APP fraud performance data

The other topic on APP fraud is closed, and wasn’t sure if this report warranted its own thread or should be lumped in with the fraud scams etc threads, so please do move it mods if you think it would be better there.

This data might play into what @Graham was asking recently, about which banks would you trust to have your bank in cases of fraud. Off the back of that, it’s hard not to say TSB.

But Monzo and Starling? Especially Monzo. This doesn’t do them any favours. Starling particularly given that they were signed up to the code and Monzo were not. The fintechs seem to be popular accounts for committing the fraud too.

There’s so much data to look at and direct here, and I don’t have the time to day to even attempt to assimilate beyond a brief look at a few of the charts.


New mandatory APP Fraud rules coming in October 2024


This is a dogshit obligation on banks honestly

It will not be sufficient for a customer to have merely failed to meet one of these requirements, and the onus will be on the bank to prove that they acted with gross negligence. This is a very high bar, and the PSR expects that a small minority of cases will be subject to this exception. This exception does not apply to vulnerable consumers.

Tl;Dr even if a customer (who is vulnerable) is grossly negligent and basically just sends say, £400,000 to some random person

The bank has to sort the problem themselves to try recover the money and then they have to eat the loss. The bar of “grossly negligent” to begin with is too high, regular negligence shouldn’t cost your bank £400,000

I imagine banks might not deduct the £100 in excess, but definitely will start debanking customers after reimbursing them based on an internal “was this customer an idiot and are they likely to be unprofitable based on potentially one claim every year or two” or some arbitrary metric of the sort

One could argue that both the sending and receiving banks were negligent in facilitating such a transfer between a vulnerable customer and an account used for fraudulent purposes.

Banks can do more to outright prevent these scams from happening in the first place, and preventing fraudsters from opening accounts and using them for fraud.

Banks can also do a lot more to educate and protect potential victims.

The objective of rules like these is to encourage that behaviour from banks. Because there are frictionless and low friction solutions that can outright prevent these scams from taking place in the first place, and a myriad of known, tried and tested methods (though not foolproof, but Monzo’s upcoming features that they teased might be) that can shut them down in their tracks. But some banks just aren’t doing anything.

I think it’s telling from the data I shared when I started this topic which banks customers facilitate both perpetrators and victims of these scams; largely the ones who never signed up to the code when it was voluntary.

And we know from the stuff Monzo shared in response of these results (whilst trying to play them down) that putting things into place to better protect their customers and prevent fraudsters from using their bank to scam people in this way. So it’s achieving the desired result.

1 Like