Destruction of the UK Payment system - Our response to the Payment Services Regulator's flawed proposals

• Preface Note 1: The Current Situation:
  At this time, consumers who have been a victim of APP fraud are legally entitled to enforce reimbursement either against their bank (the sending bank) or against the payee’s bank (the receiving bank).
  
  This is because under the mandatory FCA Handbook changes introduced from 31/1/19 (hereafter referred to as The FCA Handbook Changes or ‘FHC’), a consumer is entitled to protection via the Financial Ombudsman Service (FOS) whenever the payer’s bank or the payee’s bank could have done more to prevent the fraud.
  Please note, the FHC do not require the consumer to be blameless – under the FHC, if any bank in the payment chain could have done more to prevent the fraud, then that bank becomes at least partly liable to the consumer even if the consumer was also at fault.
  
  Since in virtually all cases of fraud (as will be shown below), the payee’s bank is at fault in not doing enough to prevent the fraud, then as a minimum the consumer is liable to recompense by the payee’s receiving bank (and if the payer’s sending bank was also at fault, also from the payer’s own bank).
  So the FHC already provide almost full protection to consumers today.
  
  It is a tragedy for many consumers that their rights under the FHC have not been publicised, and the payment industry has instead been allowed to hide behind the CRM (Contingent Reimbursement Model) – which was designed from scratch by the banking sector to look impressive but to contain loopholes and effectively evade payment for liability in fraud cases – which is the situation today.
  If consumers only knew of their existing mandatory rights under the FHC, the CRM would not be needed as it is nearly always inferior.
  
  Remember, the FHC make the receiving bank, and if appropriate the sending bank, liable to the consumer …:
  

  '…if the bank did not do enough to prevent or respond to an alleged authorised push payment fraud’ (quoted from the FCA Handbook which is mandatory regulation in the UK).'

  That is the sole criterion required to establish liability by the FHC (which is effective law in the UK) – and it goes much further than the CRM – and without equivocation.
  
  Due to the FHC, a bank faces significant liability for reimbursement to consumers and small businesses in cases where:
  

  'if the bank did not do enough to prevent or respond to an alleged authorised push payment fraud.

  This is strong and effective law already in place and operating today due to the FHC which correctly penalizes banks’ lack of appropriate prevention – and we are taken aback that the PSR does not acknowledge or mention this at any point, nor take this into account in this consultation.'
  Note that Authorised Push Payment Fraud is defined in the FHC in the glossary of the FCA handbook from 31st January 2019 as:
  

  'A transfer of funds by person A to person B, other than a transfer initiated by or through person B, where:
  (1) A intended to transfer the funds to a person other than B but was instead deceived into transferring the funds to B; or
  (2) A transferred funds to B for what they believed were legitimate purposes but which were in fact fraudulent'

  
  Note that under the FHC, the FCA handbook at DISP 2.7.6(2B) states that any bank in the payment chain can be the subject of the consumer-payer’s complaint, if the respondent is (or was) involved in the transfer of the funds
  
  So both the receiving bank and the sending bank are fully included within the FHC.
  
  The upshot is that the FHC already provides the consumer protection that the PSR is seeking to provide (except in no-fault cases, which as explained below in this response should not provide protection), and the PSR needs to publicise the FHC rather than take any other action (and can ditch the ineffective CRM).
  
  The FHC is already in force today (and have been since 31st January 2019), and simply applying and publicising the little known FHC is sufficient to achieve all that the PSR is attempting to do in this consultation.
  
  It is worth noting that there is one area where the CRM does provide protection to consumers that the FHC does not – where neither the consumer nor any bank was at fault in the fraud.
  But in reality, this is a vanishingly small number of cases.
  This is because the receiving bank will nearly always be at fault, as explained further below, so the consumer will nearly always have an available legal claim against the receiving bank.
  And in those no-fault-by-anyone cases, since the banks are already doing all they can to prevent APP fraud, action by the PSR will not achieve any end.
  
  
• Preface Note 2: Why are there a vanishingly small number of cases where neither bank in the payment chain is at fault (and as a result, under current rules, consumers are already entitled to mandatory reimbursement through the FHC) ?
  At this time, in virtually all cases occurring today, the receiving bank will be at least partly at fault for any APP fraud.
  This is because the payee has either opened an account at the receiving bank with false ID, or the payee is operating as a mule account.
  
  In the first case, the receiving bank accepted false ID, and is therefore partly at fault in the loss.
  Now that machine readable passports are commonplace, which allow verified identity information and photograph to be read off the passport with high certainty and confidence (as they are digitally and cryptographically signed), there is no reason why any PSP should today open an account with false ID. It is extremely difficult for a criminal or fraudster to do so – way beyond the capabilities of the ordinary crook.
  We would ask the PSR to lobby the Government so that driving licenses also become machine readable and cryptographically-signed, as at present driving licenses are easily faked. This is a Government weakness, and the PSR should be pressing the Government to immediately address this issue, so that accounts can be opened for customers who have a driving licence but no passport.
  
  In the second case, the payee is acting as an account mule.
  Account mules are always caught by the Police, as they are committing crime in the open and do not hide their crime – that is the nature of an account mule.
  The defence of account mules – which is effective at present – is they did not know they were doing wrong.
  As a result, the Courts will not prosecute, and as a result the Police will not act (it is not worth their while, with no expected penalty due).
  And as a result, account mules are free to continue unabated in a tsunami of APP fraud.
  
  This is all the result of banks’ failure to alert their clients to the illegality of account muling.
  I have never received any communication from any of the various banks I personally bank with (and I personally bank with a few, to help me understand consumer experience with UK banks) instructing me that I cannot receive a payment in to my bank account for another party.
  If I was instructed by my bank that I can only receive payment into my bank account on my own behalf, and never for another person or another party, and that such receipt was actually potentially illegal and money laundering, then I would be aware that account muling was illegal. If I was told at the same time by my bank that such receipt can well lead to fine or prison sentence, then I would take note.
  But I have never received such a message from any of the many banks I bank with.
  
  As soon as banks take action to directly inform all their clients that their client is not allowed to receive payment into their bank account for another party, and that such receipt may be money laundering and subject to fine or prison sentence, then Courts will immediately on the basis of these warnings start prosecuting account mules.
  And Police will immediately start arresting and taking to Court account mules, as the Police know they will have an easy conviction (and this will make them look very effective).
  And account muling will stop, because no account mule will continue, knowing they are committing crime in the open, and will be certainly caught and prosecuted.
  
