We’ve been campaigning to improve protections for victims of authorised push payment (APP) scams for more than four years – here’s our progress so far, and our concerns.
Our campaign has resulted in hard won benefits for people – including the landmark Contingent Reimbursement Model Code introduced in 2019.
This voluntary set of guidelines was the first document to set out formal protections for APP scam victims. It committed signatories to improve fraud protections and provided guidance on how victims should be treated and reimbursed.
Authorised push payment (APP) – or bank transfer – scams are scams where a person is tricked into making a payment to someone who they think is a legitimate recipient (could be a business, a formal body like a bank or a solicitor, or an individual), but who turns out to be a scammer.
It was thanks to Which?’s super-complaint in 2016 that the Code was introduced, and it currently covers the vast majority of the industry. Since its creation we have kept a close eye on how signatories have interpreted and implemented it to make sure that it is working for victims.
Although the Code was introduced in May 2019, APP scams continue to be a major issue today with the latest figures suggesting that around 350 people fall victim to them every day with hundreds of thousands of pounds being lost. In the first six months of 2020 more than £200m was stolen.
Is the Code being undermined?
We have become increasingly concerned over the last 18 months that banks signed up to the Code are interpreting and implementing it in a way which is undermining its effectiveness.
Thanks to the work of our policy, investigations, and Money Helpline teams we have been able to identify numerous ways and hundreds of examples where banks are letting down victims. These include:
🔸 Banks relying on having shown a victim a warning before they made an online payment, despite not producing any evidence that these warnings work
🔸 Banks not properly assessing whether a victim was more susceptible to being scammed (for example due to a pre-existing mental health condition or going through bereavement), or not taking into account evidence provided to them by the victim
🔸 Banks treating victims as fraud experts and expecting them to have taken unreasonable steps to question the scammer or verify who they were paying
Reimbursement rates of victims also remain worryingly low, at an average of about 45%. Figures published by the regulator last year suggested that some firms’ full reimbursement levels have been in the single figures.
Industry has been able to get away with this haphazard implementation of the Code due to the lack of proper regulatory oversight. In our view, the PSR’s approach has been slow and has lacked the decisiveness that is needed for such a potentially life-changing issue.
Implementation of the Code
The evidence that the voluntary Code isn’t working as it should be has been well known for well over a year, yet the PSR has continually looked to others – particularly industry – to bring forward solutions and to fix the issues, rather than making the tough decisions itself.
It handed the day-to-day running of the Code over to the Lending Standards Board, an industry-funded group with no formal regulatory powers. And it has failed to set out a clear, decisive regulatory framework and direction of travel to move us towards a system of mandatory protections.
Last month, the PSR published its latest call for views on APP scams which again suggested that the industry needs to improve, but failed to give a clear indication that swift changes would be forthcoming.
There are some promising ideas in there – particularly around publishing transparent data on the reimbursement rates of firms, but the pace of action – publishing this document followed by another consultation in the autumn – is causing harm to victims who desperately need certainty and support.
We will continue to work constructively with the PSR on this issue. It is vitally important, however, that they work quickly and decisively to create a mandatory set of protections for victims which can replace the voluntary Code.
If they need more powers in order to do what is needed then the government needs to give these to them as quickly as possible.
We want to continue to build our understanding of how victims are being failed by the current system. If you’ve been a victim of an APP scam and need support or would like to share your story, please let us know in the comments.
If you’ve prefer to do so privately we can be reached via Which? Conversation’s mailbox here.