to reject any payment regarded as too risky, and whilst this tranche will include fraud payments, the majority of the rejected tranche will be genuine and necessary payments which are not fraudulent.
Such genuine and necessary payments will become impossible to send in the UK.

Whether the above disruption will be minor, major or catastrophic is currently open to debate.
We strongly believe it will be catastrophic.
The severity of that catastrophe will be determined by the fine details of the Consumer level of Caution required.

Nowhere in Chapter 4, where the PSR discusses monitoring, is there any mention of the monitoring of the extra friction and payment cancellation numbers (as compared with today) introduced by the PSR’s proposals.
This is a stark and manifest failure by the PSR.

The PSR needs to urgently update its monitoring proposals to provide accurate and timely statistics on the extra delays caused to UK payments, and the numbers of non-fraud payments wrongly refused by PSPs under the new proposals.
Only with such statistics will the PSR be in a position to know whether their new regulations are beneficial or catastrophic.

3) Consumers can pay Caution Free !
Nowhere in the PSR’s policy and guidance on Consumer Caution is there any requirement on consumers to act with caution when buying.
Just the opposite !
Explicitly, the PSR’s new policy and guidance explains and requires full reimbursement to a consumer where explicit warnings were not given to the consumer by their bank prior to the payment.

As a result, consumers now are required to perform zero caution when making a purchase, and can expect and require almost full reimbursement if their payment turns out to be fraudulent.

This is an extreme and total upheaval of commercial law and practice that has been practiced across all societies for the last three thousand years.
Remember, the consumer has contact with the seller, whilst the payer’s bank has no contact nor knowledge of the seller.

And yet, the consumer buyer is now free to ignore all red-flags and gamble on the most extreme and dangerous purchases, with certain knowledge that under the PSR’s new regulations they will receive almost full reimbursement if the seller proves to be a fraudster – as long as they did not receive a warning before payment from their bank. No due-diligence is required by the buyer whatsoever, and they are free to dabble in dangerous purchases without risk to themselves.

To state that this is an unsustainable situation which will crash the UK economy is an understatement.

Whilst it is true that in every case of such fraud, the fraudulent seller will be banked by a receiving PSP who will share 50% of the total loss, the sending PSPs will also incur 50% of the total payment loss, with no ability to defend themselves. The sending PSPs have no contact with the seller – unlike the consumer who has control over contact with the seller and control over checks on the seller.

For the PSR to invent a Consumer Caution requirement that requires no caution whatsoever from the consumer in the time before payment (as long as the consumer’s bank does not provide a specific warning to the consumer) is recklessness and irrationality beyond the most reasonable measure possible.
This is an absurd state of affairs, and needs to be changed.
The PSR’s requirements on consumer caution must include some measure of making the consumer responsible for checks on the seller (unlike the current proposal, where there are none).

  • Question 1: Do you agree that the PSR should specify the standard of care that PSPs can reasonably expect of consumers? Please provide reasons for your answer.
    An explicit and well stated standard of care is useful (and possibly essential) for consumers and PSPs to have clarity on what is expected and required of them to prevent APP scams.
    The current specification of the standard of care is deficient and it needs urgent reformulating.
  • Question 2: Do you agree that the standards of care specified by the PSR should be exhaustive, and that PSPs should not be able to introduce additional standards through their contractual relations with consumers? Please provide reasons for your answer.
    If the standard of care is completely and sufficiently specified, then is should be exhaustive as otherwise firms’ Terms & Conditions will be used to super-impose unnecessary and unfair standards.
    The current version of the specification of the standard of care is however woefully inadequate and in need of urgent revision and improvement (this response to the consultation explains why).
  • Question 3: Do you agree that the burden of proof should fall on the PSP to demonstrate that a consumer – through gross negligence – has failed to meet one or more of the standards at paragraph 3.2? Please provide reasons for your answer.
    We strongly disagree that the burden of proof should fall on the PSP to prove gross negligence.
    If a firm can prove that a customer has acted negligently, then it becomes very subjective and argumentative where the boundary between negligence and gross negligence lies.
    There is no definition for this boundary, and the boundary will be applied very differently by different people judging the same case. Even experts and judges will place the boundary in wildly different place for the same situation.
    It is almost impossible for a PSP, with no access to outside investigative powers, to prove with evidence that a consumer was grossly negligent rather than simply negligent, and any attempt by the PSP to do so will be subject to challenge, and the whims of the individual arbitrator assigned to the case if the gross level of negligence is contested (as each arbitrator will apply a different personal subjective boundary between negligence and gross negligence).
    Setting rules which are ill-defined and rely on subjective application is not a healthy way to regulate, and the PSR must rethink and change the use of the undefined term ‘gross-negligence’ in its regulations.
  • Question 4: Do you agree that PSPs should not be able to introduce, through their contractual relations with consumers, terms or conditions that shift the burden of proof onto consumers, or seek to reduce the burden on providers? Please provide reasons for your answer
    See answer to Question 2).
  • Question 5: Do you agree that consumers should be expected to have regard to tailored, specific warnings raised by their PSP before a proposed authorised push payment has been executed, where those warnings make clear that the intended recipient of the payment is likely to be a fraudster? Please provide reasons for your answer.
    As long as the warning required engagement by the consumer in a non-standard way (so that the consumer did not simply click a button to get rid of the warning without properly reading it), then it goes without saying that the consumer cannot expect reimbursement if the warning is ignored and the consumers then loses their money.
    Even if the criminal is instructing the consumer to ignore the warning, the consumer is still being grossly negligent by ignoring the warning and the PSP cannot and must not be made to have a liability imposed in this situation.
    Please note this does not apply where the consumer simply needs to click a button to remove the warning, as then the consumer may be suffering from warning fatigue and may click the button without reading properly the warning. By forcing the consumer to engage somehow before removing the warning, the PSP has prevented this from occurring and the consumer must lose the option for reimbursement from their PSP.
  • Question 6: Do you have any other comments on the requirement to have regard to warnings, taking into account the draft policy document at Annex 1 and the draft guidance at Annex 2?
    Yes.
    a) Likely. Under the current drafting, the PSR’s requirement is where the payment is likely to be an APP scam – which implies a 50% chance or greater of this being so.
    This is wholly and completely inadequate as a definition.

    Say a payment firm earns £3 from each payment it carries.
    And say a particular tranche of payments with average value £1,000 which the firm carries has a 1 in 10 chance of being an APP scam (for illustration purposes).
    The firm cannot know which of the 9 out of 10 such payments are genuine, honest payments which need to be made (to keep the UK economy functioning) and which of the 1 out of 10 payments is an APP scam.

    According to the current PSR definition, since none of any 10 such payments is ‘likely’ to be an APP scam (each having only a 10% risk), then the bank can warn the user that the payment could well be an APP scam, but could not warn the user that the payment is ‘likely’ to be an APP scam.
    According to the current PSR definition, the bank will always be liable for APP fraud reimbursement, even with suitable warnings, as it did not warn that the payment was likely to be a fraud (it could only warn that the payment could be a fraud).
    The firm will lose roughly £1,000 on every 10 of these tranche of payments carried, or on average roughly £100 per payment.
    So now the firm will have to charge £110 instead of £10 for each payment just to stand still, to avoid losing money. This is nonsensical, as consumers will not pay anywhere close to this amount.
    And so the 9 out of 10 genuine users of these type of payments will find themselves unable to make payment in the UK !
    The UK payment system will be broken.

    Whilst the above scenario will be played out unavoidably due to the PSR’s plans, the use of the word ‘likely’ will greatly exacerbate the situation.
    Therefore, the work ‘likely’ must be replaced with another form of wording – for example ‘quite possibly’.

    b) A bank making payment for a customer is totally reliant on the customer to provide honest and complete information about the purpose of the payment.
    If a PSP is provided incorrect or incomplete information about the purpose of the payment from the customer, then the PSP cannot stop an APP fraud payment.
    The only alternative for the PSP would be to stop all payments altogether !

    So it is critical that it is part of a requirement for customer caution that the customer must have provided honest and complete information on the reason for the payment if asked by the PSP, and if the consumer does not do so then the consumer cannot claim APP fraud reimbursement.
    Making this a requirement of customers, and publicising that this is so, will prevent APP fraud and stop customers providing wrong or incomplete information to PSPs on request, when the PSP is trying to assess the risk levels for the payment.
    This is the most critical part of this consultation, and it is imperative that the PSR requires consumers to report accurate and complete information to banks on the bank’s request at the time of the payment, and an acknowledgement that it will be regarded as gross negligence if they fail to do so.

    c) One of the factors listed in the PSR’s draft guidance on Consumer Caution at 2.10 states:
    ‘whether the PSP can reasonably be expected to have paused or otherwise prevented an authorised push payment from being executed’.

    Why is this factor here – It makes no sense !

    The PSR has already made it clear that the PSR differs from the FCA completely on APP fraud reimbursement.
    The FCA requires reimbursement in its FCA Handbook rules only where the bank could have done more to prevent the fraud – but in a situation where the bank could not prevent the fraud then the FCA does not impose any liability on the bank.
    However, the PSR requires imposition of liability on the bank, even where the bank could not have done any more to prevent the fraud.

    So why are the PSR now stating here that, whether reimbursement is due to the consumer and whether liability is imposed on the PSP, is impacted and dependent on whether the PSP could or could not have prevented the fraud ?

