Payments View - October 2022

We’re heading to Vegas for Money 20/20 next week but before we go, we have a bumper edition of Payments View which includes updates on the next steps for APP fraud and Confirmation of Payee, guidance from the PSR on digitisation, new requirements in the card-acquiring market, and consultations on the future of Open Banking and Open Finance.

If any of the topics below spark further questions, please don’t hesitate to reach out to us.

Mandatory refunds for APP fraud

The PSR has published its latest consultation paper (CP22/4) which proposes significant changes in addressing authorised push payment (“APP”) fraud, in particular the mandatory reimbursement of consumers in almost all cases where they have fallen victim to such scams.

Under the consultation, PSPs will be required to reimburse victims of APP fraud where payment is made over Faster Payments. This will be subject to very limited exceptions and will apply to all PSPs (including indirect access providers) – a significant expansion on the current, voluntary model of the Contingent Reimbursement Model for Authorised Push Payment Scams (the “Code”). Firms will, generally, need to refund the consumer within 48 hours of the fraud being reported and costs will be expanded from sending firms, to now both sending and receiving PSPs, with an assumed but negotiable 50:50 split.

The PSR is proposing some practical limits and will allow PSPs to:

• set a minimum threshold for reimbursement (of no more than £100);
• withhold an ‘excess’ (of no more than £35); and
• set a time limit for claims (of not less than 13 months).

Instances of ‘first party fraud’ will be exempt from this requirement, as will situations where the consumer acted with “gross negligence” in making the payment. However, the PSR have deliberately not defined what this means and have stated that it is expected to apply in only a minority of cases. In terms of guidance, the PSR notes that this is intended to be “a higher standard than the standard of negligence under common law. The customer needs to have shown a very significant degree of carelessness”.

The PSR also propose that vulnerable customers cannot be exempt on the basis of ‘gross negligence’, i.e. they will always have to be refunded unless they have engaged in first party fraud. The definition of ‘vulnerable customers’ is proposed to be expanded from the Code’s definition to the more expansive definition used by the FCA for greater consistency – particularly with the incoming changes of the Consumer Duty.

The consultation paper acknowledges that the changes may mean that “PSPs refuse more payment orders than now – those that they consider suspicious”, but made clear that PSPs should not refuse or deny services to certain types of consumers (such as the elderly) just to reduce the number of APP scams.

In short, PSPs will be on the hook for what is at the minute an ever increasing liability with little if any responsibility being placed on customers.

If the Government’s Financial Services and Markets Bill (which we updated on in the last edition) comes into force next spring, the PSR will be looking to make regulatory requirements to give effect to its proposals in Q2 2023. The PSR will also ask some PSPs to submit (as of now unspecified) data on APP fraud in spring 2023.

The consultation is open until 25 November 2022. This is a huge proposed change for the industry which will introduce significant costs for all PSPs and may have unintended consequences for the wider payments sector – please do reach out with any initial concerns on the measures or questions about how the proposed changes would interact with other regulatory requirements, such as the Consumer Duty.

Confirmation of Payee introduced for 400 firms

The PSR has confirmed its plans, first raised in May this year (CP22/2), that will see around 400 more financial firms be required to use the name checking service Confirmation of Payee (CoP) as ‘an essential fraud protection measure’.

We covered the consultation paper in an earlier edition of Payments View, but it is important to note the extensive scope of this new requirement with all PSPs who use either unique sort codes or alternative reference information eventually coming into scope. There has also been a significant acceleration of the implementation timeframe - the 50 firms listed as ‘Group 1’ will need to have implemented systems by 31 October 2023 with the remaining 350 required to have done so by the same date in 2024.

Genevieve Marjoribanks, Head of Policy at the PSR, previously said that “those that have not yet introduced Confirmation of Payee need to step up to make sure their customers are protected. All consumers should expect to see Confirmation of Payee checks happening when they make payments, regardless of who they use to make the transfer.”

The PSR have said they will monitor how firms implement the system and will step in where necessary.

This shift towards CoP as the industry standard – at least in the UK - also has implications for both the Consumer Duty and the proposed reimbursement requirement for APP fraud.

The future of digital payments

Chris Hemsley (Managing Director of the PSR) delivered a speech on the transition towards greater use of digital payments which gave interesting context to the PSR’s current work on the digitisation of payments, APP fraud and ensuring effective competition (particularly in the card acquisition market); all of which are covered in this edition of Payments View.

Digitisation - the PSR believes that access to cash remains a concern, particularly for vulnerable customers and as many more people will find it easier to budget in cash given the current cost of living crisis. This concern is in line with the Government’s plans in the Financial Services and Markets Bill to introduce a requirement on larger banks to protect cash access for their customers (covered in our June edition). Separately the FCA published guidance for banks that are considering branch or ATM closures, particularly reminding firms that if branch closures are considered then alternatives (such as banking hubs) need to be delivered as a priority.