  As payee banks have not made clear to their clients that account muling is not allowed and potentially illegal, the payee banks are all at fault if their accounts are used for account muling (the banks are also in breach of the Money Laundering Regulations 2017 – but that is a different matter and an FCA failing to uphold its mandate).
  So if an APP fraud takes places, and the payee turns out to be an account mule, then it is correct that the receiving bank should be liable, as the receiving bank did not warn and make crystal clear to the payee that acting as an account mule was not allowed and possibly could cause fine or imprisonment (which in turn allowed the account to be used to defraud the original payer).
  
  The upshot is that a receiving bank is currently almost always at fault (at least partially) in an APP fraud (whether due to false ID or account muling), and liability should always reside with a receiving bank unless i) they did not allow their account to be opened with false ID, and ii) they made clear to their customer that they could not receive payment for any other party.
  And as made clear above, these two criteria are hardly ever currently both met by a receiving bank.
  
  [As an aside, when PSPs and banks do finally start educating their clientele that accounts cannot be used to receive third-party payments, APP fraud will shrink in the UK by several levels of magnitude].
  
  So, It should be made clear to consumers that the receiving bank will always be at fault and liable in APP fraud, unless the receiving bank can show that false identity of the payee was not involved and that the receiving bank made sure that the payee could not act as an account mule without the prospect of a jail sentence.
  
  This will clear up 95% of all APP fraud cases.
  
  In the remaining 5% of cases, it should be made clear to the consumer that if their own bank (the sending bank) was partially at fault for the APP fraud, then their own bank should be liable. Otherwise, if their own bank was not at fault in any way, then the consumer should know that they were liable for their loss.
  
  
• Paragraph 1.11 of the consultation states:
  

  '‘However, the overall level of reimbursement under the Code is still below 50% – and participation in the Code is voluntary. Some PSPs are not signatories and offer lower levels of protection, leaving many consumers exposed to significant risk.'

  This is a scandalous statement by the PSR, as it is untrue, and is a complete abrogation of responsibility by the PSR.
  
  All banks and consumers are covered mandatorily by the FHC (FCA Handbook Changes), and consumers are NOT exposed to significant risk, as the FHC already provides in most cases far superior protection to the CRM code.
  
  The reason that consumers are losing out is purely due to lack of awareness by consumers and small businesses of the existence of the FHC, which already protects them.
  And the PSR has singularly failed to promote awareness of the protection of consumers existing today by the FHC.
  
  As is clearly evidenced in this paragraph, the PSR is continuing to take active steps to give the false impression that the FHC does not exist, or does not provide protection to consumers and small businesses in nearly all existing cases.
  
  
• Paragraph 1.12
  The introduction and promulgation of Confirmation of Payee (CoP) is widely welcomed.
  It is an essential tool in the fight against APP fraud, and should be mandatory for all payments (expanded across all modes, including electronic payments such as via PayPal).
  
  
• Paragraph 2.3 of the consultation states:
  

  'Payment systems should be safe to use. We want PSPs to act to prevent APP scams, and to ensure that victims are reimbursed.'

  In this statement, the PSR first makes an obvious and bland statement that payment systems should be safe to use.
  The PSR then makes a logical fallacy.
  The PSR connects payment systems being safe (obvious, critical and necessary) with the following statement that PSPs should act to prevent APP scams.
  This connection misunderstands the first statement.
  
  The first statement about the payment system being safe means only that if a consumer wishes to pay X, then the payment from the consumer should safely reach X.
  This is obvious and critical, and necessary.
  However, the first statement makes no claim of knowledge whether X receiving the payment from the consumer is a good or a bad thing, nor whether the consumer paying X could be a safe or unsafe act.
  The safety of the payment system only requires that when a consumer wishes to pay X, then the payment should safely reach X.
  
  The second statement considers a totally different issue to the first statement – should the consumer be paying X, and is it safe for the consumer to pay X (using a secure and safe payment system) ?
  This is not a payment question, but a legal and social question, unrelated to the payment industry.
  
  The first statement and the second statement cannot be conflated – to do so is a logical error.
  But that is exactly what the PSR has done.
  
  Of course, if the Payment firm acted in a way where it did not do enough to prevent or respond to APP fraud, then the payment firm must be liable to the consumer.
  Payment firms can and must take steps to help consumers minimise APP scams.
  Since payment firms act at the time payments are made by consumers, payment firms have an opportunity to interact with consumers and minimise such scams through appropriately advising consumers.
  
  And this is already the regulation in force today through the FHC (FCA Handbook changes – see above).
  And as is show above, in nearly all cases, at least one of the receiving or sending bank will currently be liable for not doing enough to prevent APP fraud.
  
  But if the payment firm did do enough to prevent or respond to APP Fraud, then it would overturn thousands of years of established law, and destroy the UK economy, to make the payment firm liable for the consumer’s action in making payment to X.
  Payment firms cannot be made responsible for judging and evaluating the reason that consumers make any payment.
  There is no precedent, and no reason to do so.
  That will destroy the UK’s payment systems – as payment firms will cease to be able to operate - exactly the opposite role that the PSR is tasked to fulfil.
  
  
• Paragraph 2.17 of the consultation states:
  

  'We want PSPs to implement the capability to send and receive the data [historical data on account attributes] – that will enable them to better identify and stop scam payments – in 2023.'

  Whilst the largest banks may have been a part of this trial mentioned by the PSR, we as a PSP have had no information and no participation and no knowledge whatsoever of this capability.
  Given it is the end of November 2023, the statement by the PSR that they want to commence the capability in 2023 is not credible – the participating banks may be ready, but we cannot be. The PSR must not be seen to be giving undue advantage to the large banks who participated in the trial.
  
  
• Paragraph 3.10:
  The CRM code is weak and insufficient for consumers.
  There is already a much higher standard in force in the UK through the FHC, which requires reimbursement to consumers and small businesses when either the sending bank or receiving bank did not do enough to prevent the APP fraud – which as we have explained above occurs in nearly all cases today.
  The FHC can be mandatorily enforced by any consumer or small business through the Financial Ombudsman Service (FOS).
  
