Defining the Discretionary “Other Firms” in the “Protecting Consumers from Payment Scams Act”

In early August, the U.S. House Committee on Financial Services introduced the Protecting Consumers from Payment Scams Act, aiming to close loopholes and clarify the Electronic Fund Transfer Act (EFTA) to better protect consumers defrauded during payment processes.

The Act proposes a European-style liability shift for authorized push payment scams, suggesting that losses from fraudulent transactions be shared between the consumer’s financial institution and the receiving banks or payment service providers.

Additionally, it suggests extending liability to “other firms” that facilitate payments, encouraging them to enhance fraud prevention efforts and comply with new regulatory requirements.

Understanding the Role of Discretionary Firms in APP Fraud

For the mysteriously discretionary “other firms that materially help facilitate the payments”, the first step in preparation for the liability shift will likely be to understand who those firms might be that could be targeted by this new regulation. There are a lot of players that, knowingly or unknowingly, participate in the process of the consumer scam and the resulting fraud.

To review, in APP fraud, fraudsters trick the payer into authorizing a payment to a fraudulent payee, often by manipulating payment instructions under the guise of a legitimate request. This type of fraud exploits weaknesses in various payment methods, such as bank transfers, where the responsibility for the transaction lies heavily on the payer.

Authorized push payment scams, a specific type of push payment fraud, occur when fraudsters deceive individuals into authorizing payments under false pretenses, exploiting the trust between payers and payees. These scams highlight the critical need for robust security measures and education to prevent authorized push payment fraud.

Broadening the Scope of Responsibility for APP Fraud

The Payment Systems Regulator (PSR) plays a crucial role in addressing these vulnerabilities in the UK by enforcing payment services regulations designed to protect both payers and payees. However, the rapid nature of faster payments requires continuous updates to these regulations to keep pace with evolving fraud tactics, ensuring that both payment instructions and execution processes are secure and that victims are adequately protected.

Of course, APP fraud often targets victims through vulnerabilities in faster payments systems, where the speed of transactions can make it difficult to halt fraudulent activity once initiated. Easy targets are banks, fintechs, and payment providers such as sending PSPs that facilitate real-time payments and transactions, Clearing House Automated Payment System (CHAPS) in the UK, or other payment methods.

These stakeholders have been preparing for the liability shifts by taking steps to mitigate financial losses that could arise from fraud, gross negligence or omissions. Ideally, US industry can come to agreement on appropriate self-regulation prior to legislation and strict enforcement. Zelle has tried to lead the pack in this effort, and I’d imagine will continue to do so, in an attempt to help spearhead the industry toward self-governance.

However, as US regulators look toward shifting the scope of responsibility for APP fraud, it might be advantageous for those rule-makers to include additional players who unknowingly contribute to app fraud and app scams. I’d imagine, the broader the liability shift, the more positive the impact to the fight against consumer scams. And the world could benefit from a global “all hands on deck” effort at this time.

Potential discretionary firms include telecom companies like AT&T, Verizon, and T-Mobile, which can help identify suspicious activity through enhanced monitoring of phone numbers and device data. Similarly, email providers such as Gmail, Yahoo, and Hotmail could contribute to fraud prevention by flagging scam-related communications without infringing on privacy laws.

By sharing IP address and device data in real-time with industry partners, these firms could play a pivotal role in reducing the number of consumers victimized by fraudsters through various types of fraud, including social media scams and identity theft.

Involving Ancillary Market Players

Websites like Craigslist, which facilitate transactions for goods like pets and event tickets but often lead to scams, could also be held accountable under the Protecting Consumers from Payment Scams Act. These platforms have long operated under the policy of caveat emptor, or “let the buyer beware,” which has proven insufficient in protecting consumers from app scams and authorized push payment scams.

Merchant acquirers who inadvertently enable fraudulent merchants to enter the financial system could also be included. Once a fraudulent merchant is approved to accept payments, they gain access to unsuspecting consumers’ banking and credit card information, potentially leading to further financial fraud and identity theft.

Holding these entities accountable could strengthen the integrity of payment systems and enhance protections for victims of app fraud.

What Measures Can Firms Take to Prevent App Fraud?

How about companies like Telegram that have helped fuel bad actor education and enlist willing participants to victimize consumers? Would they be considered as another firm that materially helps facilitate the payments?

The French may think so.

The recent airport arrest of Telegram’s billionaire CEO Pavel Durov in that country highlights the French government’s effort to quell bad actors’ abilities to share information on how to perpetrate fraud schemes and build an army to help attack the financial services industry and consumers to drive consumer scams and money muling, among other bad behaviors.