    Are the PSR now rowing back (as they urgently need to do) and becoming compliant with the FCA, so that a PSP that proves that it could not have done any more to prevent the fraud is not liable for reimbursement ?
    Or is this some kind of half-way house fudge where the PSR introduces a new factor which ambiguously may or may not let the PSP off liability if the PSP could not have done any more to prevent the fraud ?

    Either way, clarity is needed, and this is not the way to issue regulations.

  • Question 7: Do you agree that consumers should be subject to a standard to promptly notify their PSP when they suspect they have, or may have, fallen victim to an APP scam? Please provide reasons for your answer.
    This goes without saying, for the reasons given in the consultation.
    The PSPs involved need to take immediate steps on notification, and it is grossly negligent for the consumer not to reasonably immediately notify their PSP when they learn of the possibility of APP scam.

  • Question 9: Do you agree that consumers should be subject to a standard to respond to reasonable and proportionate information requests from their PSP, where those requests are necessary to establish whether the consumer is the victim of an APP scam, or where they are necessary under our ‘stop the clock’ policy? Please provide reasons for your answer.
    Yes.
    The PSPs involved need to take immediate steps on notification, and it is grossly negligent for the consumer not to provide the PSPs with reasonable and full information as soon as possible on request by their PSP.

  • Question 10: Do you have any other comments on the information sharing requirement, taking into account the draft policy document at Annex 1 and the draft guidance at Annex 2?
    Yes.
    a) Just as there is a need and requirement here placed by the PSR on the consumer to provide accurate and reasonable information after the fraud has been reported, so there is an equally necessary need and requirement to be placed by the PSR for the consumer to provide honest and complete information on request to the PSP at the time the payment is made. This needs to be included within the PSR’s requirements for caution on the consumer.

    b) Paragraph 3.15 states that ‘Additional information requests by the PSP, made after a reimbursement claim has been initiated, would be by exception.’
    This means that after the initial conversation that a PSP had with a consumer when the APP fraud was reported, the PSR expects the PSP not to bother the consumer again unnecessarily.

    This is totally unrealistic, as it implies that the bank call handler receiving the fraud report from the consumer will be in a position to ask all necessary questions at that time.
    Whilst this might be possible in some cases, it just is not feasible in practice in a significant number of cases, and the bank will need to sit down with an internal team to review each claim and consider the circumstances unique to that claim, and then formulate a strategy and response (which might be to pay the claim, or might be to ask further questions).

    In the majority of cases, at least two questioning conversations with the consumer will be necessary, and not just the initial one.
    The second will be necessary after the PSP has considered the claim, and used a skilled team of experts to raise any unasked points in relation to the claim.
    The PSR implies that such a second round of questioning is not acceptable, when it will necessarily be the norm.
    The PSR needs to change the guidance to take this into account.

    c) Paragraph 3.15 states that ‘Nor would they be able to embark upon speculative requests for information.’
    If a bank finds (as it inevitably will) that one in ten claims for APP fraud reimbursement are fraudulent first-party-fraud related claims seeking to falsely extort money from banks, then a PSP will need to investigate and filter out such illegal claims.
    But if 9 out of 10 such claims are genuine, and only 1 in 10 such claims are fraudulent, then under the PSR’s current ‘no speculation’ rule the PSP would be barred from doing so, and fraudulent FIRST-PARTY APP reimbursement claims will multiply and proliferate.

    The PSR needs to provide PSPs with the ability to reasonably and fairly filter out fraudulent first-party APP fraud reimbursement claims, and that necessarily requires some speculative requests.
    Not doing so will just encourage criminals to industrialise the manufacture of false APP fraud reimbursement claims (together with a new band of reimbursement-mules that are soon to appear across the UK) !

    d) Sending and Receiving PSPS may have very different needs for information exchange.
    On occasion, a sending PSP may not wish to share information with a receiving PSP, whilst the Receiving PSP might urgently need the information in relation to the APP fraud.
    Or conversely, a receiving PSP may not wish to share information with a sending PSP, whilst the Sending PSP might urgently need the information in relation to the APP fraud.

    The same information sharing requirements placed on consumers must be placed on PSPs themselves, to require full reasonable data sharing between sending PSP and receiving PSP and vice-versa.

    e) If a consumer knows that they were grossly negligent, but if they do not inform the PSP of the fact then they will have almost full reimbursement granted by their PSP, then the consumer is highly likely not disclose their gross negligence.
    They can simply keep quiet, and claim vulnerability, or wrongly claim that the PSP is overreaching in asking for information.

    Given the powerless position of the bank, it is highly unlikely that the bank will have any available tools to be able to require the consumer to disclose their gross negligence – because the PSR is not placing a requirement of candour on the consumer.
    This is fundamentally unfair and wrong.
    The PSR needs to place a duty of candour on the consumer as part of the consumer caution standard.

  • Question 12: Do you have any additional suggestions for inclusion in the standard of care that PSPs can expect of consumers in relation to authorised push payments?
    a) Require honest and complete response to questions from PSP before payment is made
    b) Require honest and complete response to reasonable questions from PSP after fraud reported (in all cases)
    c) Require each consumer to carry out reasonable checks on the seller (payee) to the existing legal level of Caveat Emptor – Buyer Beware – or be classified as grossly negligent. Otherwise the PSR’s new regulations mean that the buyer no longer has to perform any checks on the seller, and can and will simply rely on their bank for reimbursement if things go wrong. This will severely harm the UK economy.
    It is necessary for buyers to continue to shoulder the burden of the Buyer Beware burden and be required to evaluate reasonably that the seller is genuine – and this duty must not be passed wholesale on to banks, as the PSR’s rules currently envisage !

    • Question 13: Do you agree that a standard to report a suspected APP scam to the police should not be included at this stage? Please provide reasons for your answer.
    We do not believe that the PSR understands the industrial scale of false APP reimbursement claims that the PSR is about to unleash on the UK (caused by criminals teaming up with new groups of reimbursement-mules to industrialise false APP fraud claims).
    Requiring a police report by the claimant will at least force the claimant to make a formal written statement to the police. This will act as a slight deterrent (though not a major deterrent) against false claims, and so is a worthwhile and necessary step.

  • Question 11: Do you have any additional feedback on the draft policy document at Annex 1 or the draft guidance at Annex 2?
    a) See important points 1), 2) and 3) at the beginning of this correspondence.

    b) The requirement in the Policy (Annex 1) point 1.4) for a consumer to report an APP fraud promptly is sufficient.
    There is no need to state in the policy that the report must be made within 13 months of the last payment, as that implies that longer timescales for reporting are acceptable if the consumer does not report immediately.
    A consumer really should be reporting within hours or days at the most after being alerted to the fraud, never weeks nor months.
    Either remove the reference to 13 months from here (it still remains elsewhere), or re-draft the point and say i) a consumer must report an APP fraud promptly or they risk loss of right to reimbursement. ii) In any case, claims for reimbursement cannot be made more than 13 months after payment.

    c) The requirement in the Policy (Annex 1) point 1.4) for a request to be reasonable and proportionate is badly drafted and wrong.
    It is sufficient to state reasonable – if a request is not proportionate then it will by definition be unreasonable. The word proportionate must be removed.
    If the word proportionate remains in place, then it is unclear whether proportionate refers to the consumer or the requesting PSP, and this is not fair.
    If a consumer faces no loss on reimbursement (or only a small loss due to excess), then many requests for data will be disproportionate from the consumer’s point of view – why should the consumer bother to answer. But the request is extremely proportionate to the PSP, who faces a large loss.

    In summary, it is necessary to remove the words ‘and proportionate’ as they are unnecessary and will only cause ambiguity and argument.

    d) The requirement in the Policy (Annex 1) point 1.4) mention Section 3.7 of the Specific Requirement.
    The specific requirement only allows questions where the PSP has evidence of first-party fraud.
    This is too draconian, and will encourage fraudsters to manufacture large numbers of false claims against PSPs and banks.

    Say a bank knows from historical data, from the type of claim being made, that a reimbursement claim has a 20% chance of being a first-party fraud claim, but the PSP has no evidence yet for this particular claim.
    At present, the PSR’s proposal forbid the PSP from making enquiries which will clarify whether the claim is a first-party fraud claim or not, and the 20% of false claims will be allowed unhindered.
    This is not acceptable.

    Instead, the wording of the Policy must be rewritten to allow the PSP to make reasonable enquiry when it has reasonable cause (which is broader than ‘evidence’) to enquire. So change ‘evidence’ to ‘reasonable cause’.

    e) Can we again plead with the PSR to amend the 13 month rule so it applies to each payment, and not the date of last payment.
    Having a date of last payment will simply encourage victims to make further fraudulent payments if the 13 month time period has expired, so that they can claim all their payments back from the PSP (including the last one) – the time limit in relation to each payment must be 13 months from that payment. Some consumers will lose as a result, but the alternative is far, far inferior.

    f) Term 1.2) of the draft guidance (Annex 2) states that to be able to avoid reimbursement, a PSP must i) make a case that the consumer was grossly negligent, and ii) be able to prove that case.
    This is too severe a requirement.

