Our Senior Product Owner for fraud, Rujina Eesa, recently joined a panel of fellow industry experts at the Payments Leaders’ Summit to discuss how the industry can secure payments against fraud and our Confirmation of Payee service.
Attended by leading representatives and senior decision makers from across the payments community, this year’s two-day conference explored payments innovation, regulatory shifts, open banking and risk management.
During the session ‘Guardians of the Transaction: Securing Payments Against Fraud’, the panellists debated:
- How the industry can adequately protect consumers from authorised push payment (APP) fraud
- The biggest challenges in balancing frictionless payments with robust fraud protection
- Whether social media and technology companies should take more responsibility in protecting customers from fraud.
Protecting customers from APP fraud
Rujina initiated the conversation by introducing Pay.UK and explaining our role as the operator of the Bacs, Faster Payment and Image Clearing Systems for the UK (as well as other services, such as the Current Account Switch Service and Confirmation of Payee). She further highlighted our responsibility to monitor the compliance of all in-scope payment service providers (PSPs), in line with the recent APP reimbursement rules.
Rujina explained that in 2023, payment fraud in the UK accounted for over £1 billion worth of losses, of which £460 million (UK Finance) was associated with APP fraud, and 98% of this was made using the Faster Payment System. Whilst this appears significant, over the last few years, data has shown that the volume of cases associated with APP fraud has consistently decreased which can be attributed to:
- An increase in fraud prevention measures across the industry
- The Confirmation of Payee service, delivered centrally by Pay.UK as the UK’s payment systems operator
- Regulatory changes, such as the implementation of the Payment Systems Regulator’s (PSR’s) new mandatory reimbursement scheme for victims of APP fraud.
Although the implementation of the reimbursement regulations has been a positive step towards reducing instances of fraud, its reactive nature is not enough to combat fraud by itself, and the panel agreed that detection and prevention are key to mitigation. The payments ecosystem must therefore work together to adopt a proactive, multi-layered approach that combines various complementary strategies and technologies, such as consumer education, balancing friction and efficiency during the payments process, and data sharing and analytics.
Another important element to the detection and prevention of fraud is the prediction of fraudulent activity, and Rujina discussed how behavioural analytics can support this from the start of the payments journey to build a picture of the consumer. For example, when making Know Your Customer checks, PSPs can use data analytics tools to understand who their customers are, and if they are an account-holding customer, ascertain when they shop, how they shop and what they are most likely to buy. This enables the PSP to spot irregular transactions early on and confirm with the customer whether the payment is legitimate or fraudulent.
Balancing frictionless payments with security
The panel discussed whether the level of friction in payments should be determined by the value of each transaction. For example, when purchasing a coffee, consumers want a quick and easy transaction. However, when buying a car, the end user expects much more security, with certainty that the payment is going to the right person or business. This is where Confirmation of Payee, Pay.UK’s account name-checking service has been successful, helping to reduce misdirected payments and providing greater assurance to end users that their payments are being transferred to, and collected from, the intended account holder.
Rujina explained that in her previous role as a risk manager, the adoption of a dynamic approach was the most effective way to proactively identify, evaluate, and manage risks as situations evolve – a strategy she believes must be applied if we are to stay one step ahead of the fraudsters. By identifying vulnerabilities before threats materialise, risk engines can adopt a predictive approach, enabling proactive measures to reduce risk and enhance security. For example, in cases where a PSP maintains an account for a customer who frequently makes transactions, the payment process should be seamless, as the PSP is already aware of the customer’s reliability. In contrast, if the PSP’s customer is a new account holder who resides overseas, an increased level of friction should be applied.
The role of social media and technology companies in fraud prevention
The panel went on to debate what role social media and technology companies should take in combating fraud and agreed that shared liability, alongside the banks, is the way forward. Rujina referenced the new APP fraud reimbursement rules, explaining that since their launch in October 2024, both sending and receiving PSPs share liability for reimbursing victims of APP fraud. As mentioned, early data shows that the volume and the value of APP fraud is decreasing, and this shared reimbursement responsibility is considered a contributing factor.
The panellists concluded that with 75% of online fraud originating on social media (UK Finance), sharing this reimbursement liability with social platforms and technology companies will unquestionably facilitate further controls and protection for customers. The key challenge in achieving this, however, is the coordination between different regulators to establish a framework for shared liability.
Rujina said: “Events such as the Payments Leaders’ Summit are vital for bringing industry representatives together to understand the intricacies of our individual strategies and explore ways forward in combatting fraudulent activity. There’s so much more we can do as an industry to detect and prevent fraud. Reimbursement alone is not enough, and we must adopt a multi-faceted, proactive approach, which supports shared liability, embraces the power of data analytics, and finds smarter ways to balance friction and security in every transaction, to stay one step ahead of the scammers.”
