Fraud Thoughts (Part III)

What’s Next? Scam Liability Edition

Scams, scams, and more scams. Scams continue to achieve success and show no signs of slowing down – FTC data shows consumers lost $8.8 billion to scams in 2022, up 30% over 2021 losses; I expect 2023 numbers will show continuing growth. And, it’s safe to say that we have all been targeted by or fallen victim to a scam – a survey among adults in the US found that 45% of respondents encountered scams daily. Let that soak in.

Unsurprisingly, with skyrocketing losses and the detrimental impact on victims, the question of who is liable has been discussed in the US among public officials…

“The CFPB must update and strengthen regulations governing the obligations of banks to repay customers who are defrauded on Zelle and other peer-to-peer payment platforms.” – Senator Elizabeth Warren

Senator Warren’s statement focuses on Zelle fraud – which is part of a broader grouping, push payments. Push payment scams happen when someone is tricked into making a payment to criminals posing as a legitimate organization, such as a bank. Scammers may also pretend to be selling goods or services that do not exist – like Facebook Marketplace.

How are other countries handling scam liability?

This shift has already happened in the UK – the requirement to refund people tricked by scammers will be implemented in 2024. The requirements for banks and other payment companies unveiled by the Payments Systems Regulator (PSR) in the summer of 2023 are designed to ensure more consumers will get a refund if they fall victim to the push payment scams.

The UK is not alone – a September 2023 announcement from Singapore officials stated that next month, they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses from scams.

What is happening in the US?

Regulation E (Reg E) determines the conditions under which financial institutions will reimburse their customers for unauthorized electronic transfers. Updates to Reg E have been issued over the years. However, one thing continues to stand — if the customer performed an authorized transaction – even if they were manipulated into doing so by a scammer – they will not be covered under Reg E, and the bank will not be liable to reimburse customers.

How soon will the US follow in the footsteps of the UK or Singapore?

That is the million-dollar question. The bottom line is that the liability shift is looming. Following the OCC’s 2019 fraud risk guidance and propelled by the significant surge in fraud over the last two years, financial services organizations have experienced a noticeable uptick in regulatory actions against fraud programs.

Regulators are now taking a closer look at how fraud programs are structured and governed. Recent focus areas for regulators have included fraud governance and oversight across lines of business, fraud risk management policy, metrics, and reporting, including board-level reporting, training and awareness for employees and customers, and internal fraud monitoring.

This tells us that the focus on consumer protection through strong fraud management capabilities is paramount, and scam intervention should be top of mind for institutions as we prepare for a potential liability shift in the US.

---

We will explore this topic more in the next edition, covering historical approaches to scam intervention in the US and fit-for-future solutions.

How is your organization tackling scams? Let me know what your organization is experiencing and any questions in the comments, or message me directly.