  Therefore, the PSR’s proposals in this consultation is built on a false premise – comparing the protection currently available from the CRM today instead of comparing the protection currently available under the FHC today.
  
  
• Paragraph 3.2 & 3.3 (2nd 3.2 & 3.3 due to consultation misnumbering)
  This paragraph claims that data sharing between banks will prevent banks from making customers’ payment journeys an impossible experience, once banks are subject to the new liability under the PSR’s proposals.
  There is no evidence to back up the PSR’s assertion – and common sense clearly demonstrates that if the PSR’s proposals are put in place, then banks will start to haemorrhage large amounts in APP fraud reimbursement, and will be forced to make their customers’ payment journeys an excruciating and impossible experience, in order to minimise these losses.
  
  Data sharing cannot and will not prevent this debacle, as data sharing can only slightly reduce the chance of APP fraud losses to banks – it cannot eliminate it or reduce more than a minority of cases.
  
  The PSR will become a cursed entity by consumers for having introduced these measures, which will lead to ordinary bank customers lives’ becoming impossible whenever they wish to make a payment.
  
  
• Question 1: Do you have views on the impact of our proposals on consumers?
  As explained below and above, the PSR’s assumptions are an act of fancy, comparable to the assumptions used in the recent mini-budget of Chancellor Kwasi Kwarteng and Prime Minister Liz Truss.
  The PSR have provided no evidence whatsoever to demonstrate that their radical plans will not cause significant damage to the UK, and the PSR is simply hoping that their radical plans will not be damaging.
  Before scrapping liability laws that have been in existence for thousands of years (Caveat Emptor – Buyer Beware), the PSR needs to provide evidence that allowing consumers to be negligent and receive full reimbursement will not destroy the UK economy. And the PSR needs to provide evidence that when the significant number of vulnerable consumers are grossly negligent and required to receive full reimbursement by their bank, this will not destroy the UK economy.
  The onus is on the PSR to provide the evidence before taking these potentially grossly destructive radical steps.
  
  Taking on a vulnerable customer will mean that unlimited losses can be incurred by the bank, whenever that customer makes a payment.
  And fraudsters are likely to work with vulnerable customers to mine the UK payment system for millions (and quite probably billions) of pounds of fraudulent reimbursement where consumer gross negligence is present – all to be covered under the PSR’s proposals by banks.
  
  This is not a sustainable situation, and banks will quickly stop offering payment except under the most extreme circumstances.
  The UK payment system will quickly grind to a stop.
  
  This will not be good for consumers !
  
  
• Paragraph 3.6 of the Consultation states:
  

  'PSPs have the ability to do more to prevent scams and thus mitigate their increased reimbursement costs'

  This is erroneous, and underlies the PSR’s foundational error in this consultation.
  
  PSPs (banks) are already fully liable to reimburse customers if they did not do enough to prevent an APP scam.
  This is already fully enforced by the FHC (FCA Handbook regulations in current force, and enforced mandatorily by the FOS).
  
  If there is an area for the PSR to pursue, it is to ensure that FHC rights (enforceable by the FOS) are widely publicised to and become known by consumers and SMEs.
  
  If a bank cannot already do more to prevent an APP scam, then regulation should not and cannot be made to make the bank liable, as this will destroy the UK economy due to the destruction of the payment system.
  
  
• Paragraph 3.8 of the Consultation states:
  

  'We do not consider prudential risks would arise for larger PSPs, many of which are already CRM Code signatories'

  This statement by the PSR is patent nonsense.
  
  At present, larger banks (PSPs) do not have to reimburse customers where the customer was clearly negligent (even TSB). Such reimbursement is precluded under the CRM.
  Likewise, larger banks (PSPs) do not have to reimburse vulnerable customers even where they are grossly negligent.
  
  The new PSR proposals will mean that even larger banks will be prudentially compromised !
  
  And the expansion of the definition of APP fraud in the PSR’s proposals will also lead to huge liability shifts to all banks (large and small).
  
  
• Question 2: Do you have views on the impact of our proposals on PSPs?
  Yes, see above and below for the devastating impact the PSR’s proposals will have on PSPs and banks.
  
  
• Paragraph 4.4 of the Consultation states:
  

  'Larger business payers can be expected to have greater capability to protect themselves from APP scams, and it would not be proportionate to require PSPs to reimburse such businesses for their losses.'

  It is disgraceful that the PSR, as the UK’s payment regulator, can expose themselves to being so misinformed.
  
  Small businesses (beyond micro-enterprises) are already fully entitled to mandatory reimbursement by the FHC and enforced by the FOS, and a small business can today obtain reimbursement if either the payer or payee bank did not do enough to prevent the APP scam. As we have shown, this is so in nearly all cases.
  
  So for the PSR to claim that small businesses (included in the paragraph’s term of larger businesses, the PSR meaning anything other than a micro-enterprise) cannot require PSPs and banks to reimburse them when the bank is at fault, when such protection is today fully in regulation and force, and can be easily enforced by small businesses through the FOS, is shocking.
  
  
• Paragraph 4.8
  The PSR states that it has a clear expectation that on-us payments will be treated identically to Faster Payment transactions.
  But this is no more than a wish and a prayer, and as the PSR admits is unenforceable.
  
  The burden of the PSR’s proposals goes far, far beyond the CRM.
  
  The larger 5 banks in the UK have a significant number of on-us payments – up-to and over 20% of all the payments they make.
  If these on-us payments are not subject to the same reimbursement rules as Faster Payments, then those banks will have a significant competitive advantage to competitor banks (who will have 100% liability on nearly all their payments instead of 80%).
  
  This is unacceptable, and subject to legal challenge, as the PSR are mandated to retain a competitive and fair payment system.
  The PSR hoping that the largest 5 banks will treat on-us payments fairly is wishful thinking, especially given the huge liabilities involved.
  
  If a mandatory solution cannot be found in advance to the on-us problem, then the measures cannot be introduced until a solution is found (on competition grounds).
  
  
• Paragraph 4.11 to 4.13
  The definition of an APP scam case in the Financial Services and Markets Bill s.62(2) is:

  '(a) the case relates to a payment order executed over the Faster Payments Scheme, and
  (b) the payment order was executed subsequent to fraud or dishonesty'.