    For the PSP to prove that the consumer acted with gross negligence will always be a subjective argument, as explained above.
    If our other points about gross negligence are not accepted, then the PSP should be able to accept on the balance of probability that the consumer acted with gross negligence, and not need to prove that there was gross negligence. Proof is too high a level, and balance of probability must be allowed.

    g) Term 2.8 of the draft guidance (Annex 2) states ‘Only in circumstances where the PSP can demonstrate that the customer has, as a result of gross negligence, not had regard to such warnings can a reimbursement claim be refused.’.
    The consumer will always have a defence that they were suffering from ‘warning fatigue’, and receive constant false warnings from banks for genuine payments – this is true, and will only get much worse when the PSR’s new APP fraud regulations come into force.
    Such a defence may be regarded as negligent, but not grossly negligent.
    In that case, Term 2.8 is written in a way that all consumers will always have all claims for reimbursement granted, and the PSR’s policy document is basically a 100% ‘pay to consumer’ policy direction.

    This is not what the PSR intends, but is what it has drafted, and this needs to be urgently corrected.

    h) Term 2.8 of the draft guidance (Annex 2) states ‘Only in circumstances where the PSP can demonstrate that the customer has, as a result of gross negligence, not had regard to such warnings can a reimbursement claim be refused.’.
    The consumer will always have a defence that they were instructed by the fraudster to ignore the warning and provide untrue and inaccurate responses to the bank, and that the consumer was under the spell of the fraudster at the time.
    Such a defence may be regarded as negligent, but not grossly negligent.
    In that case, Term 2.8 is written in a way that all consumers will always have all claims for reimbursement granted, and the PSR’s policy document is basically a 100% ‘pay to consumer’ policy direction.

    This is not what the PSR intends, but is what it has drafted, and this needs to be urgently corrected so that consumers cannot simply claim (as currently drafted) that they were under the spell of the fraudster and so lied to their bank at time of making payment (so that the bank was not able to warn the customer at that time of the risk of APP fraud).

    i) ) Term 2.21 of the draft guidance (Annex 2) states ‘the customer may have complicated, circumstantial reasons for not wishing to make some disclosures to their PSP. We do not consider that reluctance or unwillingness by a customer to respond to information requests would, in and of itself, necessarily constitute valid grounds for refusing a reimbursement claim. Nor would it automatically equate to gross negligence’.
    The consumer will always have a defence that they are facing a life-changing financial loss which is affecting their mental health – such a claim will be true of any person.
    Such mental health issues fall within the PSR’s definition of a vulnerable individual – all of us have been at some time in their life through harrowing personal circumstances which affect our day to day functioning, and which push us temporarily into the category of being someone who the PSR classifies as vulnerable.
    In that case, Term 2.21 is written in a way that all consumers will always have all claims for reimbursement granted, as being correctly classified as vulnerable (due to the immense stress of their impending financial loss) they will not communicate necessary information to their PSP on request, and as a result the PSR’s policy document is basically a 100% ‘pay to consumer’ policy direction as without necessary information from the consumer the bank will have to pay in every case.

    This is not what the PSR intends, but is what it has drafted, and this needs to be urgently corrected.

If you require any clarification or further information, please be in touch, and we will be happy to elucidate or provide further explanation.

Best Regards,

Transpact.com


Destruction of the UK Payment system - Our response to the Payment Services Regulator's flawed proposals

Friday, 25th November, 2022

APP scams (Authorised Push Payment scams) are at epidemic levels in the UK today. And the UK police and the UK Government are failing to take action to address or reduce the problem.

Bravely, the Payment Systems Regulator (PSR) has stepped into the breach, although the issue is not really the PSR's problem (which lies squarely in the FCA's domain, the police's domain, and the Government's domain).
But the PSR's well-intentioned proposals are extremely flawed, and would prove disastrous to the UK. See our response below.

===================
From: Transpact.com
Sent: 25 November 2022 3:10 PM
To: appscams@psr.org.uk
Subject: Response to Consultation CP22/4 - Authorised push payment (APP) scams: Requiring reimbursement

Dear PSR,

I am writing on behalf of my firm in response to the PSR’s consultation CP22/4 - Authorised push payment (APP) scams: Requiring reimbursement (https://www.psr.org.uk/media/kzlncenx/psr-cp22-4-app-scams-reimbursement-september-2022-v6.pdf).

This response is not confidential and can be freely disseminated (a copy of this response has been published on our firm’s public website).

Please note that all parts of this response are part of our response to CP22/4, and not only the answers to specific questions.
Please take all parts of this response into account as part of our response.

The PSR’s consultation’s proposed measures are likely to be more damaging than Kwasi Kwarteng’s sole disastrous UK budget, and the short Prime-Ministership of Liz Truss, which are currently being reported to have cost the UK £30 billion.
The PSR’s consultation’s proposed measures are likely to increase fraud and disruption to the UK on an even greater scale !
Whilst APP fraud is endemic and immense and requires immediate action in the UK, the PSR’s measures will actually worsen the problem and not solve the tsunami of APP fraud which is overwhelming the UK.
UK.

  • Preface Note 1: The Current Situation:
    At this time, consumers who have been a victim of APP fraud are legally entitled to enforce reimbursement either against their bank (the sending bank) or against the payee’s bank (the receiving bank).

    This is because under the mandatory FCA Handbook changes introduced from 31/1/19 (hereafter referred to as The FCA Handbook Changes or ‘FHC’), a consumer is entitled to protection via the Financial Ombudsman Service (FOS) whenever the payer’s bank or the payee’s bank could have done more to prevent the fraud.
    Please note, the FHC do not require the consumer to be blameless – under the FHC, if any bank in the payment chain could have done more to prevent the fraud, then that bank becomes at least partly liable to the consumer even if the consumer was also at fault.

    Since in virtually all cases of fraud (as will be shown below), the payee’s bank is at fault in not doing enough to prevent the fraud, then as a minimum the consumer is liable to recompense by the payee’s receiving bank (and if the payer’s sending bank was also at fault, also from the payer’s own bank).
    So the FHC already provide almost full protection to consumers today.

    It is a tragedy for many consumers that their rights under the FHC have not been publicised, and the payment industry has instead been allowed to hide behind the CRM (Contingent Reimbursement Model) – which was designed from scratch by the banking sector to look impressive but to contain loopholes and effectively evade payment for liability in fraud cases – which is the situation today.
    If consumers only knew of their existing mandatory rights under the FHC, the CRM would not be needed as it is nearly always inferior.

    Remember, the FHC make the receiving bank, and if appropriate the sending bank, liable to the consumer …:

    '…if the bank did not do enough to prevent or respond to an alleged authorised push payment fraud’ (quoted from the FCA Handbook which is mandatory regulation in the UK).'

    That is the sole criterion required to establish liability by the FHC (which is effective law in the UK) – and it goes much further than the CRM – and without equivocation.

    Due to the FHC, a bank faces significant liability for reimbursement to consumers and small businesses in cases where:

    'if the bank did not do enough to prevent or respond to an alleged authorised push payment fraud.

    This is strong and effective law already in place and operating today due to the FHC which correctly penalizes banks’ lack of appropriate prevention – and we are taken aback that the PSR does not acknowledge or mention this at any point, nor take this into account in this consultation.'
    Note that Authorised Push Payment Fraud is defined in the FHC in the glossary of the FCA handbook from 31st January 2019 as:

    'A transfer of funds by person A to person B, other than a transfer initiated by or through person B, where:
    (1) A intended to transfer the funds to a person other than B but was instead deceived into transferring the funds to B; or
    (2) A transferred funds to B for what they believed were legitimate purposes but which were in fact fraudulent'


    Note that under the FHC, the FCA handbook at DISP 2.7.6(2B) states that any bank in the payment chain can be the subject of the consumer-payer’s complaint, if the respondent is (or was) involved in the transfer of the funds

    So both the receiving bank and the sending bank are fully included within the FHC.

    The upshot is that the FHC already provides the consumer protection that the PSR is seeking to provide (except in no-fault cases, which as explained below in this response should not provide protection), and the PSR needs to publicise the FHC rather than take any other action (and can ditch the ineffective CRM).

    The FHC is already in force today (and have been since 31st January 2019), and simply applying and publicising the little known FHC is sufficient to achieve all that the PSR is attempting to do in this consultation.

    It is worth noting that there is one area where the CRM does provide protection to consumers that the FHC does not – where neither the consumer nor any bank was at fault in the fraud.
    But in reality, this is a vanishingly small number of cases.
    This is because the receiving bank will nearly always be at fault, as explained further below, so the consumer will nearly always have an available legal claim against the receiving bank.
    And in those no-fault-by-anyone cases, since the banks are already doing all they can to prevent APP fraud, action by the PSR will not achieve any end.

  • Preface Note 2: Why are there a vanishingly small number of cases where neither bank in the payment chain is at fault (and as a result, under current rules, consumers are already entitled to mandatory reimbursement through the FHC) ?
    At this time, in virtually all cases occurring today, the receiving bank will be at least partly at fault for any APP fraud.
    This is because the payee has either opened an account at the receiving bank with false ID, or the payee is operating as a mule account.

    In the first case, the receiving bank accepted false ID, and is therefore partly at fault in the loss.
    Now that machine readable passports are commonplace, which allow verified identity information and photograph to be read off the passport with high certainty and confidence (as they are digitally and cryptographically signed), there is no reason why any PSP should today open an account with false ID. It is extremely difficult for a criminal or fraudster to do so – way beyond the capabilities of the ordinary crook.
    We would ask the PSR to lobby the Government so that driving licenses also become machine readable and cryptographically-signed, as at present driving licenses are easily faked. This is a Government weakness, and the PSR should be pressing the Government to immediately address this issue, so that accounts can be opened for customers who have a driving licence but no passport.

