The UK banks’ trade body has suggested ‘a tiny levy on each payment’ transaction, ‘to provide an insurance pot’ to pay for economic crime such as authorised push payment fraud; and for ‘economic crime protections’ such as the Dedicated Card and Payment Crime Unit, a joint venture between the Metropolitan and the City of London Police and funded by banks.
Stephen Jones, chief executive of the UK Finance trade association, and Colin Bell, group head of financial crime risk for HSBC, were giving evidence to the Treasury Committee of MPs on October 9 as part of an inquiry on anti-money laundering and sanctions regime, and economic crime as it affects consumers. Stephen Jones said: “There is no such thing as a free lunch here. The question is how the cost can be fairly distributed across the system.”
For the full proceedings visit the UK Parliament website. For a UK Finance half year fraud update to September 2018, visit the UK Finance website.
Stephen Jones said: “My own bank has warnings coming up to me when I make an electronic payment asking whether I am being pressurised. Do I really know the person to whom I am paying the money? Is this the first time I am using these bank account details? All of those are deliberate warnings that are put in the system to make me step back and think twice about the payment I am about to undertake.
There may be circumstances where the banks have actually done everything that they should do. In those circumstances, there was originally a suggestion that the bank should nevertheless pay money back to the victim. In some circumstances, banks will pay money back to the victim even if they have done everything that is reasonable, particularly if the victim is vulnerable, Stephen Jones said.
He told MPs: “There is a broad public policy conversation we need to have about who should pay for a victim of crime, which is what we are describing here: your constituent who has been conned into making a payment. Is it the banks that should pay or is it, for example, as in the case of a crime resulting in an injury, a public compensation fund? How should that fund be constituted and how should funds be found for those payments to be made? Where banks have not complied with the standards that are determined in the code, the code suggests that the banks should pay the victims back.”
Meanwhile Colin Bell described the UK’s National Economic Crime Centre as ‘a real opportunity for us, if we land it right’. He told MPs: “Really, it is about political leadership and then dialogue between private and public sector to really land the NECC. If we get that right, the UK has a real opportunity to take a lead internationally in the way we tackle this.”
Comment
Ultimately, the argument is to pass the buck along to consumers, whether they are personally responsible for the fraud or not, said Brooks Wallace, Head of EMEA for cyber crime and fraud prevention company, Trusted Knight.
He suggested that Stephen Jones’ statement demonstrates two things: ‘firstly, that banks are starting to feel the burden of hefty fraud losses through more sophisticated online crime. Secondly, that they are becoming increasingly unwilling to foot the bill’.
“This is a risky route to go down. While some fraud is not the fault of the bank – UK Finance has flagged “authorised push payment” fraud, where a customer is tricked into transferring funds to criminals as an example – often fraud could have been halted if the bank had better fraud prevention in place for its customers. While the banks could argue that losses are down to third-parties – such as payment details being stolen in retailer data breaches – ultimately, financial organisations need to have more rigorous procedures for identifying and stopping fraudulent transactions taking place.
“The failure to make a distinction between different types of fraud will mean that banks – who already have a bad habit of writing off fraud losses as the cost of doing business – will have even less incentive to improve their security and fraud posture and fix the root of the problem.
“Mr Jones talks about reducing financial incentives for cyber criminals, but asking consumers to pay the bill does nothing to stop the ultimate payday for the criminal. Rather, it seems like a cynical attempt among banks – who know that online crime is growing – to shift financial responsibility to the customer before it really starts to impact their bottom line.”
See also a Trusted Knight blog.
