How does Prommt help prevent APP Fraud within Open Banking Payments?
Adam Ball, Chief Commercial Officer at Prommt, discusses how Prommt helps prevent APP fraud within open banking payments by boosting payer confidence and preventing malicious redirection through the power of context.
Boosting payer confidence and preventing malicious redirection through the power of context.
Authorised Push Payment (APP) fraud takes many forms – impersonation, requesting payment to the wrong account, or even getting a victim to pay for goods or services that the fraudster benefits from. As a responsible business, delivering secure payment requests on behalf of many large merchants, and acting on their behalf with their customers, we take security very seriously.
At Prommt, we’ve continued to see the rapid adoption of Pay by Bank since our mid-2022 open banking launch, with now the majority of our clients benefiting from increased fraud protection, substantial cost savings, and positive responses from their customers.
Our recent report on client adoption and success with Pay by Bank shows a 100 percent increase in open banking adoption rates in just the past six months. Our clients tend to have a high transaction value, and we are seeing that the average transaction value (ATV) for an open banking payment (€4,679) is four times higher than the ATV for a card transaction (€1,147).
With the increasing popularity of open banking payments driven by regulation, underpinned by the UK’s Faster Payment system and a European SEPA Payments system which is finally about to mandate Instant Payments, there is no doubt that fraudsters are following closely and exploiting weaknesses. This has already emerged in the form of APP fraud.
What is APP Fraud?
APP fraud employs social engineering tactics, with fraudsters manipulating customers into approving payments from their accounts. In the first half of 2023 alone, losses totalling 239.3 million GBP were reported as a direct consequence of these scams. There are many types of APP fraud, including purchase and invoicing scams, phishing, romance scams, CEO impersonation scams, etc., but APP fraud is broadly categorised into two types:
- ‘Malicious payee’: In this scenario, individuals may fall victim to scams involving the purchase of non-existent or undelivered goods.
- ‘Malicious redirection’: This occurs when a fraudster persuades the victim to transfer funds from their bank account to the fraudster’s account.
Until this point, such malicious actions have resulted in a loss to the payer, and restitution has been down to best efforts from the banking community. However that is about to change, with new UK regulations introducing greater consumer protection.
Mandatory Reimbursement for APP Fraud
The Payment Systems Regulator (PSR) has introduced compulsory reimbursement requirements for APP fraud within Faster Payments. Designed to spur proactive measures, the new mandate will apply to all Payment Service Providers (PSPs) under the policy, covering high-street banks, building societies, and smaller payment firms. It is effective from 7 October 2024, and requires:
- Payment firms to reimburse all in-scope customers who fall victim to APP fraud within 5 working days.
- Both sending and receiving PSPs to split the costs of reimbursement 50:50.
- Banks and payment firms to ensure their customers are protected under consistent minimum standards, and provide additional protections for vulnerable individuals.
How does Prommt help prevent APP Fraud?
Prommt helps retailers to secure remote payments by sending payment links through email, SMS and via share link, so it’s important that we secure that journey, give confidence to the payer, and minimise as much as possible the opportunity for fraud. We do this by providing clear context through compelling and trustworthy merchant to customer communication.
Prommt ensures clear and effective merchant-branded communication with payers every step of the way. We take pride in assuring every interaction is not just a transaction but a well-informed payment conversation. This process involves attaching rich context into each transaction, creating a meaningful and transparent experience.
Persistence of Payer and Purchase Data
Our emails are configured to originate at the merchant domain, emails are designed to align with merchant branding and the payer is brought to a checkout on the merchant website. The payer will always be addressed by name, and the purchase details will be presented along with other reference data. This information is then presented on the checkout page, and in all follow up receipts and messages. This minimises the chance of the customer being duped into paying for someone else’s order. “Verified Sender” functionality within messaging ecosystems like iMessage and RCS will eventually bring more confidence to this journey.
Confirmation of Payee (CoP)
CoP is a key means of protection. When the customer is passed through to the bank environment to approve payment, they will see the confirmed name of the business they are paying. CoP has been mandated for all UK banks and payment service providers that offer Faster Payments, meaning the payer will always be presented with the name of the business they are pushing a payment to.
This doesn’t remove the obligation on the customer to pay attention to the payment, but it equips them with all of the information they need to make a decision.
At Prommt, our dedication to staying one step ahead of fraudsters is a commitment and embedded in our practices. We remain vigilant, staying abreast of emerging fraud tactics, speaking regularly with our merchants large and small. We actively advocate for best practices, including advising merchants to verify the identity of recipients before delivering goods or services by requesting them to show their Prommt payment receipt. This quick check ensures that the right person receives their order, adding an extra layer of security to the transaction.
By continually adapting and enhancing our strategies, we aim to provide a secure and transparent environment for both merchants and payers, contributing to the ongoing success of open banking payments worldwide.
Of course, Prommt also conducts comprehensive KYB checks on new merchants ensuring another layer of trust and traceability. Our KYB approach involves rigorous checks, delving into the verification of financial documents and reviewing the backgrounds of board members. We conduct regular checks on the bank accounts behind Prommt’s clients.
In addition, our support team stands ready 24/7, ensuring that our clients have the assistance they need whenever they need it.