  It is critical to note that the Section 62 definition of the Bill only imposes a boundary where reimbursement may or may not be required by the PSR.
  There is no mandate in the Financial Services and Markets Bill for the PSR to impose reimbursement in every such case.
  Rather the Bill empowers the PSR to require reimbursement in such cases, if and only if the PSR deems it necessary.
  
  Thus using the Financial Services and Markets Bill expansive boundary definition for all fraud is quite simply unreasonable for day-to-day use, since all it requires is that fraud or dishonesty is determined at any time before the payment is made.
  
  What on earth counts as dishonesty in this definition ?
  
  Most sales related efforts across all fields rely on promoting the product being sold, and there is often a very thin line between fair promotion and dishonesty.
  Salesmen and saleswomen are incentivised to clinch sales, and it is not unknown for salespeople to cross the line from over-enthusiastic promotion to dishonesty.
  It is likely that the majority of accomplished salespeople routinely use dishonesty to some extent in over-promoting their legitimate products, in order to convince consumers to buy.
  
  Despite what is written in paragraph 4.13 of the consultation, if a consumer could demonstrate that a salesperson was guilty of dishonesty in over-promoting a product, then under the PSR’s definition a consumer would be entitled to reimbursement, as dishonesty could be shown prior to a payment.
  
  According to the definition adopted by the PSR, if a consumer can show that a product sold to them involved dishonesty by a salesperson in any form which led them to buy a product, then they will be entitled to reimbursement by a bank.
  The banks have no way to prevent or police this behaviour in mainstream commerce, and the loose definition by the PSR is far, far beyond the current FCA definition of fraud in the FHC – where the requirement is fair (that a bank could not do more to prevent fraud).
  
  The PSR needs to adopt the FCA definition, and not radically and unfairly increase the scope of the definition of APP fraud.
  
  
• Question 3: Do you have views on the scope we propose for our requirements on reimbursement?
  See comments above and below
  
  
• Paragraph 4.18 of the Consultation states:
  ‘We are not aware of conclusive evidence that, if consumers are more confident of being reimbursed, they will take less care in ensuring that their payee is not a fraudster.’
  
  There is significant evidence that there will be a very, very significant increase in claims under the PSR’s proposals, due to consumers knowing that they can act negligently and still be fully reimbursed.
  It is common sense and obvious that the PSR’s proposal will lead to a tsunami of increased reimbursement claims (including due to new frauds specifically targeted at the measures).
  
  The PSR instead has set the bar at an impossible level, demanding only conclusive evidence of what will occur in the future if and when the PSR introduce its flawed measures.
  It is impossible to produce conclusive evidence of a counter-factual – so the PSR are creating a situation where they will ignore the obvious disastrous consequences of their actions, and ignore strong (but not absolutely conclusive) evidence, as they will only act on evidence which will be of a standard impossible to produce.
  
  Box 1.18 introduces evidence from TSB, and its fraud guarantee.
  It is critical to note that TSB’s fraud guarantee is far, far softer than the PSR’s proposals, as TSB retain the right to refuse reimbursement where they have abused the guarantee in TSB’s opinion (such as by being negligent).
  Under the PSR’s proposals, a consumer will be entitled to full reimbursement even where a bank believes the consumer has abused the process by being negligent.
  
  On a separate but important point, under the PSR’s proposals, consumers would know that they would not need to take care when making purchases paid by bank transfer .
  This will be advertised and promoted to them by consumer champions, such as Martin Lewis, quite rightly pushing consumers to make payment by bank transfer and explaining that the consumer would be protected even if the consumer didn’t take adequate care.
  The PSR wrongly assumes this situation will not quickly come about, but it is obvious that it will.
  
  
• Question 4: Do you have comments on our proposals:
  • that there should be a consumer caution exception to mandatory reimbursement
  • to use gross negligence as the consumer caution exception
  • not to provide additional guidance on gross negligence?
  
  As an FCA authorised PSP, we have run an escrow website service for the last 13 years that allows consumer buyers and sellers to be fully protected in a transaction.
  We have many years of experience in this area, and our firm exists to protect consumers from fraud.
  
  Over the years, we have seen attacks from many fraudsters, and prevented many APP frauds.
  We have also seen a not insignificant number of dishonest consumers attempting to circumvent checks and controls.
  We have also repeatedly seen fraudsters conspiring with consumers (both advertently and inadvertently) to try and commit fraud.
  
  To date, we have successfully defeated them all.
  
  But our service requires that consumers make a reasonable effort to protect themselves – the same effort required by law – along the lines of Caveat Emptor (Buyer Beware).
  We provide the ability for consumers to fully protect themselves and ensure that they are not the subject of fraud, but our platform cannot do all the work for the consumer, and the consumer still needs to ensure that the trade they are undertaking that involves payment is worthwhile and not fraudulent for them.
  We can and do ensure safe payment, and that the payer achieves everything they set out to achieve in writing with us, but we cannot ensure that the social reasons for making the payment are underlyingly safe.
  No payment firm can do so.
  
  It is entirely reasonable to demand that a consumer is not negligent in conducting steps to ensure that they are not being scammed.
  If a consumer is scammed because they were reasonably tricked – then this is clearly not negligence by the consumer.
  I repeat for clarity, if a consumer is scammed because they were reasonably tricked – then this is clearly not negligence by the consumer.
  Negligence by the consumer means the consumer acted unreasonably and did not perform reasonable steps in the circumstances, and to demand reimbursement by a bank in such a negligent consumer case where the bank could not prevent the fraud is preposterous.
  
  The FCA’s current regulation ignores the negligence or non-negligence of the consumer, and quite rightly focuses only on whether the bank could have done more to prevent the fraud or not.
  This is the test that the PSR needs to apply.
  
  In particular, under the PSR’s proposals, I as a consumer will be allowed to purchase a dodgy investment negligently by bank transfer, knowing that if the investment turns out to be fraudulent then I will be entitled to full reimbursement by my bank, since I have only been negligent and not grossly negligent.
  This cannot be allowed to occur, as it is absolutely necessary for consumers to be required to make some efforts to prevent fraud against themselves – something the PSR’s proposals completely uproot.
  
  If the PSR’s rules take effect, no bank will be able to survive the tsunami of reimbursement liability that will result.
  
