09/16/2024 | Press release | Distributed by Public on 09/16/2024 07:26
Readers of this blog know that financial institutions are not required to bear the cost of authorized push payment (APP) fraud. When a person is tricked into making a payment to a criminal enterprise, the fraud loss is the consumer's responsibility under Regulation E of the Electronic Funds Transfer Act, as illustrated by this helpful chart (see below) from a July 2024 report by the US Government Accountability Office (GAO).
However, all of us also know that consumers are being overwhelmed by powerful, psychologically manipulative attacks by criminal enterprises. We're familiar with the horror stories of life savings lost, five-figure wire transfers, and victims scared by threats of arrest or physical harm. Whether the consumer's responsibility or not, this is everybody's problem.
At meetings over the last few days, I have heard repeatedly that individual business entities are powerless to make real progress against scams that result in APP fraud. Therefore, the solution may be collaboration among all the parties to the payments supply chain, broadly defined. These parties include not only financial institutions, payments processors, clearing houses, and networks but also telecom and social media companies, regulators, law enforcement agencies, merchants, and consumer educators. The GAO report recommends such a "multisector approach."
Information-sharing using a common and consistent terminology is a foundational approach for such collaboration. The Fed's ScamClassifier, for example, defines scams as "the use of deception or manipulation intended to achieve financial gain" and categorizes scams as buying and selling scams (merchandise, investment, real estate); trusted party betrayal (family or friend, for example); and imposter scams (romance imposter, government imposter, bank imposter, business imposter). This is a voluntary tool for information sharing that enhances detection, reporting, and mitigation within an organization but, importantly, across the payments supply chain as well.
Another promising effort is the Aspen Institute's National Task Force for Fraud and Scam Prevention, which begins its activities next month. The task force's 33 members include the US Department of the Treasury, large merchants, financial institutions, financial industry trade associations, card networks, tech companies, and data aggregators. It is a holistic approach that brings stakeholders together.
It seems reasonable to expect receiving financial institutions to do more, if for no other reason than to guard against reputational risk. New Nacha rules taking effect in mid-2026 require institutions to establish and follow procedures for ACH credits received that are potentially suspicious or fraudulent. The rules aim to enable quick return of fraudulent transactions. New rules in the UK also provide a roadmap for collaboration and could provide a model for the United States. Confirmation of payee is an account name verification service, by which the receiving institution must validate account names before a payment is initiated.
In addition, we could also ask the telecom companies and law enforcement to step up. For example, scammers commonly claim to be federal agencies or big retailers while using a fake caller ID. Imposters are likewise rampant on social media. On a personal level, when I called the police to report that a relative was besieged by callers trying to get her to fall for a common tech support scam, the officer could only advise, "Tell her not to pay it." In my view, additional training and counseling protocols-and presumably increased resources-could be helpful for law enforcement at the local level.
As many experts point out, networks are only as strong as their weakest link. Collaboration strengthens the chain. You can join the community of scam fighters at https://fedpaymentsimprovement.org/.