    In the second case, the payee is acting as an account mule.
    Account mules are always caught by the Police, as they are committing crime in the open and do not hide their crime – that is the nature of an account mule.
    The defence of account mules – which is effective at present – is they did not know they were doing wrong.
    As a result, the Courts will not prosecute, and as a result the Police will not act (it is not worth their while, with no expected penalty due).
    And as a result, account mules are free to continue unabated in a tsunami of APP fraud.

    This is all the result of banks’ failure to alert their clients to the illegality of account muling.
    I have never received any communication from any of the various banks I personally bank with (and I personally bank with a few, to help me understand consumer experience with UK banks) instructing me that I cannot receive a payment in to my bank account for another party.
    If I was instructed by my bank that I can only receive payment into my bank account on my own behalf, and never for another person or another party, and that such receipt was actually potentially illegal and money laundering, then I would be aware that account muling was illegal. If I was told at the same time by my bank that such receipt can well lead to fine or prison sentence, then I would take note.
    But I have never received such a message from any of the many banks I bank with.

    As soon as banks take action to directly inform all their clients that their client is not allowed to receive payment into their bank account for another party, and that such receipt may be money laundering and subject to fine or prison sentence, then Courts will immediately on the basis of these warnings start prosecuting account mules.
    And Police will immediately start arresting and taking to Court account mules, as the Police know they will have an easy conviction (and this will make them look very effective).
    And account muling will stop, because no account mule will continue, knowing they are committing crime in the open, and will be certainly caught and prosecuted.

    As payee banks have not made clear to their clients that account muling is not allowed and potentially illegal, the payee banks are all at fault if their accounts are used for account muling (the banks are also in breach of the Money Laundering Regulations 2017 – but that is a different matter and an FCA failing to uphold its mandate).
    So if an APP fraud takes places, and the payee turns out to be an account mule, then it is correct that the receiving bank should be liable, as the receiving bank did not warn and make crystal clear to the payee that acting as an account mule was not allowed and possibly could cause fine or imprisonment (which in turn allowed the account to be used to defraud the original payer).

    The upshot is that a receiving bank is currently almost always at fault (at least partially) in an APP fraud (whether due to false ID or account muling), and liability should always reside with a receiving bank unless i) they did not allow their account to be opened with false ID, and ii) they made clear to their customer that they could not receive payment for any other party.
    And as made clear above, these two criteria are hardly ever currently both met by a receiving bank.

    [As an aside, when PSPs and banks do finally start educating their clientele that accounts cannot be used to receive third-party payments, APP fraud will shrink in the UK by several levels of magnitude].

    So, It should be made clear to consumers that the receiving bank will always be at fault and liable in APP fraud, unless the receiving bank can show that false identity of the payee was not involved and that the receiving bank made sure that the payee could not act as an account mule without the prospect of a jail sentence.

    This will clear up 95% of all APP fraud cases.

    In the remaining 5% of cases, it should be made clear to the consumer that if their own bank (the sending bank) was partially at fault for the APP fraud, then their own bank should be liable. Otherwise, if their own bank was not at fault in any way, then the consumer should know that they were liable for their loss.

  • Paragraph 1.11 of the consultation states:

    '‘However, the overall level of reimbursement under the Code is still below 50% – and participation in the Code is voluntary. Some PSPs are not signatories and offer lower levels of protection, leaving many consumers exposed to significant risk.'

    This is a scandalous statement by the PSR, as it is untrue, and is a complete abrogation of responsibility by the PSR.

    All banks and consumers are covered mandatorily by the FHC (FCA Handbook Changes), and consumers are NOT exposed to significant risk, as the FHC already provides in most cases far superior protection to the CRM code.

    The reason that consumers are losing out is purely due to lack of awareness by consumers and small businesses of the existence of the FHC, which already protects them.
    And the PSR has singularly failed to promote awareness of the protection of consumers existing today by the FHC.

    As is clearly evidenced in this paragraph, the PSR is continuing to take active steps to give the false impression that the FHC does not exist, or does not provide protection to consumers and small businesses in nearly all existing cases.

  • Paragraph 1.12
    The introduction and promulgation of Confirmation of Payee (CoP) is widely welcomed.
    It is an essential tool in the fight against APP fraud, and should be mandatory for all payments (expanded across all modes, including electronic payments such as via PayPal).

  • Paragraph 2.3 of the consultation states:

    'Payment systems should be safe to use. We want PSPs to act to prevent APP scams, and to ensure that victims are reimbursed.'

    In this statement, the PSR first makes an obvious and bland statement that payment systems should be safe to use.
    The PSR then makes a logical fallacy.
    The PSR connects payment systems being safe (obvious, critical and necessary) with the following statement that PSPs should act to prevent APP scams.
    This connection misunderstands the first statement.

    The first statement about the payment system being safe means only that if a consumer wishes to pay X, then the payment from the consumer should safely reach X.
    This is obvious and critical, and necessary.
    However, the first statement makes no claim of knowledge whether X receiving the payment from the consumer is a good or a bad thing, nor whether the consumer paying X could be a safe or unsafe act.
    The safety of the payment system only requires that when a consumer wishes to pay X, then the payment should safely reach X.

    The second statement considers a totally different issue to the first statement – should the consumer be paying X, and is it safe for the consumer to pay X (using a secure and safe payment system) ?
    This is not a payment question, but a legal and social question, unrelated to the payment industry.

    The first statement and the second statement cannot be conflated – to do so is a logical error.
    But that is exactly what the PSR has done.

    Of course, if the Payment firm acted in a way where it did not do enough to prevent or respond to APP fraud, then the payment firm must be liable to the consumer.
    Payment firms can and must take steps to help consumers minimise APP scams.
    Since payment firms act at the time payments are made by consumers, payment firms have an opportunity to interact with consumers and minimise such scams through appropriately advising consumers.

    And this is already the regulation in force today through the FHC (FCA Handbook changes – see above).
    And as is show above, in nearly all cases, at least one of the receiving or sending bank will currently be liable for not doing enough to prevent APP fraud.

    But if the payment firm did do enough to prevent or respond to APP Fraud, then it would overturn thousands of years of established law, and destroy the UK economy, to make the payment firm liable for the consumer’s action in making payment to X.
    Payment firms cannot be made responsible for judging and evaluating the reason that consumers make any payment.
    There is no precedent, and no reason to do so.
    That will destroy the UK’s payment systems – as payment firms will cease to be able to operate - exactly the opposite role that the PSR is tasked to fulfil.

  • Paragraph 2.17 of the consultation states:

    'We want PSPs to implement the capability to send and receive the data [historical data on account attributes] – that will enable them to better identify and stop scam payments – in 2023.'

    Whilst the largest banks may have been a part of this trial mentioned by the PSR, we as a PSP have had no information and no participation and no knowledge whatsoever of this capability.
    Given it is the end of November 2023, the statement by the PSR that they want to commence the capability in 2023 is not credible – the participating banks may be ready, but we cannot be. The PSR must not be seen to be giving undue advantage to the large banks who participated in the trial.

  • Paragraph 3.10:
    The CRM code is weak and insufficient for consumers.
    There is already a much higher standard in force in the UK through the FHC, which requires reimbursement to consumers and small businesses when either the sending bank or receiving bank did not do enough to prevent the APP fraud – which as we have explained above occurs in nearly all cases today.
    The FHC can be mandatorily enforced by any consumer or small business through the Financial Ombudsman Service (FOS).

    Therefore, the PSR’s proposals in this consultation is built on a false premise – comparing the protection currently available from the CRM today instead of comparing the protection currently available under the FHC today.

  • Paragraph 3.2 & 3.3 (2nd 3.2 & 3.3 due to consultation misnumbering)
    This paragraph claims that data sharing between banks will prevent banks from making customers’ payment journeys an impossible experience, once banks are subject to the new liability under the PSR’s proposals.
    There is no evidence to back up the PSR’s assertion – and common sense clearly demonstrates that if the PSR’s proposals are put in place, then banks will start to haemorrhage large amounts in APP fraud reimbursement, and will be forced to make their customers’ payment journeys an excruciating and impossible experience, in order to minimise these losses.

    Data sharing cannot and will not prevent this debacle, as data sharing can only slightly reduce the chance of APP fraud losses to banks – it cannot eliminate it or reduce more than a minority of cases.

    The PSR will become a cursed entity by consumers for having introduced these measures, which will lead to ordinary bank customers lives’ becoming impossible whenever they wish to make a payment.

  • Question 1: Do you have views on the impact of our proposals on consumers?
    As explained below and above, the PSR’s assumptions are an act of fancy, comparable to the assumptions used in the recent mini-budget of Chancellor Kwasi Kwarteng and Prime Minister Liz Truss.
    The PSR have provided no evidence whatsoever to demonstrate that their radical plans will not cause significant damage to the UK, and the PSR is simply hoping that their radical plans will not be damaging.
    Before scrapping liability laws that have been in existence for thousands of years (Caveat Emptor – Buyer Beware), the PSR needs to provide evidence that allowing consumers to be negligent and receive full reimbursement will not destroy the UK economy. And the PSR needs to provide evidence that when the significant number of vulnerable consumers are grossly negligent and required to receive full reimbursement by their bank, this will not destroy the UK economy.
    The onus is on the PSR to provide the evidence before taking these potentially grossly destructive radical steps.

    Taking on a vulnerable customer will mean that unlimited losses can be incurred by the bank, whenever that customer makes a payment.
    And fraudsters are likely to work with vulnerable customers to mine the UK payment system for millions (and quite probably billions) of pounds of fraudulent reimbursement where consumer gross negligence is present – all to be covered under the PSR’s proposals by banks.