  
• Question 5: Do you have comments on our proposal to require reimbursement of vulnerable consumers even if they acted with gross negligence?
  Because the definition of who a vulnerable consumer is so nebulous, it is hard to say how many consumers fall within this category at any one time.
  It may be that 20% of all consumers are always vulnerable in some way, whilst the majority of remaining consumers will be vulnerable at some time during their life.
  Numbers could be higher than this, but they are unlikely to be lower.
  
  A payment firm makes pennies or less for making each payment.
  Almost by definition, a bank cannot in most cases prevent an APP scam where the consumer is grossly negligent.
  Banks can try to prevent such circumstances arising, but gross negligence is so broad that a bank cannot stop these frauds.
  Requiring a bank to incur possible large liability from a vulnerable customer for making a payment, when the bank earns pennies or less for making that payment, is not economically sustainable.
  
  Payments for vulnerable customers will not be allowed to occur – or banks making them will cease to economically viable.
  And because many people can become vulnerable at some point in their life, payments for everybody will cease to function smoothly.
  
  This will spell disaster for the UK economy, as payments cease to function well.
  The PSR will be destroying the payment system in the UK, for users.
  This is the very opposite of the PSR’s function.
  
  Negligence should absolutely not be a standard allowed for any consumers, and regrettably gross negligence cannot be a standard for vulnerable consumers, however caring as a society we are.
  
  One separate but critical point.
  Not all vulnerable people are honest.
  And some honest vulnerable people will be easily pressured into working with fraudsters. That may be a nature of their vulnerability.
  
  The PSR’s proposals open a wide door for fraudsters to work with vulnerable people (willingly or through coercion) to create a conveyor belt of mass fraud, and this is certain to occur – probably with organised crime quickly getting involved.
  Criminals will find a vulnerable consumer, explain to them they can act grossly negligently and have no risk, and entice or coerce them to make an APP payment to the criminal.
  The banks involved will have no way to prove what has occurred, and will be forced to fully reimburse the vulnerable consumer.
  And the tactic will repeat and repeat for millions, and probably billions of pounds every year !
  
  Creating rules which results in this occurring is beyond reckless for the PSR.
  
  
• Question 6: Do you have comments on our proposal to use the FCA’s definition of a vulnerable customer?
  See answers above and below
  
  
• Question 7: Do you have comments on our proposals that:
  • sending PSPs should be allowed to apply a modest fixed ‘excess’ to reimbursement
  • any ‘excess’ should be set at no more than £35
  • PSPs should be able to exempt vulnerable consumers from any ‘excess’ they apply?
  If a consumer is due reimbursement from a bank because the bank did not do enough to prevent the APP fraud, then we believe the consumer should receive full reimbursement, and not have £35 withheld from the reimbursement.
  It is wrong to arbitrarily deduct £35 from consumer’s reimbursements when this is due to them, whether the consumer is vulnerable or not.
  
  
• Paragraph 4.41 of the Consultation states:
  

  'limit the costs to PSPs, and ultimately to their customers, of reimbursing small claims that are in fact civil disputes rather than purchase scams'

  Because the PSR’s definition of fraud is so loose and involves the word dishonesty, there will be many, many claims where the dividing line between civil disputes and purchase scams is unrecognisable.
  This is so for payments below £100, but equally for all payments above £100.
  
  
• Question 8: Do you have comments on our proposals that:
  • sending PSPs should be allowed to set a minimum claim threshold
  • any threshold should be set at no more than £100
  • PSPs should be able to exempt vulnerable consumers from any threshold they set?
  
  Where the sending bank or the receiving bank is at fault (i.e. did not do enough to prevent the APP fraud) the bank is already liable under the binding FHC even for amounts below £100 – so the PSR’s minimum of £100 will make no difference at all to mandatory reimbursement.
  Where neither the sending bank nor the receiving bank were at fault (rare at this time), then no reimbursement should be liable for any amount !
  
  
• Question 9: Do you have comments on our proposal not to have a maximum threshold?
  Where the sending bank or the receiving bank is at fault, then there should be no maximum.
  Where neither the sending bank nor the receiving bank were at fault (rare at this time), then no reimbursement should be liable for any amount !
  
  
• Question 10: Do you have comments on our proposals that:
  • sending PSPs should be allowed to set a time-limit for claims for mandatory reimbursement
  • any time-limit should be set at no less than 13 months?
  13 months seems a sensible time limit.
  FHC protection is not limited by this restriction, so if a consumer can demonstrate that a sending bank or receiving bank was at fault then they would still be able to make a claim to FOS outside this time-limit, so the time limit is actually meaningless.
  
  
• Question 11: Do you have comments on our proposals that:
  • the sending PSP is responsible for reimbursing the consumer
  • reimbursement should be as soon possible, and no later than 48 hours after a claim is made, unless the PSP can evidence suspicions of first party fraud or gross negligence?
  
  As already highlighted above, the PSR’s proposals will make it open season for criminals to start mass-producing spurious claims for reimbursement.
  The criminals will know that it will take time for banks to obtain evidence that any one claim is spuriously and criminally produced (i.e. in first-hand fraud by the payer).
  
  To require immediate reimbursement to the claimant, when the claimant could be responsible for either first party fraud, or for collaborating with a criminal (especially in the case of a vulnerable consumers), or for gross negligence (for non-vulnerable consumers) will make it impossible for banks to not haemorrhage large sums in losses they are not responsible for.
  
  The time limit for reimbursement should allow a bank time to ascertain whether fraud or gross negligence was involved.
  
  
• Question 12: What standard of evidence for gross negligence or first party fraud would be sufficient to enable a PSP to take more time to investigate, and how long should the PSP have to investigate in those circumstances?
  If banks are forced to make reimbursement for cases where they could not have prevented the fraud, then banks offering payment in the UK will quickly cease to exist.
  
  Instead, for a claim for reimbursement to operate, the defrauded consumer should start by alleging fault of one or both of the banks involved. This claim for fault by a bank should commence the process, and not a notification by the defrauded consumer that an APP fraud has occurred.
  
  
• Question 13: Do you have comments on our proposal for a 50:50 default allocation of reimbursement costs between sending and receiving PSPs?
  
  A 50/50 split between sending and receiving banks is totally unreasonable.
  Sending banks are already doing much to prevent APP fraud, and remain unable to prevent these frauds despite their best efforts in many cases.
  But receiving banks are nearly always at fault at this time for APP frauds, as has been explained above.
  And receiving banks will always be involved with money laundering, as the proceeds of crime are distributed (so should already be being investigated and censured by their AML regulator, the FCA).
  