It could be argued that the elimination of Telegram could result in scammers moving even further underground where it might become even harder to detect them. But, a more transparent Telegram and collaboration with regulators would likely benefit the fight against fraud and money laundering.

Here’s another example: In the UK, when a consumer is unable to resolve a complaint directly with their UK finance services provider, they can escalate the issue to the Financial Ombudsman Service (FOS). The FOS investigates the complaint, considers both sides, and makes a decision about funds allocation that is binding on the financial services provider — if the consumer accepts it.

What Measures Are in Place to Protect Consumers from APP Fraud?

The U.S. House Committee on Financial Services’ draft of the Protecting Consumers from Payment Scams Act is the most recent step in the U.S. government’s efforts to shift liability away from consumers for APP fraud. Sponsored by Senators Elizabeth Warren, Richard Blumenthal, and Congresswoman Maxine Waters, the Act primarily targets peer-to-peer payment providers like Zelle, outlining the new requirements for reimbursement.

However, APP fraud losses and the emotional impacts on consumers extend beyond just P2P providers. Zelle, pay.uk, and similar platforms have already taken steps to reduce consumer impact through rule changes and costly educational initiatives, but the burden of industry-wide fraud prevention cannot rest solely on their shoulders.

The problem of consumer scams is more extensive than just peer-to-peer payment providers, and a broader perspective, combined with a long-term approach to regulation development or self-regulation by the industry, may offer a more effective solution. Including a wider range of ancillary market players in the fight against fraud and encouraging broader fraud and scam data sharing could optimize overall efforts to protect consumers.

By expanding the scope of accountability to include additional market players and ancillary firms, regulators can promote a more comprehensive approach to fraud prevention and better protect consumers from the growing threat of scams and fraudulent transactions.

What Is the Contingent Reimbursement Model?

Consumer protection and reimbursement rules are crucial for safeguarding consumers from financial losses due to fraud, particularly in scenarios involving APP scams.

In the absence of incentives, mandatory reimbursement requirements set a standard that ensures victims are compensated when fraud occurs, regardless of fault, aligning with a broader consumer protection agenda.

However, not all cases qualify for automatic reimbursement; under the contingent reimbursement model, reimbursement is conditional based on specific criteria, such as the consumer not exhibiting gross negligence.

Reimbursement rules define the conditions and reimbursement levels that determine how much victims will receive, aiming to strike a balance between protecting consumers and managing financial risks for financial institutions. These frameworks are designed to hold relevant parties accountable while providing a clear pathway for dispute resolution and compensation, ultimately enhancing trust in payment systems and reducing the burden on the victim of an APP scam.

To solidify consumer protections, reimbursement rules are often accompanied by detailed policy statements that outline the specific processes and conditions under which reimbursements will occur. These policies typically define the timeframe for action, such as requiring financial institutions to respond and process reimbursement claims within a set number of business days — with the goal of ensuring timely compensation for victims. Law enforcement may also get involved when fraud cases involve criminal activity.

Reimbursement decisions are frequently handled on a case-by-case basis, and institutions can assess each claim individually, taking into account the unique circumstances surrounding a fraud incident.

How Can Companies Combat APP Fraud?

A quote from Helen Keller sums up the collaborative value of companies like DataVisor: “Alone we can do so little; together we can do so much.”

DataVisor operates as an elegant orchestration engine, empowering financial services, banks, and fintech industries to enhance their data through a seamlessly integrated feature development platform.

Utilizing AI, advanced supervised and unsupervised machine learning algorithms, and sophisticated knowledge graphs, DataVisor enables stakeholders to identify, manage, and prevent fraud efficiently across various scenarios, including APP fraud and account takeovers.

By partnering with customers and integrating third-party data and solutions, DataVisor strengthens fraud decision-making processes and helps identify multiple types of fraud in real-time. As regulatory requirements evolve, active communication between regulators and the financial services industry will be key in driving better fraud strategies that protect both companies and vulnerable customers and consumers. Together, stakeholders can significantly enhance fraud prevention efforts, reduce financial losses, and create a more secure financial ecosystem.

The Protecting Consumers from Payment Scams Act represents a critical opportunity for stakeholders to unite in the fight against fraud. By broadening the definition of who is accountable for fraudulent transactions and incorporating advanced fraud detection solutions like DataVisor, the financial services industry can foster a more resilient ecosystem that prioritizes consumer protection and minimizes the impact of app scams and payment fraud.