    This is not a sustainable situation, and banks will quickly stop offering payment except under the most extreme circumstances.
    The UK payment system will quickly grind to a stop.

    This will not be good for consumers !

  • Paragraph 3.6 of the Consultation states:

    'PSPs have the ability to do more to prevent scams and thus mitigate their increased reimbursement costs'

    This is erroneous, and underlies the PSR’s foundational error in this consultation.

    PSPs (banks) are already fully liable to reimburse customers if they did not do enough to prevent an APP scam.
    This is already fully enforced by the FHC (FCA Handbook regulations in current force, and enforced mandatorily by the FOS).

    If there is an area for the PSR to pursue, it is to ensure that FHC rights (enforceable by the FOS) are widely publicised to and become known by consumers and SMEs.

    If a bank cannot already do more to prevent an APP scam, then regulation should not and cannot be made to make the bank liable, as this will destroy the UK economy due to the destruction of the payment system.

  • Paragraph 3.8 of the Consultation states:

    'We do not consider prudential risks would arise for larger PSPs, many of which are already CRM Code signatories'

    This statement by the PSR is patent nonsense.

    At present, larger banks (PSPs) do not have to reimburse customers where the customer was clearly negligent (even TSB). Such reimbursement is precluded under the CRM.
    Likewise, larger banks (PSPs) do not have to reimburse vulnerable customers even where they are grossly negligent.

    The new PSR proposals will mean that even larger banks will be prudentially compromised !

    And the expansion of the definition of APP fraud in the PSR’s proposals will also lead to huge liability shifts to all banks (large and small).

  • Question 2: Do you have views on the impact of our proposals on PSPs?
    Yes, see above and below for the devastating impact the PSR’s proposals will have on PSPs and banks.

  • Paragraph 4.4 of the Consultation states:

    'Larger business payers can be expected to have greater capability to protect themselves from APP scams, and it would not be proportionate to require PSPs to reimburse such businesses for their losses.'

    It is disgraceful that the PSR, as the UK’s payment regulator, can expose themselves to being so misinformed.

    Small businesses (beyond micro-enterprises) are already fully entitled to mandatory reimbursement by the FHC and enforced by the FOS, and a small business can today obtain reimbursement if either the payer or payee bank did not do enough to prevent the APP scam. As we have shown, this is so in nearly all cases.

    So for the PSR to claim that small businesses (included in the paragraph’s term of larger businesses, the PSR meaning anything other than a micro-enterprise) cannot require PSPs and banks to reimburse them when the bank is at fault, when such protection is today fully in regulation and force, and can be easily enforced by small businesses through the FOS, is shocking.

  • Paragraph 4.8
    The PSR states that it has a clear expectation that on-us payments will be treated identically to Faster Payment transactions.
    But this is no more than a wish and a prayer, and as the PSR admits is unenforceable.

    The burden of the PSR’s proposals goes far, far beyond the CRM.

    The larger 5 banks in the UK have a significant number of on-us payments – up-to and over 20% of all the payments they make.
    If these on-us payments are not subject to the same reimbursement rules as Faster Payments, then those banks will have a significant competitive advantage to competitor banks (who will have 100% liability on nearly all their payments instead of 80%).

    This is unacceptable, and subject to legal challenge, as the PSR are mandated to retain a competitive and fair payment system.
    The PSR hoping that the largest 5 banks will treat on-us payments fairly is wishful thinking, especially given the huge liabilities involved.

    If a mandatory solution cannot be found in advance to the on-us problem, then the measures cannot be introduced until a solution is found (on competition grounds).

  • Paragraph 4.11 to 4.13
    The definition of an APP scam case in the Financial Services and Markets Bill s.62(2) is:

    '(a) the case relates to a payment order executed over the Faster Payments Scheme, and
    (b) the payment order was executed subsequent to fraud or dishonesty'.

    It is critical to note that the Section 62 definition of the Bill only imposes a boundary where reimbursement may or may not be required by the PSR.
    There is no mandate in the Financial Services and Markets Bill for the PSR to impose reimbursement in every such case.
    Rather the Bill empowers the PSR to require reimbursement in such cases, if and only if the PSR deems it necessary.

    Thus using the Financial Services and Markets Bill expansive boundary definition for all fraud is quite simply unreasonable for day-to-day use, since all it requires is that fraud or dishonesty is determined at any time before the payment is made.

    What on earth counts as dishonesty in this definition ?

    Most sales related efforts across all fields rely on promoting the product being sold, and there is often a very thin line between fair promotion and dishonesty.
    Salesmen and saleswomen are incentivised to clinch sales, and it is not unknown for salespeople to cross the line from over-enthusiastic promotion to dishonesty.
    It is likely that the majority of accomplished salespeople routinely use dishonesty to some extent in over-promoting their legitimate products, in order to convince consumers to buy.

    Despite what is written in paragraph 4.13 of the consultation, if a consumer could demonstrate that a salesperson was guilty of dishonesty in over-promoting a product, then under the PSR’s definition a consumer would be entitled to reimbursement, as dishonesty could be shown prior to a payment.

    According to the definition adopted by the PSR, if a consumer can show that a product sold to them involved dishonesty by a salesperson in any form which led them to buy a product, then they will be entitled to reimbursement by a bank.
    The banks have no way to prevent or police this behaviour in mainstream commerce, and the loose definition by the PSR is far, far beyond the current FCA definition of fraud in the FHC – where the requirement is fair (that a bank could not do more to prevent fraud).

    The PSR needs to adopt the FCA definition, and not radically and unfairly increase the scope of the definition of APP fraud.

  • Question 3: Do you have views on the scope we propose for our requirements on reimbursement?
    See comments above and below

  • Paragraph 4.18 of the Consultation states:
    ‘We are not aware of conclusive evidence that, if consumers are more confident of being reimbursed, they will take less care in ensuring that their payee is not a fraudster.’

    There is significant evidence that there will be a very, very significant increase in claims under the PSR’s proposals, due to consumers knowing that they can act negligently and still be fully reimbursed.
    It is common sense and obvious that the PSR’s proposal will lead to a tsunami of increased reimbursement claims (including due to new frauds specifically targeted at the measures).

    The PSR instead has set the bar at an impossible level, demanding only conclusive evidence of what will occur in the future if and when the PSR introduce its flawed measures.
    It is impossible to produce conclusive evidence of a counter-factual – so the PSR are creating a situation where they will ignore the obvious disastrous consequences of their actions, and ignore strong (but not absolutely conclusive) evidence, as they will only act on evidence which will be of a standard impossible to produce.

    Box 1.18 introduces evidence from TSB, and its fraud guarantee.
    It is critical to note that TSB’s fraud guarantee is far, far softer than the PSR’s proposals, as TSB retain the right to refuse reimbursement where they have abused the guarantee in TSB’s opinion (such as by being negligent).
    Under the PSR’s proposals, a consumer will be entitled to full reimbursement even where a bank believes the consumer has abused the process by being negligent.

    On a separate but important point, under the PSR’s proposals, consumers would know that they would not need to take care when making purchases paid by bank transfer .
    This will be advertised and promoted to them by consumer champions, such as Martin Lewis, quite rightly pushing consumers to make payment by bank transfer and explaining that the consumer would be protected even if the consumer didn’t take adequate care.
    The PSR wrongly assumes this situation will not quickly come about, but it is obvious that it will.

  • Question 4: Do you have comments on our proposals:
    • that there should be a consumer caution exception to mandatory reimbursement
    • to use gross negligence as the consumer caution exception
    • not to provide additional guidance on gross negligence?

    As an FCA authorised PSP, we have run an escrow website service for the last 13 years that allows consumer buyers and sellers to be fully protected in a transaction.
    We have many years of experience in this area, and our firm exists to protect consumers from fraud.

    Over the years, we have seen attacks from many fraudsters, and prevented many APP frauds.
    We have also seen a not insignificant number of dishonest consumers attempting to circumvent checks and controls.
    We have also repeatedly seen fraudsters conspiring with consumers (both advertently and inadvertently) to try and commit fraud.

    To date, we have successfully defeated them all.

    But our service requires that consumers make a reasonable effort to protect themselves – the same effort required by law – along the lines of Caveat Emptor (Buyer Beware).
    We provide the ability for consumers to fully protect themselves and ensure that they are not the subject of fraud, but our platform cannot do all the work for the consumer, and the consumer still needs to ensure that the trade they are undertaking that involves payment is worthwhile and not fraudulent for them.
    We can and do ensure safe payment, and that the payer achieves everything they set out to achieve in writing with us, but we cannot ensure that the social reasons for making the payment are underlyingly safe.
    No payment firm can do so.

    It is entirely reasonable to demand that a consumer is not negligent in conducting steps to ensure that they are not being scammed.
    If a consumer is scammed because they were reasonably tricked – then this is clearly not negligence by the consumer.
    I repeat for clarity, if a consumer is scammed because they were reasonably tricked – then this is clearly not negligence by the consumer.
    Negligence by the consumer means the consumer acted unreasonably and did not perform reasonable steps in the circumstances, and to demand reimbursement by a bank in such a negligent consumer case where the bank could not prevent the fraud is preposterous.

    The FCA’s current regulation ignores the negligence or non-negligence of the consumer, and quite rightly focuses only on whether the bank could have done more to prevent the fraud or not.
    This is the test that the PSR needs to apply.

