Introduction:

 

Ensuring effective fraud detection and prevention has become crucial with Payment Fraud cases drastically increasing. UK Finance’s 2023 Half Year Fraud Update reported that the number of victims to Authorised Push Payments (APP) fraud was over 116,000, amounting to £239.3 million being lost to these APP scams, for the first half of 2023.

AUTHORISED PUSH PAYMENT FRAUD 2023

The Payment Systems Regulator reported that for 98% of the APP fraud payment for 2022, Faster Payments were used. The strong adoption of Faster Payments has been a driver in the increase of successful APP Fraud cases, with payment service providers also being exposed to more potential losses with the introduction of the APP Fraud Reimbursement standard by the PSR. 

With the intent to combat APP fraud, PayUK is working with the Payment Systems Regulator (PSR) and UK Finance (UKF) to implement various initiatives under a trident approach encompassing detection, prevention and reimbursement; detecting possible fraudulent activity pre-transaction, prevention during a transaction and reimbursement after the fraud incident has taken place.

 

Authorised Push Payment (APP) fraud

 

Authorised Push Payment (APP) fraud, also known as APP Fraud or APP scams occurs when a fraudster poses as a genuine payee and tricks someone into sending money to their account. 

A key initiative in stopping Financial Fraud, the UK’s number 1 crime, is the adoption of the Enhanced Fraud Data (EFD) messaging standard that has been carefully devised with the vision of conveying transactional data in an organised and predefined format, pre-agreed upon under ISO20022 standards, increasing knowledge sharing between payment service providers.

 

Enhanced Fraud Data (EFD) messaging standard – how will it detect and prevent fraud? 

 

EFD messaging standard has been typically tailored for pre-payment initiation message exchanges. Currently under ISO20022, there are five data points that can potentially help identify fraudulent transactions:

  • Purpose Code
  • Age of Account Holder
  • Tenure of Account
  • Turnover of Account
  • Type of Account

With the EFD messaging standard, 10 mandatory fields out of 22 for sending and 5 out of 12 for receiving institutions would be transmitted, which can then be utilised by fraud and financial crime systems to detect possible fraudulent activity. The sending and receiving financial institutions involved in the payment transaction would both have access to the same information, which should lead to better outcomes for consumers.

It is imperative that Payment Service Providers collaborate between themselves and Pay UK on the format and structure of the data being transmitted, helping confirm that the sender and receiver recognise the data, it’s structure, and attempt to use it to better fraud detection and prevention operations.

The Enhanced Fraud Data (EFD) API will be developed to add information into the payment journey to enable the bilateral exchange of the specific attributes among Payment Service Providers (PSPs) for the following two use cases:

  1. When setting up a new beneficiary, and/or
  2. Risk based cases when fraud is suspected, depending on the risk appetite of the financial institution.

This will empower PSPs to examine and analyse the received data, thus enhancing the identification and timely mitigation of any high-risk fraudulent transactions.

The financial institutions, depending on their risk appetite will have the choice to either check for every payment transaction or only when a new beneficiary is being set up. Should there be a situation where the sending and receiving institutions arrive at different conclusions on whether the transaction should proceed, the sending party will decide the outcome of the transaction based on its risk appetite.

The standardisation of the data under ISO20022 and enablement of data exchange within PSPs will play a vital role in fraud prevention by improving the detection of suspicious payments and reduction of APP fraud. It will also reduce the number of reimbursements and complemented by the introduction of shared liability for reimbursement for sending and receiving banks, it will incentivise precise prevention and detection.

bigspark has been helping financial institutions design and build stronger fraud prevention capabilities through modern machine learning, with solutions that are agnostic to our clients’ technology landscape. We believe this initiative is a positive step for consumers and banks, as it incentivises banks to invest in stronger fraud prevention capabilities, as fraud detection is not as effective at reducing fraud losses from APP Scams.

 

About us

 

bigspark’s Financial Crime Practice bridges the gap between people, processes, regulations and technology in Financial Institutions.

We have successfully delivered in Tier 1 Banks and Financial Institutions:

  • Financial Crime advisory, such as regulatory remediation projects and target operating models
  • World class Data and Engineering solutions, such as Client Lifecycle Management platforms
  • Strategic technology solutions such as modern AI and ML for Fraud Prevention

Our people have strong applied experience in FinCrime and Fraud and are insatiably passionate about solving problems the industry is facing.

Our engineers and data scientists build modern, customised Machine Learning models to identify fraud specific to your patterns and concerns. Please contact us at enquiries@bigspark.dev to arrange a discussion.

Jo Whalley

Jo Whalley

FinCrime/Fraud Lead

jo.whalley@bigspark.dev
Shaine Ismail

Shaine Ismail

bigspark Founder

shaine.ismail@bigspark.dev
Rayane Houhou

Rayane Houhou

Senior Management Consultant

rayane.houhou@bigspark.dev