The adoption of APP by the major banks should make it more difficult for fraudsters to trick people into transferring money to them by pretending to be someone else. However, the APP process is not immune from scamming. Authorised push payment fraud happens when fraudsters deceive consumers or individuals at a business to send them a payment under false pretences to a bank account controlled by the fraudster. Nevertheless, the adoption of APP does add a new level of security to banking services.
Looking into what the implementation of APP means for the finance sector, as well as businesses and consumers who use these services, Steven Murdoch, Innovation Security Architect at OneSpan and Royal Society University Research Fellow at University College London, tells Digital Journal that these measures are to be welcomed.
Murdoch says: “It’s great to see that the Confirmation of Payee mechanism has now been adopted by the six largest banking groups. This improved security should make push payment fraud more difficult, protecting the customer from unknowingly transferring funds to a criminal’s account.”
There are issues to take note of and no security measure is fool proof, says Murdoch: “These new security measures could result in victims being unfairly held liable because the voluntary consumer protection code for push payment fraud excuses the bank from liability if they show the customer a Confirmation of Payee warning. ”
“The issue here”, Murdoch warns, “is that consumers may face warning fatigue” where they’ll receive so many irrelevant warnings throughout the online banking process that they’ll be less likely to notice the important ones.”
Murdoch notes: “The standard of care that customers are expected to apply to protect themselves from push payment fraud should be as the Payment Services Directive requires for other types of fraud: that they do not act with gross negligence. In other words, the bank can only shift the liability of fraud to the victim if they demonstrate that a customer has acted with a conscious and voluntary disregard of the need to use reasonable care, which is likely to cause foreseeable grave injury or harm to persons, property, or both”.
Moreover, the expert considers: “If a customer doesn’t act on a Confirmation of Payee warning, then this could contribute towards an argument that they have been grossly negligent, but it would not be in itself sufficient. For example, the effects of warning fatigue, the state of mind of the customer, and sophistication of the criminal could show that nevertheless, the customer acted reasonably.”