    In particular, under the PSR’s proposals, I as a consumer will be allowed to purchase a dodgy investment negligently by bank transfer, knowing that if the investment turns out to be fraudulent then I will be entitled to full reimbursement by my bank, since I have only been negligent and not grossly negligent.
    This cannot be allowed to occur, as it is absolutely necessary for consumers to be required to make some efforts to prevent fraud against themselves – something the PSR’s proposals completely uproot.

    If the PSR’s rules take effect, no bank will be able to survive the tsunami of reimbursement liability that will result.

  • Question 5: Do you have comments on our proposal to require reimbursement of vulnerable consumers even if they acted with gross negligence?
    Because the definition of who a vulnerable consumer is so nebulous, it is hard to say how many consumers fall within this category at any one time.
    It may be that 20% of all consumers are always vulnerable in some way, whilst the majority of remaining consumers will be vulnerable at some time during their life.
    Numbers could be higher than this, but they are unlikely to be lower.

    A payment firm makes pennies or less for making each payment.
    Almost by definition, a bank cannot in most cases prevent an APP scam where the consumer is grossly negligent.
    Banks can try to prevent such circumstances arising, but gross negligence is so broad that a bank cannot stop these frauds.
    Requiring a bank to incur possible large liability from a vulnerable customer for making a payment, when the bank earns pennies or less for making that payment, is not economically sustainable.

    Payments for vulnerable customers will not be allowed to occur – or banks making them will cease to economically viable.
    And because many people can become vulnerable at some point in their life, payments for everybody will cease to function smoothly.

    This will spell disaster for the UK economy, as payments cease to function well.
    The PSR will be destroying the payment system in the UK, for users.
    This is the very opposite of the PSR’s function.

    Negligence should absolutely not be a standard allowed for any consumers, and regrettably gross negligence cannot be a standard for vulnerable consumers, however caring as a society we are.

    One separate but critical point.
    Not all vulnerable people are honest.
    And some honest vulnerable people will be easily pressured into working with fraudsters. That may be a nature of their vulnerability.

    The PSR’s proposals open a wide door for fraudsters to work with vulnerable people (willingly or through coercion) to create a conveyor belt of mass fraud, and this is certain to occur – probably with organised crime quickly getting involved.
    Criminals will find a vulnerable consumer, explain to them they can act grossly negligently and have no risk, and entice or coerce them to make an APP payment to the criminal.
    The banks involved will have no way to prove what has occurred, and will be forced to fully reimburse the vulnerable consumer.
    And the tactic will repeat and repeat for millions, and probably billions of pounds every year !

    Creating rules which results in this occurring is beyond reckless for the PSR.

  • Question 6: Do you have comments on our proposal to use the FCA’s definition of a vulnerable customer?
    See answers above and below

  • Question 7: Do you have comments on our proposals that:
    • sending PSPs should be allowed to apply a modest fixed ‘excess’ to reimbursement
    • any ‘excess’ should be set at no more than £35
    • PSPs should be able to exempt vulnerable consumers from any ‘excess’ they apply?
    If a consumer is due reimbursement from a bank because the bank did not do enough to prevent the APP fraud, then we believe the consumer should receive full reimbursement, and not have £35 withheld from the reimbursement.
    It is wrong to arbitrarily deduct £35 from consumer’s reimbursements when this is due to them, whether the consumer is vulnerable or not.

  • Paragraph 4.41 of the Consultation states:

    'limit the costs to PSPs, and ultimately to their customers, of reimbursing small claims that are in fact civil disputes rather than purchase scams'

    Because the PSR’s definition of fraud is so loose and involves the word dishonesty, there will be many, many claims where the dividing line between civil disputes and purchase scams is unrecognisable.
    This is so for payments below £100, but equally for all payments above £100.

  • Question 8: Do you have comments on our proposals that:
    • sending PSPs should be allowed to set a minimum claim threshold
    • any threshold should be set at no more than £100
    • PSPs should be able to exempt vulnerable consumers from any threshold they set?

    Where the sending bank or the receiving bank is at fault (i.e. did not do enough to prevent the APP fraud) the bank is already liable under the binding FHC even for amounts below £100 – so the PSR’s minimum of £100 will make no difference at all to mandatory reimbursement.
    Where neither the sending bank nor the receiving bank were at fault (rare at this time), then no reimbursement should be liable for any amount !

  • Question 9: Do you have comments on our proposal not to have a maximum threshold?
    Where the sending bank or the receiving bank is at fault, then there should be no maximum.
    Where neither the sending bank nor the receiving bank were at fault (rare at this time), then no reimbursement should be liable for any amount !

  • Question 10: Do you have comments on our proposals that:
    • sending PSPs should be allowed to set a time-limit for claims for mandatory reimbursement
    • any time-limit should be set at no less than 13 months?
    13 months seems a sensible time limit.
    FHC protection is not limited by this restriction, so if a consumer can demonstrate that a sending bank or receiving bank was at fault then they would still be able to make a claim to FOS outside this time-limit, so the time limit is actually meaningless.

  • Question 11: Do you have comments on our proposals that:
    • the sending PSP is responsible for reimbursing the consumer
    • reimbursement should be as soon possible, and no later than 48 hours after a claim is made, unless the PSP can evidence suspicions of first party fraud or gross negligence?

    As already highlighted above, the PSR’s proposals will make it open season for criminals to start mass-producing spurious claims for reimbursement.
    The criminals will know that it will take time for banks to obtain evidence that any one claim is spuriously and criminally produced (i.e. in first-hand fraud by the payer).

    To require immediate reimbursement to the claimant, when the claimant could be responsible for either first party fraud, or for collaborating with a criminal (especially in the case of a vulnerable consumers), or for gross negligence (for non-vulnerable consumers) will make it impossible for banks to not haemorrhage large sums in losses they are not responsible for.

    The time limit for reimbursement should allow a bank time to ascertain whether fraud or gross negligence was involved.

  • Question 12: What standard of evidence for gross negligence or first party fraud would be sufficient to enable a PSP to take more time to investigate, and how long should the PSP have to investigate in those circumstances?
    If banks are forced to make reimbursement for cases where they could not have prevented the fraud, then banks offering payment in the UK will quickly cease to exist.

    Instead, for a claim for reimbursement to operate, the defrauded consumer should start by alleging fault of one or both of the banks involved. This claim for fault by a bank should commence the process, and not a notification by the defrauded consumer that an APP fraud has occurred.

  • Question 13: Do you have comments on our proposal for a 50:50 default allocation of reimbursement costs between sending and receiving PSPs?

    A 50/50 split between sending and receiving banks is totally unreasonable.
    Sending banks are already doing much to prevent APP fraud, and remain unable to prevent these frauds despite their best efforts in many cases.
    But receiving banks are nearly always at fault at this time for APP frauds, as has been explained above.
    And receiving banks will always be involved with money laundering, as the proceeds of crime are distributed (so should already be being investigated and censured by their AML regulator, the FCA).

    The split should be 10/90 sending bank/receiving bank, prior to any individual case mitigating circumstances.

  • Question 14: Do you have views on our proposal that PSPs are able to choose to depart from the 50:50 default allocation by negotiation, mediation or dispute resolution based on a designated set of more tailored allocation criteria?

    PSPs vary in size from very large to very small.
    Very large PSPs (banks) have very large legal departments, whose role is simply to minimise liability regardless of right or wrong.
    Medium and small PSPs have no legal departments.

    Medium and small PSPs will be at immense disadvantage in any negotiation with a large bank, and the PSR should not place these smaller firms in such a situation of having to negotiate in individual cases.

  • Question 15: Do you have views on how scheme rules could implement our proposed 50:50 default allocation to multi-generational scams?
    I don’t understand how and if multi-generational scams are covered by the PSR’s proposals, and I do not believe the PSR understands either.

    The example quoted in paragraph 5.11 of a Faster Payment into a Crypto-wallet, and then a later payment from the Crypto-Wallet to a fraudster, would seemingly not be included within the regulations, as the first Faster Payment was not a fraudulent payment and any fraud only occurred later.
    Why is this even being considered in the consultation, when it is already precluded ?

    On the other hand, we believe that APP fraud payments over other channels should be included in the PSR’s current regulation.
    So, for example, an APP fraud payment made via PayPal should (we believe) absolutely be covered by the current PSR regulations. And if the PSR does not have the power to enforce or create such regulation, then it should be working with other bodies (such as the FCA) to ensure that parallel regulation is brought in at the same time as the PSR’s regulations.

  • Question 16: Do you have comments on our proposal for a 50:50 default allocation of repatriated funds between sending and receiving PSPs?
    The PSR should be aware that in reality receiving banks that manage to achieve repatriation will not always openly declare that this has occurred, either through subterfuge or through ineptitude.
    And due to lack of information, in many cases the sending bank will not receive their fair share of repatriated funds.

  • Question 17: Do you have views on the scope we propose for rules on allocating the costs of mandatory reimbursement?
    See answers above and below


  • Paragraph 6.5 of the Consultation states:

    'The PSO is the appropriate body, in the long-term, to undertake the role of making, maintaining, refining, monitoring, and enforcing compliance with, comprehensive scheme rules that address fraud risks in the system.'

    This is simply not true, and the opposite of reality.

    A PSO (Payment Systems Operator) is responsible for the plumbing of payment systems, to ensure that payments flow freely and securely, and unencumbered between payers and payees.
    The PSO is absolutely NOT responsible for the reason for those payments. This is just not its role.

