The UK is a frontrunner in the shift to instant digital payments. Now, Britain’s parliament thinks certain transactions may need to slow down to guard against fraud. It is a sign of things to come in other countries, such as the US, that are trying to speed up their aging payment systems.
There is growing concern about scams using bank-to-bank transactions, which can be made pretty much instantly using Britain’s faster payments system. The technology has put the UK at the forefront of speedy online transactions, but there’s no way to reverse these payments, and questions arise about who is liable when things go wrong.
In some cases, fraudsters make phony requests for money through a forged invoice or a fake email from a contractor. Then, they spirit the money away—hopping through a series of accounts in seconds to hide their tracks—before the sender has time to realize the deception.
As this type of fraud becomes more common and sophisticated, the UK Commons Treasury committee recommended a 24-hour delay for first-time payments. This would give consumers a chance to contact their bank if something goes wrong. Future transactions to those accounts would take place instantly, as usual.
Unlike debit and credit card networks, which have certain types of fraud protection, consumers have had little recourse from scams involving bank-to-bank transactions. More than £600 million ($772 million) was stolen through scams, including unauthorized card fraud, in Britain during the first six-months of the year, according to trade association UK Finance.
Around £200 million of that money was stolen through “authorized push payment fraud,” where people were tricked into sending money to an account controlled by a criminal. Some have lost their life savings to these scams, according to Which?, a UK consumer advocacy group.
Not everyone thinks slower payments are the answer. Anne Boden, founder and CEO of London-based Starling Bank, said on Twitter that consumers and businesses rely on speedy payments, and a delay won’t stop fraud from happening.
As concerns about instant transactions grow, some British banks and payments companies have joined a voluntary code of standards, which came into effect in May. The code’s requirements include things like detecting high-risk payments, identifying clients who might be at risk, and delaying or freezing transactions that appear fraudulent, according to Which?. The likes of Starling, Barclays, and HSBC have adopted the standards.
The Treasury committee suggested that signing up to the code should become mandatory. If a bank doesn’t meet the code’s standards, it would refund the customer’s losses. Otherwise, refunds could be provided by a communal pool of funding. Treasury committee MPs indicated that customers who had their money stolen should potentially be reimbursed retroactively as far back as 2016.
Banks are also working on a security system called “confirmation of payee,” which is meant to warn customers when the recipient’s name doesn’t match the one entered by the customer. The system, already behind schedule, is expected to be available at the six largest banking groups by March, according to the Treasury committee. MPs suggested sanctions if IT delays cause the measure to fall behind schedule again.
“It will help in the short term, but fraudsters will develop tools to get around it,” said Jonathan Williams, director at Mk2 Consulting. The key lesson is that criminals are keen to exploit faster payment systems that lack recourse.
The US Federal Reserve, meanwhile, is gearing up to build an instant payment system, called FedNow, that could go live in 2024. That may seem like a long time away—because it is—but at least it gives the central bank time learn from the experience of early adopters, both good and bad.