  The split should be 10/90 sending bank/receiving bank, prior to any individual case mitigating circumstances.
  
  
• Question 14: Do you have views on our proposal that PSPs are able to choose to depart from the 50:50 default allocation by negotiation, mediation or dispute resolution based on a designated set of more tailored allocation criteria?
  
  PSPs vary in size from very large to very small.
  Very large PSPs (banks) have very large legal departments, whose role is simply to minimise liability regardless of right or wrong.
  Medium and small PSPs have no legal departments.
  
  Medium and small PSPs will be at immense disadvantage in any negotiation with a large bank, and the PSR should not place these smaller firms in such a situation of having to negotiate in individual cases.
  
  
• Question 15: Do you have views on how scheme rules could implement our proposed 50:50 default allocation to multi-generational scams?
  I don’t understand how and if multi-generational scams are covered by the PSR’s proposals, and I do not believe the PSR understands either.
  
  The example quoted in paragraph 5.11 of a Faster Payment into a Crypto-wallet, and then a later payment from the Crypto-Wallet to a fraudster, would seemingly not be included within the regulations, as the first Faster Payment was not a fraudulent payment and any fraud only occurred later.
  Why is this even being considered in the consultation, when it is already precluded ?
  
  On the other hand, we believe that APP fraud payments over other channels should be included in the PSR’s current regulation.
  So, for example, an APP fraud payment made via PayPal should (we believe) absolutely be covered by the current PSR regulations. And if the PSR does not have the power to enforce or create such regulation, then it should be working with other bodies (such as the FCA) to ensure that parallel regulation is brought in at the same time as the PSR’s regulations.
  
  
• Question 16: Do you have comments on our proposal for a 50:50 default allocation of repatriated funds between sending and receiving PSPs?
  The PSR should be aware that in reality receiving banks that manage to achieve repatriation will not always openly declare that this has occurred, either through subterfuge or through ineptitude.
  And due to lack of information, in many cases the sending bank will not receive their fair share of repatriated funds.
  
  
• Question 17: Do you have views on the scope we propose for rules on allocating the costs of mandatory reimbursement?
  See answers above and below
  
  
• Paragraph 6.5 of the Consultation states:
  

  'The PSO is the appropriate body, in the long-term, to undertake the role of making, maintaining, refining, monitoring, and enforcing compliance with, comprehensive scheme rules that address fraud risks in the system.'

  This is simply not true, and the opposite of reality.
  
  A PSO (Payment Systems Operator) is responsible for the plumbing of payment systems, to ensure that payments flow freely and securely, and unencumbered between payers and payees.
  The PSO is absolutely NOT responsible for the reason for those payments. This is just not its role.
  
  Mixing the responsibility for the payments infrastructure operating well, with the responsibility for stopping fraudsters utilising the payment system is a total non-sequitur.
  
  It is akin to making the doctors who are responsible for safe blood flow in their patients, also responsible for what their patients do with their now healthy bodies.
  It just does not make sense.
  
  
• Paragraph 6.5 of the Consultation states:
  

  'In the long-term, we want Pay.UK to be a PSO that: • specifies the circumstances when a PSP needs to reimburse the victim of a fraud'

  It is not the role of a PSO to be making social decisions about when reimbursement is due and when it is not.
  The PSO are specialists in payment plumbing, not in fraud and social issues.
  
  
• Question 18: Do you have views on our long-term vision, and our rationale for the PSO being the rule-setter responsible for mitigating fraud?
  
  See above and below, that it is totally inappropriate for the PSO to be a rule-setter for mitigating fraud.
  
  The core of the problem is that the PSR itself should not be taking on this role today, even though it is so desperately needed.
  The actual role should be being undertaken by a combination of the FCA and the Police.
  Instead, both of these bodies have ignored the issue and looked the other way, whilst close to billions of pounds of consumer funds are defrauded each year, forcing the PSR into a role it is not best suited for.
  
  The PSR’s role should ideally be simply to organise and operate the payment system in a way that facilitates the identification of fraud.
  So for example, the PSR and Pay.UK should be intimately concerned with how the NPA will be created in a way which will make fraud identifiable – which fields need to be available in payment messages, and what payer/payee information needs to be passed down the payment journey, to make fraud apparent.
  
  But neither the PSR’s role nor Pay.UK’s role should extend beyond this.
  
  We recognise that the PSR has been forced into its current role by the inaction of other bodies, and we are grateful for the PSR taking up the challenge – as it is so desperately needed.
  But the PSR cannot further delegate its responsibilities to bodies like Pay.UK even more unsuited to be taking on this role.
  
  
• Question 19: Do you have comments on the minimum initial set of Faster Payments scheme rules needed to implement our mandatory reimbursement proposals?
  These rules will be disastrous for UK payments, and make effective UK payment cease to operate, as banks require enormous and unwieldly amounts of information from customers to make any payment.
  
  
• Question 20: Do you have views on how we should exercise our powers under FSBRA to implement our requirements?
  Pay.UK is not the appropriate body to be making rules and regulations with social impact – the PSR should be making rules.
  
  As pointed out above, no rules should be made until rules for on-us payments are made. As the PSR cannot make those rules, other bodies will have to make the rules. And since other bodies will be making those rules (such as the FCA), those other bodies should be making all the rules to prevent APP fraud (and the PSR need not duplicate them).
  This is what should be happening, and this is what is desperately needed, given the current tsunami of APP fraud.
  
  
• Question 21: Do you have views on how we propose that allocation criteria and dispute resolution arrangements are developed and implemented?
  
  Pay.UK is dependent on the largest banks for funding, and is heavily influenced by the largest banks.
  Any rules that Pay.UK implements on arbitration rulings between payment firms are highly unlikely to be equitable towards smaller payment firms.
  This is territory that the PSR needs to step into – it is just not equitable to ask Pay.UK to do so, as the larger banks will end up dominating smaller PSPs, and competition will be greatly diminished in the payment sector (against the PSR’s core principles).
  
  
• Question 22: Do you have comments on our preferred short-term implementation approach of requiring Pay.UK to implement an effective compliance monitoring regime, including a reporting requirement on PSPs?
  
