Banks warned over fraud loophole

UK banking groups have been warned against using a loophole in new fraud compensation rules that means victims are not protected if they are targeted by another customer of the same bank.
The City watchdog has told finance executives they should be mindful of separate regulations requiring banks to provide good outcomes for customers if a victim is not covered by rules that force firms to pay out compensation of up to £85,000.
The Financial Conduct Authority has issued the warning following the introduction of new regulations designed to protect victims of so-called authorised push payment (APP) fraud, which saw criminals steal £214 million in the first half of 2024.
The FCA has outlined concerns about victims who are not protected if the fraudulent transaction takes place between customer accounts at the same banking group, rather than between two separate banks, as these can be routed through internal systems not covered by the regime.
The reimbursement regime administered by the Payment Systems Regulator will only protect payments made through the external channels for moving money known as the faster payments system (FPS) or the clearing house automated payment system (Chaps), but it does not cover so-called internal book transfers or intra-firm payments.
The FCA has said in a letter to banking executives that customers were “unlikely to understand” they do not receive the same level of protection for fraud committed using these internal bank channels.
The letter said: “We are therefore concerned that consumers will not understand if they receive a lower level of protection in respect of an intra-firm payment, compared to a payment made by FPS or Chaps, and that this will lead to poor customer outcomes.”
The regulator has told executives they must still “deliver good outcomes” for victims who are not covered by the new regime, because firms are bound by separate regulations known as the consumer duty. The FCA said any firms offering a lower level of protection to these victims must be able to explain how their conduct complies with these separate rules, which were introduced in 2023.
The FCA added: “We will use data arising from the reimbursement regime to monitor for consumer breaches and inadequate systems and controls, and ensure that it is effectively protecting customers against APP fraud without adverse impacts on the broader payments system.”
Fraud losses from APP scams fell by 11 per cent to £214 million in the first half of this year, according to new data from UK Finance, an industry group representing financial firms. The total number of cases fell 16 per cent to 97,344. The industry’s reimbursement to victims was £126.7 million.
Ben Donaldson, managing director of economic crime at UK Finance, said fraud “continues to pose a major threat in this country” and can cause “severe psychological harm to victims”.
He said: “This isn’t a fight we will win alone, as our data again shows that most fraud originates online and via telecommunications networks. There have been some improvements made by other sectors, but their actions don’t yet fully match the scale of the problem — more needs to be done to prevent fraudsters exploiting these platforms and networks.
“Earlier this month we saw the introduction of new APP reimbursement rules for customers and while reimbursement is important in the fight against fraud, it can only be part of the solution.”