Follow us

Before it even comes into force, the UK's 'world first' APP fraud reimbursement requirement is starting to look outdated compared to more progressive approaches being considered in other jurisdictions.

Singapore is proposing a 'Shared Responsibility Framework for Phishing Scams' which recognises the concept of shared responsibility between payment services providers, mobile network operators and consumers; and seeks to create clarity on respective duties.

And, closer to home, the European Union is also looking at addressing the APP fraud problem in a more holistic fashion.

Among the proposals being considered as part of the reform of EU payments regulation are that 'electronic communications service providers' play their part by putting in place more technical safeguards to prevent fraud. These include, as a minimum:

  • verifying the legitimacy of all calls and messages that are routed through telecommunication networks;
  • preventing the use of a specific telephone number in violation of its attribution, authorisation, or allocation;
  • preventing the creation of fraudulent websites and preventing internet search engines from displaying those websites in their list of results; and
  • storing proof of IT and identity verification measures, in particular in the event of SIM swap, to evidence that due diligence has been undertaken.

The proposals also envisage that communications service providers would be financially responsible if they fail to put these preventative measures in place:

'If electronic communications service providers fail to establish the technical safeguards […], they shall be financially liable towards the payer’s payment service provider for the amount that the payment service provider has refunded to the payment service user.'

This proposal not only sets out to establish the responsibilities of communications providers with regards to APP fraud but also incentivises them to fulfil those responsibilities.

Questions remain as to how this regime would be enforced, including who would assess whether the relevant safeguards were in place at the relevant time, but nonetheless it is another example of a more holistic approach being taken to the problem than that in the UK.

The EU and Singapore proposals may also have a beneficial side-effect of increasing engagement between payment service providers and communications service providers, providing both with the opportunity to collaborate to prevent fraud.

 

Jenny Stainsby photo

Jenny Stainsby

Global Head – Financial Services Regulatory, London

Jenny Stainsby

Key contacts

Jenny Stainsby photo

Jenny Stainsby

Global Head – Financial Services Regulatory, London

Jenny Stainsby
Jenny Stainsby