  The FCA already collects detailed regular information from payment firms on fraud.
  The PSR should co-operate with the FCA so that the FCA’s data collection should include fraud reimbursement statistics, and this should be passed to the PSR. Pay.UK should under no circumstances be involved in the data collection – it is not their role, and would be a distraction from what Pay.UK is set up to achieve.
  
  
• Question 23: Do you have views on the costs and benefits of Pay.UK implementing a real-time compliance monitoring system and when it could be introduced?
  See previous answer
  
  
• Question 24: Do you have views on the best option for short-term enforcement arrangements?
  
  As already mentioned, no short-term measures can take place without on-us payments being regulated.
  And since on-use payments will require outside bodies to regulate, those outside bodies should also regulate on APP fraud reimbursement (if required beyond current FHC regulation – which is doubtful).
  
  Neither the PSR nor Pay.UK should take any short-term measures without on-us payments being fully regulated.
  
  
• Question 25: Do you have views on the best way to apply the rules on reimbursement to indirect participants?
  
  As explained above, the FCA has already made rules for indirect participants through the FHC, and these are in operation now.
  The PSR should not be making rules on indirect participants, as the existing FHC rules are more than sufficient. They simply need to be publicised.
  
  
• Paragraph 7.41 of the Consultation states:
  

  'The Government has announced its intention to legislate to place a duty on the PSR to require victim reimbursement for APP scams.'

  This is not so. The Government has announced its intention to place a duty on the PSR to require victim reimbursement for APP scams if and only if the PSR feels it necessary.
  Given the FHC already provide more than adequate cover to APP scam victims, the PSR should be concentrating on promulgating knowledge of the FHC to consumers.
  
  
• Question 27: Do you have comments on our cost benefit analysis at Annex 2 or any additional evidence relevant to the analysis?
  
  Yes, the cost benefit analysis is not-fit for purpose and the cost benefit analysis is Wednesbury unreasonable (so subject to legal challenge).
  See below and above for details.
  Our view is that the PSR needs to rerun the cost benefit analysis correctly from scratch, taking into account the points raised.
  
  
• Consultation – Additional Point
  
  The FCA’s existing rules on reimbursement rightly state that a bank or PSP is liable when the bank or PSP was at fault.
  
  A well run, caring PSP cannot face liability if it acted only correctly.
  
  But under the PSR’s proposals, a bank or PSP can face liability for handling a payment even when the bank or PSP acted correctly at every stage.
  
  Please ask yourself if smaller PSPs will continue to operate and offer a payment service to their customer, and earn a few pennies by doing so, if the smaller PSP can face liability of the full payment amount that it correctly and appropriately handles?
  Of course not.
  
  It is not economically viable for a payment firm to make a payment of £800 for a client, if the payment firm may become liable for an £800 reimbursement when the payment firm did everything correctly and nothing wrong.
  
  The bottom line is that if payment firms are made liable for no-fault reimbursement, only the very largest banks will be able to make payments in the UK.
  
  There is also a question whether making the payment firm liable in such circumstances would actually breach the Human Rights Act 1998, and the rights of the PSP and its owners.
  The power that the Financial Services and Markets Bill s.62(2) infers on the PSR is only to act where the PSR believes in its opinion is reasonably necessary. If the PSR acts in an unreasonable manner, then it is acting outside the law, and its proposals are subject to be struck down by legal challenge.
  
  
• Annex 2 – Cost Benefit Analysis - Preamble states:
  

  'Main benefit: Strengthened financial incentives for PSPs to detect and prevent APP scams are likely to lead to improved fraud prevention and result in substantial decline in the overall amount of APP scam fraud that consumers suffer. Current levels of APP scam fraud, at over £500 million in 2021, could fall by between £100 and £150 million per annum, based on our assessment.'

  This is the main benefit that the PSR is relying on.
  But the premise is demonstrable and provably erroneous.
  This fatally and clearly undermines the whole consultation, which relies wholeheartedly on this benefit.
  
  The existing liability of banks and PSPs is from existing protection already mandated and in force by the FHC.
  This already forces both sending and receiving banks to reimburse defrauded consumers whenever the bank did not do enough to prevent the fraud.
  
  By definition, there is no point or purpose in increasing protection beyond this, as it will not assist in making banks do more to prevent fraud – as they are already liable if they did not do this.
  
  The consultation (and the cost benefit analysis is therefore fatally flawed.
  
  
• Annex 2 – Cost Benefit Analysis - Preamble states:
  
  • 'PSPs that currently reimburse their customers for APP scam losses on a voluntary basis would continue to do so
    
  • current low rates of recovery and low shares of reimbursement coming from receiving PSPs would remain low'
    
  But banks and PSPs in nearly all cases today are required to reimburse defrauded consumers under the FHC. That this is not occurring, despite being legally mandated and enforced by the FOS, is purely down to ignorance by consumers. This is easily changed through education and advertising, and the baseline for the cost benefit analysis cannot and should not assume that such ignorance continues, and the low level of reimbursement under the CRM continues.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.13 – Table 1
  
  This table wildly over inflates the benefits, and underestimates the costs (apart from missing out the close to billion pound cost to banks of reimbursement when the bank could not prevent the fraud), and missed out some of the biggest costs which will result.
  See below.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.18
  
  There is no way that the PSR’s proposals will lower cost for any bank or PSP, despite what is written here.
  Just the cost from vulnerable consumers being grossly negligent will introduce enormous liability to all banks.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.25
  
  Most of the savings listed here are likely to be due to the deficient PSPs not yet operating Confirmation of Payee (CoP).
  Because these PSPs are separately mandated by the PSR to offer CoP from next year, the savings listed here in respect of the cost benefit analysis are illusory and will occur as CoP is anyway comprehensively introduced, without any action under these proposals.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.25 states:
  

  'Second, as set out below, we have considered the risk that mandatory reimbursement could lead to some customers exercising less caution when making payments. Such a potential increase in APP scam losses could offset some of the potential gains from enhanced detection and prevention by PSPs.'

  This may be one of the great understatements of all time.
  Once consumers are made aware (and they will be) that they can buy negligently and certainly receive full reimbursement from their bank, there will be a marked change in consumer behaviour, and consumers will buy negligently relying on the PSR’s protection for reimbursement if their purchase does not work out. The new resulting liability each year to banks and PSPs will be immense.
  
