Britain’s banks have failed to protect online users from push scams, according to the Payment Systems Regulator (PSR), as it sets out a number of reforms to combat fraudulent activity.
The PSR has published a response to a “super-complaint” made in September by consumer watchdog Which?. The complaint identified a lack of protection for consumers that had suffered at the hands of an authorised push payment (APP) scam – so-called “push scams”.
Push scams refer to fraudulent transactions where an online user is tricked into transferring money into an apparently legitimate account. In most cases, the transactions are completed instantly and cannot be recalled.
The consumer group claimed that compared to other kinds of fraudulent behaviour, push scams had not been sufficiently targeted by banks and the PSR.
The regulator has set out the following proposals for banks to follow in order to combat push scams.
1. Address the “clear lack of data” by collecting and publishing scam statistics
2. Work harder to identify fraudulent payments before they are processed
3. Establish a set of industry best practice standards, so a common approach is taken to push scams
However, the PSR recommendations did not make any mention of a responsibility of banks to compensate for push scams, as advised in the Which? complaint.
Commenting on the PSR recommendations, Hannah Nixon, the regulator’s managing director, referred to the “tens of thousands of people” that have been hit by push scams.
“We need a concerted and co-ordinated industry-wide approach to better protect consumers, and we need it to start today,” she said in a statement.
For small business owners, the threat of online crime has grown in recent years.
According to a study by business law specialists Slater and Gordon, the average micro company is targeted by a scam three times a year, with £260m going unreported every 12 months.
Despite the worrying statistics, the Federation of Small Business (FSB) reported in June this year that nine in ten small company owners have taken steps to protect their business from online crime.
To help owners better anticipate fraud, HMRC recently revised its guidelines to help people recognise push scams in their inboxes.
The main red flags identified were the use of an incorrect “from” address that attempts to imitate a legitimate sender, and emails that insist on “urgent action required”.
HMRC also reminded business owners that it will never request personal details through an email, with all sensitive information only taken through its own online portals.
Worried about how protected your company is from push scams? Don’t miss these 12 routes to business protection.
Sign up to our newsletter to get the latest from Business Advice.