    Mixing the responsibility for the payments infrastructure operating well, with the responsibility for stopping fraudsters utilising the payment system is a total non-sequitur.

    It is akin to making the doctors who are responsible for safe blood flow in their patients, also responsible for what their patients do with their now healthy bodies.
    It just does not make sense.

  • Paragraph 6.5 of the Consultation states:

    'In the long-term, we want Pay.UK to be a PSO that: • specifies the circumstances when a PSP needs to reimburse the victim of a fraud'

    It is not the role of a PSO to be making social decisions about when reimbursement is due and when it is not.
    The PSO are specialists in payment plumbing, not in fraud and social issues.

  • Question 18: Do you have views on our long-term vision, and our rationale for the PSO being the rule-setter responsible for mitigating fraud?

    See above and below, that it is totally inappropriate for the PSO to be a rule-setter for mitigating fraud.

    The core of the problem is that the PSR itself should not be taking on this role today, even though it is so desperately needed.
    The actual role should be being undertaken by a combination of the FCA and the Police.
    Instead, both of these bodies have ignored the issue and looked the other way, whilst close to billions of pounds of consumer funds are defrauded each year, forcing the PSR into a role it is not best suited for.

    The PSR’s role should ideally be simply to organise and operate the payment system in a way that facilitates the identification of fraud.
    So for example, the PSR and Pay.UK should be intimately concerned with how the NPA will be created in a way which will make fraud identifiable – which fields need to be available in payment messages, and what payer/payee information needs to be passed down the payment journey, to make fraud apparent.

    But neither the PSR’s role nor Pay.UK’s role should extend beyond this.

    We recognise that the PSR has been forced into its current role by the inaction of other bodies, and we are grateful for the PSR taking up the challenge – as it is so desperately needed.
    But the PSR cannot further delegate its responsibilities to bodies like Pay.UK even more unsuited to be taking on this role.

  • Question 19: Do you have comments on the minimum initial set of Faster Payments scheme rules needed to implement our mandatory reimbursement proposals?
    These rules will be disastrous for UK payments, and make effective UK payment cease to operate, as banks require enormous and unwieldly amounts of information from customers to make any payment.

  • Question 20: Do you have views on how we should exercise our powers under FSBRA to implement our requirements?
    Pay.UK is not the appropriate body to be making rules and regulations with social impact – the PSR should be making rules.

    As pointed out above, no rules should be made until rules for on-us payments are made. As the PSR cannot make those rules, other bodies will have to make the rules. And since other bodies will be making those rules (such as the FCA), those other bodies should be making all the rules to prevent APP fraud (and the PSR need not duplicate them).
    This is what should be happening, and this is what is desperately needed, given the current tsunami of APP fraud.

  • Question 21: Do you have views on how we propose that allocation criteria and dispute resolution arrangements are developed and implemented?

    Pay.UK is dependent on the largest banks for funding, and is heavily influenced by the largest banks.
    Any rules that Pay.UK implements on arbitration rulings between payment firms are highly unlikely to be equitable towards smaller payment firms.
    This is territory that the PSR needs to step into – it is just not equitable to ask Pay.UK to do so, as the larger banks will end up dominating smaller PSPs, and competition will be greatly diminished in the payment sector (against the PSR’s core principles).

  • Question 22: Do you have comments on our preferred short-term implementation approach of requiring Pay.UK to implement an effective compliance monitoring regime, including a reporting requirement on PSPs?

    The FCA already collects detailed regular information from payment firms on fraud.
    The PSR should co-operate with the FCA so that the FCA’s data collection should include fraud reimbursement statistics, and this should be passed to the PSR. Pay.UK should under no circumstances be involved in the data collection – it is not their role, and would be a distraction from what Pay.UK is set up to achieve.

  • Question 23: Do you have views on the costs and benefits of Pay.UK implementing a real-time compliance monitoring system and when it could be introduced?
    See previous answer

  • Question 24: Do you have views on the best option for short-term enforcement arrangements?

    As already mentioned, no short-term measures can take place without on-us payments being regulated.
    And since on-use payments will require outside bodies to regulate, those outside bodies should also regulate on APP fraud reimbursement (if required beyond current FHC regulation – which is doubtful).

    Neither the PSR nor Pay.UK should take any short-term measures without on-us payments being fully regulated.

  • Question 25: Do you have views on the best way to apply the rules on reimbursement to indirect participants?

    As explained above, the FCA has already made rules for indirect participants through the FHC, and these are in operation now.
    The PSR should not be making rules on indirect participants, as the existing FHC rules are more than sufficient. They simply need to be publicised.

  • Paragraph 7.41 of the Consultation states:

    'The Government has announced its intention to legislate to place a duty on the PSR to require victim reimbursement for APP scams.'

    This is not so. The Government has announced its intention to place a duty on the PSR to require victim reimbursement for APP scams if and only if the PSR feels it necessary.
    Given the FHC already provide more than adequate cover to APP scam victims, the PSR should be concentrating on promulgating knowledge of the FHC to consumers.

  • Question 27: Do you have comments on our cost benefit analysis at Annex 2 or any additional evidence relevant to the analysis?

    Yes, the cost benefit analysis is not-fit for purpose and the cost benefit analysis is Wednesbury unreasonable (so subject to legal challenge).
    See below and above for details.
    Our view is that the PSR needs to rerun the cost benefit analysis correctly from scratch, taking into account the points raised.

  • Consultation – Additional Point

    The FCA’s existing rules on reimbursement rightly state that a bank or PSP is liable when the bank or PSP was at fault.

    A well run, caring PSP cannot face liability if it acted only correctly.

    But under the PSR’s proposals, a bank or PSP can face liability for handling a payment even when the bank or PSP acted correctly at every stage.

    Please ask yourself if smaller PSPs will continue to operate and offer a payment service to their customer, and earn a few pennies by doing so, if the smaller PSP can face liability of the full payment amount that it correctly and appropriately handles?
    Of course not.

    It is not economically viable for a payment firm to make a payment of £800 for a client, if the payment firm may become liable for an £800 reimbursement when the payment firm did everything correctly and nothing wrong.

    The bottom line is that if payment firms are made liable for no-fault reimbursement, only the very largest banks will be able to make payments in the UK.

    There is also a question whether making the payment firm liable in such circumstances would actually breach the Human Rights Act 1998, and the rights of the PSP and its owners.
    The power that the Financial Services and Markets Bill s.62(2) infers on the PSR is only to act where the PSR believes in its opinion is reasonably necessary. If the PSR acts in an unreasonable manner, then it is acting outside the law, and its proposals are subject to be struck down by legal challenge.

  • Annex 2 – Cost Benefit Analysis - Preamble states:

    'Main benefit: Strengthened financial incentives for PSPs to detect and prevent APP scams are likely to lead to improved fraud prevention and result in substantial decline in the overall amount of APP scam fraud that consumers suffer. Current levels of APP scam fraud, at over £500 million in 2021, could fall by between £100 and £150 million per annum, based on our assessment.'

    This is the main benefit that the PSR is relying on.
    But the premise is demonstrable and provably erroneous.
    This fatally and clearly undermines the whole consultation, which relies wholeheartedly on this benefit.

    The existing liability of banks and PSPs is from existing protection already mandated and in force by the FHC.
    This already forces both sending and receiving banks to reimburse defrauded consumers whenever the bank did not do enough to prevent the fraud.

    By definition, there is no point or purpose in increasing protection beyond this, as it will not assist in making banks do more to prevent fraud – as they are already liable if they did not do this.

    The consultation (and the cost benefit analysis is therefore fatally flawed.

  • Annex 2 – Cost Benefit Analysis - Preamble states:
    • 'PSPs that currently reimburse their customers for APP scam losses on a voluntary basis would continue to do so
    • current low rates of recovery and low shares of reimbursement coming from receiving PSPs would remain low'
    But banks and PSPs in nearly all cases today are required to reimburse defrauded consumers under the FHC. That this is not occurring, despite being legally mandated and enforced by the FOS, is purely down to ignorance by consumers. This is easily changed through education and advertising, and the baseline for the cost benefit analysis cannot and should not assume that such ignorance continues, and the low level of reimbursement under the CRM continues.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.13 – Table 1

    This table wildly over inflates the benefits, and underestimates the costs (apart from missing out the close to billion pound cost to banks of reimbursement when the bank could not prevent the fraud), and missed out some of the biggest costs which will result.
    See below.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.18

    There is no way that the PSR’s proposals will lower cost for any bank or PSP, despite what is written here.
    Just the cost from vulnerable consumers being grossly negligent will introduce enormous liability to all banks.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.25

    Most of the savings listed here are likely to be due to the deficient PSPs not yet operating Confirmation of Payee (CoP).
    Because these PSPs are separately mandated by the PSR to offer CoP from next year, the savings listed here in respect of the cost benefit analysis are illusory and will occur as CoP is anyway comprehensively introduced, without any action under these proposals.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.25 states:

    'Second, as set out below, we have considered the risk that mandatory reimbursement could lead to some customers exercising less caution when making payments. Such a potential increase in APP scam losses could offset some of the potential gains from enhanced detection and prevention by PSPs.'

    This may be one of the great understatements of all time.
    Once consumers are made aware (and they will be) that they can buy negligently and certainly receive full reimbursement from their bank, there will be a marked change in consumer behaviour, and consumers will buy negligently relying on the PSR’s protection for reimbursement if their purchase does not work out. The new resulting liability each year to banks and PSPs will be immense.

