Categories

Scamdemic – vulnerable, with little protection and few arrests (John Bertrand)

UKFinance1 announces a saving of £32million in fraud in the first half of 2021 with bank branches, building societies and Post Offices working with the police through the Banking Protocol rapid response scam process.  Noting the scheme had led to 934 arrests since 2016, an average of 190 per year. This is good, traditional police work coordinated with bank staff and represents less than 10% of annual fraud.  

Over 90% of the fraudsters would ‘tut’ at their colleagues not using technologies that helps keeping them safe from being arrested. Invisibility is the best way for fraudsters to avoid being caught. The Police are involved after the crime is committed or intercepting the crime in progress. The Banking Protocol is an example of the latter and as bank branches are contracting rapidly so technological/regulatory solutions are needed to prevent this successful approach to fraud disappearing.

After the crime was committed fraud cases reported to ActionFraud2, the Police reporting centre, rose 33% to 430,000 cases last year and less than 5,000 arrests. Again10% of total fraud and leaves the question of how we handle the other 80%.

The regulators need to respond to this Scamdemic with a greater sense of urgency and authority, for example, The Payment System Regulator (PSR), has introduced two measures, Contingent Reimbursement Model (CRM) Code and Confirmation of Payee (CoP). 

  1. CRM Code hasn’t led to the reduction in APP scams, or the level of protection for victims3. In spite of PSR warnings, client reimbursement rates did not improve significantly during 2020, with the average across the CRM Code signatories remaining below 50%. To quote PSR said “we’d take action if the industry didn’t improve customer outcomes”. 

The wide variation in reimbursements across different banks in the programme makes it a lottery. Barclays has reported 74% reimbursement and two unnamed banks less than 10%. CRM is voluntary not compulsory as is the reporting.

  1. CoP has now been installed in the original six banks and the fraudsters have definitely noticed. They have moved their accounts to non-enabled CoP banks. This way fraudsters can explain that their bank does not offer CoP to the victims and still take the Payer money from bank with CoP.  

Bank fraud is a billion pound business with 36 million4 people targeted by scammers since January 2021.  While over 55s are most likely to be targeted, those under 34 are almost 5x more likely to fall victim.  Compared to the first five months from 2020 the number of scams reported doubled, unsolicited email up 7x and telephone calls up 60%.

The regulators need to respond to this Scamdemic with a greater sense of urgency and authority, for example, The Payment System Regulator (PSR), has introduced two measures, Contingent Reimbursement Model (CRM) Code and Confirmation of Payee (CoP).

1. CRM Code hasn’t led to the reduction in APP scams, or the level of protection for victims3. In spite of PSR warnings, client reimbursement rates did not improve significantly during 2020, with the average across the CRM Code signatories remaining below 50%. To quote PSR said “we’d take action if the industry didn’t improve customer outcomes”. 

The wide variation in reimbursements across different banks in the programme makes it a lottery. Barclays has reported 74% reimbursement and two unnamed banks less than 10%. CRM is voluntary not compulsory as is the reporting.

2. CoP has now been installed in the original six banks and the fraudsters have definitely noticed. They have moved their accounts to non-enabled CoP banks. This way fraudsters can explain that their bank does not offer CoP to the victims and still take the Payer money from bank with CoP.  

Banks and regulators must encourage greater usage of technology. Banks give the fraudsters access to their bank accounts. The fraudster or surrogate/Mule have to open a bank account before they can commit fraud. Banks gather information and check documents from the account opener. Banks need to know who you are (KYC) and check continuously for money laundering (AML). 

How 22,000 fraud cases last year could be closed without a suspect being identified shows the banks KYC and AML procedures may need to be revisited by the regulator.  

In addition, the banking industry needs to be fully committed to CRM and CoP. This means making them regulatory requirements. History shows voluntary/self-regulation simply does not work. The bank regulatory or the UK Government, the savers of banks in the last financial crisis, must adapt faster and help stop this Scamdemic quickly.  

PSR oversees 200 plus financial institutions and CRM and CoP are not compulsory and used by less than 10% of the banks. After two consultations on CoP with the Banking and Payments industry, action is promised, hopefully faster than Yes Minister (https://www.youtube.com/watch?v=iKYEUXlYcSI)

UKFinance1 https://www.ukfinance.org.uk/press/press-releases/£32-million-fraud-stopped-finance-industry-and-police-first-half-2021

ActionFraud2 https://www.thetimes.co.uk/article/fraud-soars-but-police-abandon-22-000-cases-trq0sq3lr

Victims3 https://www.psr.org.uk/media/jhsj1f0j/psr-annual-report-2021-opt.pdf

36million2 https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/36-million-brits-targeted-by-a-scammer-so-far-this-year/

Source