Banks and tech companies at odds over online fraud liability in UK

Banks and tech companies at odds over online fraud liability in UK

Meta is facing calls from U.K. banks and payment firms like Revolut to financially compensate people who fall for scams on their services.

Jaap Arriens | Nurphoto via Getty Images

Tensions are escalating between banking and payment companies and social media firms in the U.K. over who should be liable for compensating people if they fall victim to fraud schemes online.

Starting from Oct. 7, banks will be required to start compensating victims of so-called authorized push payment (APP) fraud a maximum £85,000 if those individuals affected were tricked or psychologically manipulated into handing over the cash.

APP fraud is a form of a scam where criminals attempt to convince people to send them money by impersonating individuals or businesses selling a service.

The £85,000 reimbursement sum could prove costly for large banks and payment firms. However, it’s actually lower than the mandatory £415,000 reimbursement amount that the U.K.’s Payment Systems Regulator (PSR) had previously proposed.

The PSR backed down from its bid for the lofty maximum compensation payout following industry backlash, with industry group the Payments Association in particular saying it would be far too costly a sum tor the financial services sector to bear.

But now that the mandatory fraud compensation is being rolled out in the U.K., questions are being asked about whether financial firms are facing the brunt of the cost for helping fraud victims.

On Thursday, London-based digital bank Revolut accused Meta of falling “woefully short of what’s required to tackle fraud globally.” The Facebook-owner announced a partnership earlier this week with U.K. lenders NatWest and Metro Bank, to share intelligence on fraud activity that takes place on its platforms.

Woody Malouf, Revolut’s head of financial crime, said that Meta and other social media platforms should help cover the cost of reimbursing victims of fraud and that, by sharing no responsibility in doing so, “they have no incentive to do anything about it.”

Revolut’s call for large tech platforms to financially compensate people who fall for scams on their websites and apps isn’t new.

Proposals to make tech firms liable

Tensions have been running high between banks and tech companies for some time. Online fraud has risen dramatically over the last several years due to an acceleration in the usage of digital platforms to pay others and buy products online.

In June, the Financial Times reported that the Labour Party had drafted proposals to force technology firms to reimburse victims of fraud that originates on their platforms. It is not clear whether the government still plans to require tech firms to pay compensation out to victims of APP fraud.

A government spokesperson was not immediately available for comment when contacted by CNBC.

Matt Akroyd, a commercial litigation lawyer at Stewarts, told CNBC that, after their victory on lowering the maximum reimbursement limit for APP fraud down to £85,000, banks “will receive another boost if their efforts to push the government to place some regulatory liability on tech companies is also successful.”

However, he added: “The question of what regulatory regime could cover those companies who do not play an active role in the PSR’s payment systems, and how, is complicated meaning that this issue is not likely to be resolved any time soon.”

More broadly, banks and regulators have long been pushing social media companies for more collaboration with retail banks in the U.K. to help combat the fast-growing and constantly evolving fraud threat. A key ask has been for the tech firms to share more detailed intelligence on how criminals are abusing their platforms.

How Americans are losing their life savings to crypto fraud

At a U.K. finance industry event focusing on economic fraud in March 2023, regulators and law enforcement stressed the need for social media companies to do more.

“We hear anecdotally today from all of the firms that we talk to, that a large proportion of this fraud originates from social media platforms,” Kate Fitzgerald, head of policy at the PSR, told attendees of the event.

She added that “absolute transparency” was needed on where the fraud was occurring so that regulators could know where to focus their efforts in the value chain.

Social media firms not doing enough to combat and remove attempts to defraud internet users was another complaint from regulatory authorities at the event.

“The bit that’s missing is the at-scale social media companies taking down suspect accounts that are involved in fraud,” Rob Jones, director general of the National Economic Crime Centre, a unit of the U.K. National Crime Agency, said at the event.

Jones added that it was tough to “break the inertia” at tech companies to “really get them to get after it.”

Tech firms push ‘cross-industry collaboration’

Meta has pushed back on suggestions that it should be held liable for paying out compensation to victims of APP fraud.

In written evidence to a parliamentary committee last year, the social media giant said that banks in the U.K. are “too focused on their efforts to transfer liability for fraud to other industries,” adding that this “creates a hostile environment which plays into the hands of fraudsters.”

The company said that it can use live intelligence from big banks through its Fraud Intelligence Reciprocal Exchange (FIRE) initiative to help stop fraud and evolve and improve its machine learning and AI detection systems. Meta called on the government to “encourage more cross-industry collaboration like this.”

In a statement to CNBC Thursday, the tech giant stressed that banks, including Revolut, should look to join forces with Meta on its FIRE framework to facilitate data exchanges between the firm and large lenders.

FIRE “is designed to enable banks to share information so we can work together to protect people using our respective services,” a spokesperson for Meta said last week. “Fraud is a multi-sector spanning issue that can only be addressed by working collaboratively.”

Read the original article here