    Ditto for reimbursement after gross negligence by vulnerable consumers.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.38 states:

    'Our proposed policy will also increase trust in the payment system for consumers more generally through an increase in their confidence that they will be able to recover any money lost where they have exercised sufficient caution.'

    Consumers will face significant new barriers to make any payments, and vulnerable customers will face almost insurmountable barriers to make payments.
    This will destroy confidence in the payment system, and greatly harm the payment system.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.38 states:

    'We have not taken the approach of directly balancing the costs of increased reimbursement that PSPs will face against the benefits of increased reimbursement that victims will receive. That approach would simply find a large cost on one side cancelled out by the same scale of benefit on the other.'

    The above statement is understandable.
    What is not logical nor reasonable nor understandable is to include the cost of benefit to consumers and not to include the cost to banks. This is pure fantasy policy making.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.41

    Even PSPs that already reimburse a material share of their customers’ losses currently will face large liability increases.
    This is because consumers who currently act negligently in an APP fraud, whilst their bank did not fail to reasonably prevent the loss, would not currently make a claim for reimbursement. The consumer would know that there would be no point in doing so.
    Under the PSR’s new rules the consumer will make a full claim for reimbursement, as they know they will achieve full reimbursement, so the number of claims to these banks will rise dramatically.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.53 states:

    'there may also be costs to customers and business if PSPs introducing stronger controls also leads to a higher number of payments being queried, delayed or even declined, as set out in Chapter 3, above.'

    This is another understatement of earth-shaking proportions.
    The friction for a consumer to make a payment under the new regime, if the PSR brings in these proposals, will disrupt UK payments and commerce and have devastating repercussions.
    The costs from this new payment friction when compared with payment ease today will be in the hundreds of millions of pounds every year, and should be included in the cost benefit analysis.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.57 states:

    'Moving to a system of mandatory reimbursement could lead to an increase in payments where customers have not exercised sufficient caution, in the knowledge that any losses will be fully reimbursed. As set out in Chapter 4, we are not aware of conclusive evidence that, if consumers are more confident of being reimbursed, they will take less care in ensuring that their payee is not a fraudster'

    This is again an epic understatement.
    See our comment on Paragraph 4.18 of the Consultation above, where we explain that the PSR is being disingenuous in requiring an impossible level of evidence in this instance.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.62 states:

    'As above, we also expect PSPs to continue to treat all prospective customers equally. PSPs should treat current and prospective customers according to their obligations in the Equality Act 2010.'

    The epic understatements keep coming in the cost benefit analysis.

    Given that any payment made by a vulnerable consumer can lead to full liability for the bank handling it, even if the consumer is grossly negligent, it is certain that vulnerable customers will face significant barriers to making payments.
    The PSR’s consultation dismisses this possibility, and states that the Equality Act 2010 will prevent significant barriers being introduced. This is clearly fantasy.

  • Annex 2 – Cost Benefit Analysis – Paragraph 2.63

    PayPal payments are also a likely vector to be used by criminals switching APP fraud away from Faster Payments, if this occurs.

  • Annex 2 – Cost Benefit Analysis – Additional Issue

    It is clear that under the PSR’s proposals, criminals will manufacture false reimbursement claims.
    Either through first hand fraud by the payer – relying on the bank not having enough time or ability to quickly detect the false claim before the PSR requires reimbursement.
    Or through working with vulnerable consumers (willingly or under coercion) to make claims where the vulnerable consumer was grossly negligent – but still entitled to full reimbursement by the bank.

    The cost of these newly manufactured false reimbursement claims is certain to be in the hundreds of millions of pounds a year to banks, and it is a very significant cost that is missing from the cost benefit analysis.

  • Annex 3 - Public Sector Equality Assessment – Paragraphs 3.15 & 3.16

    See comments above.
    It is crystal clear and obvious that those with protected characteristics will be prevented from easily making payments by the proposals (due to their being at higher risk of being classified as vulnerable, as the PSR points out), and great harm will accrue to these protected characteristic consumers.

    In response the PSR states that it will make clear to banks and PSPs not to disadvantage such customers.
    This will have no effect, and is wishful thinking and fantasy by the PSR.

  • Annex 3 - Public Sector Equality Assessment – Paragraphs 3.21 states:

    'We also note that current industry initiatives to improve data sharing between PSPs and increased incentives to improve fraud detection and prevention should help to minimise the number of payments stopped unnecessarily.'

    Whilst these initiatives may minimise the number of payments stopped unnecessarily, it is equally likely that the initiatives will not lead to any improvement in this regard.
    The PSR presents no evidence that the initiatives will reduce payments stopped unnecessarily, and the PSR is again guilty of wishful and harmful thinking to push through its proposals.

    Given the much, much larger number of payments which will be stopped unnecessarily, given the new huge liabilities to banks for negligent reimbursement by consumers, and grossly negligent reimbursement in the case of vulnerable consumers, it is inevitable that the number of payments that will be stopped unnecessarily will increase very, very significantly.

If you require any clarification or further information, please be in touch, and we will be happy to elucidate.

Best Regards,

Transpact.com


APP Scams in the UK - Know your Rights

Monday, 15th November, 2021


PayPal and Bitcoin - Too big to prevent Money Laundering

Friday, 23rd October, 2020


Our 10 Year Anniversary

Friday, 1st November, 2019


PSR - Payment Systems Regulator - and Push Payment Scams

Thursday, 1st March, 2018


Escrow companies authorised by the FCA must never be unclear or misleading

Thursday, 30th November, 2017


Transpact.com offers Best Payment API for
Online Marketplaces
Act now before PSD2 starts in Europe on 13th January 2018

Thursday, 28th June, 2017


Another Glowing Testimonial

Thursday, 18th May, 2017


Welcome to TrustMark - Government Endorsed Standards Body

Wednesday, 28th October, 2015


We've added a fee calculator

Monday, 7th June, 2015


Open Letter to BBC MoneyBox

Monday, 29th September, 2014


Transpact.com on BBC Radio 4.

Thursday, 3rd July, 2014


UPDATE 6 - Cyber Crime UK - It's so easy !

Sunday, 29th June, 2014


UPDATE 5 - Cyber Crime UK - It's so easy !

Tuesday, 24th June, 2014


UPDATE 4 - Cyber Crime UK - It's so easy !

Wednesday, 11th June, 2014



European Escrow Organisation letter to FINCEN (USA) -
A Money Launderers' and Terrorists' free-for-all if Escrow Unregulated

Tuesday, 10th June, 2014



UPDATE 3 - Cyber Crime UK - It's so easy !

Monday, 28th April, 2014



UPDATE 2 - Cyber Crime UK - It's so easy !

Friday, 25th April, 2014



UPDATE - Cyber Crime UK - It's so easy !

Sunday, 20th April, 2014



Cyber Crime UK - It's so easy !
Anatomy of a high-return cyber crime

Tuesday, 8th April, 2014



No Chargebacks !
Low Value Pricing (2.9%) Revolutionises Retailing

Thursday, 20th March, 2014



UKTI (UK Trade & Investment - a UK Government Agency) now endorses use of FCA authorised escrow services:
Article: How to clinch overseas sales (and also get paid)

Monday, 20th January, 2014



Mike Freer MP, our Local Member of Parliament, Assists

Thursday, 20th June, 2013



Transpact.com service model copied by Escrow.com.
Imitation is the sincerest form of flattery.

Friday, 5th April , 2013



Transpact.com, world's leading domain escrow service ?

Friday, 21st December, 2012



Another BBC Apology ?

Thursday, 15th November, 2012



The world leader in art markets partners with Transpact.com

Thursday, 9th February, 2012



Payment without delay across the EU

Monday, 9th January, 2012



Welcome AutoTrader - Transpact.com's latest website partner

Tuesday, 13th December, 2011



The Metropolitan Police recommend use of FSA Authorised escrow providers

Monday, 7th November, 2011



Why we raised our Prices for large payments

Tuesday, 4th October, 2011



MRI machines to Stethoscopes - MedWow.com

Friday, 9th September, 2011



FSA Registration offers little or no comfort

Monday, 8th August, 2011



More Websites use Transpact.com's API to integrate Escrow services into their websites

Monday, 11th July, 2011



Fraudster's access to Debit Card Details -
BBC gets it terribly wrong again !

Thursday, 16th June, 2011



HM Treasury replies Again

Monday, 6th June, 2011



HM Treasury replies

Wednesday, 4th May, 2011



Welcome BondPay.co.uk

Monday, 4th April, 2011



Government-linked Organisations getting it wrong ?
Bank / Credit Card Details Disclosure

Tuesday, 8th March, 2011



Response from HM Treasury ?

Friday, 4th February, 2011



An open letter to the Financial Secretary to the Treasury

Monday, 3rd January, 2011



Welcome MyArtBroker.com

Wednesday, 1st December, 2010



When should you use Transpact - Section 75 of the CCA

Friday, 22nd October, 2010



Partner Websites

Monday, 12th September, 2010



The Guardian

Friday, 23rd July, 2010



Exceptional Protection

Tuesday, 6th July, 2010



Tenancy Deposits - Is yours an Assured Shorthold Tenancy ?

Wednesday, 2nd June, 2010



Redsky Design - Web Designers Extraordinaire

Thursday, 22nd April, 2010



First Transpact blog

Monday, 19th April, 2010