PSR responds to Which? super-complaint
On 16 December 2016, the Payment Systems Regulator (PSR) responded to the Which? supercomplaint which was lodged in September 2016. The super-complaint focused on consumer protection from authorised push payment (APP) scams. APPs are made when customers instruct their bankers to make payment from their account to another account having been tricked into believing that the recipient account belongs to a legitimate payee. Which? was concerned that customers who fall victim to APP scams are not sufficiently protected, especially compared with other payment types.
The PSR was asked to investigate:
- the extent to which payment service providers (PSPs) could change their behaviour to minimise the impact of APP scams; and
- possible changes to legislation or regulation, to change the incentives on banks and payment system operators, and to ensure that more is done to manage the risks from these types of scams and to protect consumers from harm.
The PSR reviewed evidence following a statutory information request sent to the six largest providers of payment accounts and operators of UK payment systems; meetings with over 35 external stakeholders and a survey of 2,000 UK adults and other sources and identified the following:
- improvements need to be me made to the way banks work together in responding to APP scams
- some PSPs could do more to identify and prevent fraudulent payments
- improvements needs to be made regarding the quality and scope of data collection covering the scale and type of APP scams.
The PSR, with support from Financial Fraud Action UK, are to work together to bring about change.
What this means for you
The PSR has produced a factsheet summarising the key points of its response. The response is relevant to all PSPs.
At this stage, the PSR is not minded to implement either of the potential options proposed by Which? to make PSPs liable for reimbursing victims. The PSR found that the evidence available is insufficient to justify the proportionality of either option and could result in unintended consequences. However, the PSR is proposing a package of work to make fraud more difficult and less prevalent. The PSR also wants to increase the chances that victims of APP scams will be able to get their money back. The PSR noted that there is already a range of work planned which has the potential to address harm caused by these scams. This includes the work of the Joint Fraud Taskforce and other initiatives announced in the Payments Strategy Forum’s final strategy (see below).
The PSR has agreed a programme of work with Financial Fraud Action UK which the banking industry will lead on as follows:
- (working with the ICO as appropriate) to develop a common understanding of what information can be shared and the key legal barriers to sharing further relevant information
- to develop a common approach/best practice standards that all PSPs should follow when responding to reported APP scams. The PSR expects this to cover issues including the availability of fraud specialists and processes for agreeing indemnity agreements between the banks
- to develop, collect and publish robust APP scams statistics to address the lack of data on the scale and scope of this problem and to enable monitoring over time.
In addition to the above, the FCA is to:
- work with firms to tackle concerns around both sending and receiving PSPs regarding APP fraud
- FCA supervision will examine the evidence received in relation to the super-complaint to address any firm-specific issues directly
- initiate further work if there are unresolved sector-wide issues.
The PSR will publish terms of reference for the programme of works in the first half of 2017 and publish its findings in the second half of the year. For now, the PSR’s response provides welcome assurance for PSPs, in that their current standard of practice in dealing with APP scams will generally not attract liability to compensate victims. The PSR’s response also reconfirms settled banking and legal principles in respect of Faster Payment and CHAPS payment schemes, whereby receiving PSPs are not obliged to check the beneficiary’s name for correspondence with other identifiers, such as the account number and sort code.
New guide on UK interbank payment schemes published
On 15 December 2016 Bacs Payment Schemes Ltd, CHAPS, Cheque and Credit Clearing Company, Faster Payments and LINK published a guide on the UK interbank payment schemes.
The guide is designed for payment service providers that are contemplating joining or extending further payment services to their customers. The guide:
- gives an overview of UK payment schemes
- outlines what each payment scheme offers
- explains accessibility to each of the schemes.
The payment systems operators have received support with the guide from the Payments Strategy Forum, FinTech firms and challenger banks.
What this means for you
This guide applies to any payment service provider (PSP) which is looking to join or extend further payment service to its customers.
The documents gives a basic overview of the payment schemes, what they offer, access criteria and then directs the PSP to the appropriate contact to engage with a particular scheme. Cost considerations are also included for some of the schemes.
PSR publishes ownership and competitiveness of infrastructure provision remedies consultation
Following the publication, in July 2016, of the final report on the market review into the ownership and competitiveness of infrastructure provision, the Payment Systems Regulator (PSR) has issued a remedies consultation. Launched on 7 December 2016, the consultation period ends on 1 February 2017.
The consultation sets out the PSR’s recommendations for remedies relating to the competitive procurement of future infrastructure contracts and messaging standards. The divestment remedy is not covered as this stage given the proposed MasterCard acquisition of VocaLink and the Competition and Market Authority’s ongoing merger control process.
The proposed remedies are:
- Two specific directions under section 54 of FSBRA requiring that if the operators of the ‘BACS’ and ‘Faster Payment’ payment systems contract for the provision of central infrastructure, it is competitively procured at least every ten years, except in exceptional circumstances. This procurement must enable the use of ISO 20022 messaging standards.
- A specific direction under section 54 of FSBRA requiring that if the operator of the ‘LINK’ payment system contracts for the provision of central infrastructure, it is competitively procured at least every ten years, except in exceptional circumstances.
- Two specific directions under section 54 of FSBRA requiring the operators of the ‘BACS’ and ‘Faster Payments’ payment systems to make documentation available to allow conversion between existing messaging standards and ISO 20022.