  Ditto for reimbursement after gross negligence by vulnerable consumers.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.38 states:
  

  'Our proposed policy will also increase trust in the payment system for consumers more generally through an increase in their confidence that they will be able to recover any money lost where they have exercised sufficient caution.'

  Consumers will face significant new barriers to make any payments, and vulnerable customers will face almost insurmountable barriers to make payments.
  This will destroy confidence in the payment system, and greatly harm the payment system.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.38 states:
  

  'We have not taken the approach of directly balancing the costs of increased reimbursement that PSPs will face against the benefits of increased reimbursement that victims will receive. That approach would simply find a large cost on one side cancelled out by the same scale of benefit on the other.'

  The above statement is understandable.
  What is not logical nor reasonable nor understandable is to include the cost of benefit to consumers and not to include the cost to banks. This is pure fantasy policy making.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.41
  
  Even PSPs that already reimburse a material share of their customers’ losses currently will face large liability increases.
  This is because consumers who currently act negligently in an APP fraud, whilst their bank did not fail to reasonably prevent the loss, would not currently make a claim for reimbursement. The consumer would know that there would be no point in doing so.
  Under the PSR’s new rules the consumer will make a full claim for reimbursement, as they know they will achieve full reimbursement, so the number of claims to these banks will rise dramatically.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.53 states:
  

  'there may also be costs to customers and business if PSPs introducing stronger controls also leads to a higher number of payments being queried, delayed or even declined, as set out in Chapter 3, above.'

  This is another understatement of earth-shaking proportions.
  The friction for a consumer to make a payment under the new regime, if the PSR brings in these proposals, will disrupt UK payments and commerce and have devastating repercussions.
  The costs from this new payment friction when compared with payment ease today will be in the hundreds of millions of pounds every year, and should be included in the cost benefit analysis.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.57 states:
  

  'Moving to a system of mandatory reimbursement could lead to an increase in payments where customers have not exercised sufficient caution, in the knowledge that any losses will be fully reimbursed. As set out in Chapter 4, we are not aware of conclusive evidence that, if consumers are more confident of being reimbursed, they will take less care in ensuring that their payee is not a fraudster'

  This is again an epic understatement.
  See our comment on Paragraph 4.18 of the Consultation above, where we explain that the PSR is being disingenuous in requiring an impossible level of evidence in this instance.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.62 states:
  

  'As above, we also expect PSPs to continue to treat all prospective customers equally. PSPs should treat current and prospective customers according to their obligations in the Equality Act 2010.'

  The epic understatements keep coming in the cost benefit analysis.
  
  Given that any payment made by a vulnerable consumer can lead to full liability for the bank handling it, even if the consumer is grossly negligent, it is certain that vulnerable customers will face significant barriers to making payments.
  The PSR’s consultation dismisses this possibility, and states that the Equality Act 2010 will prevent significant barriers being introduced. This is clearly fantasy.
  
  
• Annex 2 – Cost Benefit Analysis – Paragraph 2.63
  
  PayPal payments are also a likely vector to be used by criminals switching APP fraud away from Faster Payments, if this occurs.
  
  
• Annex 2 – Cost Benefit Analysis – Additional Issue
  
  It is clear that under the PSR’s proposals, criminals will manufacture false reimbursement claims.
  Either through first hand fraud by the payer – relying on the bank not having enough time or ability to quickly detect the false claim before the PSR requires reimbursement.
  Or through working with vulnerable consumers (willingly or under coercion) to make claims where the vulnerable consumer was grossly negligent – but still entitled to full reimbursement by the bank.
  
  The cost of these newly manufactured false reimbursement claims is certain to be in the hundreds of millions of pounds a year to banks, and it is a very significant cost that is missing from the cost benefit analysis.
  
  
• Annex 3 - Public Sector Equality Assessment – Paragraphs 3.15 & 3.16
  
  See comments above.
  It is crystal clear and obvious that those with protected characteristics will be prevented from easily making payments by the proposals (due to their being at higher risk of being classified as vulnerable, as the PSR points out), and great harm will accrue to these protected characteristic consumers.
  
  In response the PSR states that it will make clear to banks and PSPs not to disadvantage such customers.
  This will have no effect, and is wishful thinking and fantasy by the PSR.
  
  
• Annex 3 - Public Sector Equality Assessment – Paragraphs 3.21 states:
  

  'We also note that current industry initiatives to improve data sharing between PSPs and increased incentives to improve fraud detection and prevention should help to minimise the number of payments stopped unnecessarily.'

  Whilst these initiatives may minimise the number of payments stopped unnecessarily, it is equally likely that the initiatives will not lead to any improvement in this regard.
  The PSR presents no evidence that the initiatives will reduce payments stopped unnecessarily, and the PSR is again guilty of wishful and harmful thinking to push through its proposals.
  
  Given the much, much larger number of payments which will be stopped unnecessarily, given the new huge liabilities to banks for negligent reimbursement by consumers, and grossly negligent reimbursement in the case of vulnerable consumers, it is inevitable that the number of payments that will be stopped unnecessarily will increase very, very significantly.
  

APP Scams in the UK - Know your Rights

PayPal and Bitcoin - Too big to prevent Money Laundering

Huge tax on Income, Tiny tax on Property

Non-Sibling Bone Marrow Transplants

Rip-off Light bulbs ?

When you can't trust accountants - who can you trust ?

Not for Profit Companies - Tax Avoidance ?

UK Telecom Rip-Off - Ofcom and the art of doing nothing

Little old ladies and Large Families

The Price of University ?

Credit & Debit Cards - Ripped-Off Retailers

Landline to Mobile Calls - Rip-Off Phone Charges

The Scandal of Access to your Credit Rating

Buying a used Car - Who owns it to sell !?!

Why your car insurance costs so much more...

0845 / 0870 Phone Numbers Revisited Again

Energy Rip-Off: Industry 1 - Consumers 1 !

Energy Ombudsman: Industry 1 - Consumers 0 !

The Cost of Credit ?

Free NHS Parking - Don't renege on promise

The Return of Manipulated Hospital Waiting Lists ?

The price of Eggs ! Supermarket Pricing part II

Credit Card Pricing

0845 / 0870 Phone Numbers - Part ii

Supermarket Fruit Pricing

0845 / 0870 Phone Numbers