Feedback is requested on the draft specific directions outlined in Annex 3 of the report.
What this means for you
The PSR has published a consultation that sets out a number of changes it is proposing as part of its market review into the ownership and competitiveness of infrastructure provision. The PSR found in its final report into the ownership and competitiveness of the infrastructure that support the three interbank payment systems that there was no effective competition in the provision of central infrastructure services for these systems. The PSR is of the belief that this is impacting the people and business that use payment systems, so it is proposing a range of measures to deliver change and improvement for users.
The PSR is consulting on the detailed design of two of the proposed remedies in its final report, competitive procurement of future central infrastructure contracts and messaging systems. The study on costs and benefits of migration to ISO 20022 in SEPA is part of the PSR’s work on the remedies.
Operators and direct payment service providers should pay particular interest to this consultation and consider the remedies that the PSR is proposing. A final decision is expected in Spring 2017 and, given the potentially significant additional costs that could arise from the implementation of the proposed remedies, those who may be affected should look to provide feedback to the PSR on the questions asked during the consultation period.
UK payments industry undergoes shake up
On 29 November 2016, the Payment Strategy Forum (PSF) published its final strategy for overhauling the current payment systems and putting the interests of those that use payments services centre stage. The Payment Systems Regulator (PSR), which set up the PSF from consumer groups, fintechs and UK banks and building societies, touts this strategy as the start of the biggest change in a generation for UK payments.
Hannah Nixon, Managing Director of the PSR, said:
"The payments industry, including the technology, infrastructure, services offered to users, is going through the type of wholesale change that is only seen once in a generation. When people look back at the evolution of payments in the UK, these will be the years that they will talk about and say, that’s when things changed.
"There is still more work that needs to be done, but the way the Forum has approached this challenge over the past year is a testament to how, through teamwork and collaboration, much progress can be made. There were some doubts when the Forum first launched as to whether competitive organisations could put their differences aside and develop a strategy to collaborate to deliver and better payments outcomes for consumers."
Focusing on collaborative innovation the strategy includes initiatives such as consolidating the three retail payment system operators (Bacs Payment Schemes, Cheque and Credit Clearing Company and Faster Payments Scheme) into a new integrated retail payments scheme to ensure a strong systemic risk manager, governance body and procurer of a new generation of retail payments infrastructure for the UK as a whole. Additionally proposals for a new ‘confirmation of payee’ safeguard to help prevent financial fraud and the introduction of ‘request to pay’, will enable customers to authorise a regular payment before it is withdrawn from their account.
What this means for you
The Strategy is seen as the start of an ambitious journey to transform the UK payments systems to address user need. The Strategy outlines key changes which will be implemented into the UK payments systems over the next few years.
The PSF will now begin implementation of the Strategy to the end of 2017. At that stage, the PSF will be replaced by a new Consolidated Payment Systems Operator (Consolidated PSO). The Consolidated PSO will assume responsibility for execution of the Strategy into 2018 and beyond. Work is already underway with the creation of a PSO Delivery Group by the PSR and the Bank of England.
The Strategy will see the introduction of agreed industry guidelines to standarise the approach and reduce system weaknesses which enable financial crime. Also proposed is the implementation of an internationally recognised messaging standard (ISO20022) for interbank payments and ease of interoperability as well as the development of common governance for back-end APIs. This work will be undertaken over the medium term. Over the longer term, a Simplified Payments Platform for retail payments will be designed and assessed.
The PSF is seen as only one part of the shake-up of the UK payments industry. The Strategy sits alongside the work of the PSR to promote innovation, protect from fraud and to increase access to payments systems. The PSR is already incorporating the Strategy into its wider work by responding to the suggestion that the three retail payment should be consolidated to reduce complexity and the cost of multiple payments systems. On this, the PSO Delivery Group will examine the options and report back in March 2017.
Industry sends open letter in favour of retaining a risk-based approach to strong customer authentication
Visa, Payments UK and the UK Cards Association were joined by 40 other industry bodies and companies as co-signatories to a letter sent to Commissioner Dombrovskis (the European Commissioner in charge of Financial Services and Financial Stability) on 23 November 2016. The letter sets out the key arguments in favour of retaining a risk-based approach to strong customer authentication.
The letter, written in response to the European Banking Authority’s proposed Regulatory Technical Standards (RTS) on strong customer authentication, expresses concerns that the existing proposals “…create unnecessary hurdles for a number of different industries, especially e-commerce.”
The signatories fully support the objective of reducing fraud but believe that the EBA should make use of the good work already in hand in the industry, introduce more flexibility in the standards and retain a risk-based approach.
The aim of the letter is to urge the European Commission (EC) to collaborate with the EBA on the introduction of a results-oriented and technology-neutral risk-based approach as set out in the Annex to the letter.
What this means for you
The letter expresses strong concerns across the industry regarding the implementation of the EBA’s proposed draft RTS on Strong Customer Authentication in their current form. The letter will be of interest to all organisations who will have to implement the RTS for Strong Customer Authentication once they are adopted and come into force.
The signatories are hoping to urge the EC to work with the EBA to incorporate a differing risk-based approach – results-orientated and technology-neutral rather than a threshold-based technology-specific approach. It is hoped that a risk-based approach will foster continued decline in fraud but won’t enforce hard rules that could lead to stifled sales and impact the customer shopping experience.