Fraud - APP fraud has now overtaken unauthorised card fraud with an increase of 39% between 2020 and 2021 and nearly 196,000 reported cases last year with losses totalling £580m. The need for the significant changes proposed by CP22/4 (covered above) was a key message of the speech, particularly that of broadening the scope to include receiving firms. Interestingly, consumers were noted as still needing to take caution when sending payments - unlikely to be where the PSR focuses its attention.

Competition - the PSR’s comments seemed intended to lay the groundwork for PS22/2 on the card-acquiring remedies; released the following week and covered below. In his speech, he noted that “many merchants find it too difficult to shop around and switch provider. So we have set out a package of reforms to boost competition – improving transparency and reducing contractual barriers to switching” with the aim of helping businesses secure a better deal when accepting digital payments.

In sum, the focus of the speech was that the transition to digital will be a success for more people, “if we can unlock the power of competition, tackle fraud and unlock the full potential of technologies such as Open Banking”. With the ever increasing focus on consumer protection it will be interesting to see how this balance is achieved.

Greater clarity for merchants in card-acquiring market with new requirements in PS22/2

The PSR published policy statement (PS22/2) setting out its final decision on remedies for the card-acquiring market. This follows its findings in November 2021 that the market does not work well for merchants who have an annual card turnover of below £50 million. The policy statement is focused on improving the availability of information to merchants as well as facilitating easier changes of card providers.

The remedies are broadly unchanged from those proposed in the consultation paper published this June (CP22/3) and cover:

• Greater transparency to improve comparison - Summary boxes containing bespoke key price and non-price information are now mandated to be sent individually to each merchant and made available in their account. Merchants will be able to use the summary boxes alongside new online quotation tools (which providers will also be required to make available) to help compare all available offerings. Proposals for the PSR to mandate measures to develop comparison tools across the industry were previously dropped by the PSR in CP22/3. Implementation is required by July 2023.
• Greater engagement - Trigger messages to prompt merchants to shop around and/or switch need to be sent to merchants and shown prominently in their online account. These messages must be provided at least once every 30 calendar days or linked to minimum contract term expiry dates. Implementation is required by July 2023.
• Easier changes to providers - A maximum duration of 18 months for point-of-sale (POS) terminal lease and rental contracts has been introduced with maximum one-month notice after any renewal. Implementation is required by January 2023.

These will be implemented through Specific Directions 14 – 16 with advice on the format and content also having been published by the PSR. The remedies only apply to the 14 providers listed in the Specific Directions (and their associated companies and contracted ISOs) with a General Direction to the whole market not required as these providers account for around 95% of retailer transactions in the UK.

Open Finance policy sprint

Next month (8 – 9 November) the FCA are hosting a two-day, in-person policy sprint on Open Finance, focusing on the balance between regulation and industry-led initiatives and, in particular:

• the way in which Open Finance (and its features of a data sharing ecosystem) can be used to empower consumers;
• what ‘standards, governance and interoperability’ are needed to develop an Open Finance ecosystem – incentivising participation and minimising risks to consumers; and
• the implementation and monitoring of data sharing and, within this, the role of third parties (e.g. FinTech).

Open Finance comes as the next wave of data democratisation in finance; offering to expand access to customer data from that enabled by Open Banking into the wider ecosystem of savings accounts, investments, mortgages and more. The FCA have said that Open Finance has “the potential to transform the way consumers and businesses use financial services”.

Short notice but if you are interested in participating, you can apply to attend by Friday 21 October here.

Update on Open Banking sprints

If you can’t wait till the FCA’s sprint to get your fix of payments-related policy discussions, then the Open Banking SWG’s series of sprints on the Future of Open Banking are currently ongoing.

We provided an update on the SWG in our last edition and plan to cover these discussions once the SWG’s feedback has been provided to the JROC later this year. In the meantime, however, minutes from the first three sprints can be found here:

• Payments strategy minutes.
• Ecosystem strategy minutes.
• Data strategy minutes.

Text of the Digital Markets Act (DMA) published

Slightly off topic but likely to be relevant to the payments sector as a whole, the text of the adopted DMA has been published by the EU, which we have covered here and in a briefing document here. These provisions apply from 2 May 2023.

As you may be aware, the DMA introduces requirements on companies with significant digital offerings in the EU (but with many UK/US-based entities still likely to be affected). These requirements are exceptionally broad, covering prohibitions on most-favoured nation clauses, tying, interoperability restrictions, use of competitors’ data or on self-preferencing, as well as obligations on providing information on user data and on performance data and FRAND conditions.

If you have any concerns about the DMA and its obligations or if you had any questions on its scope please reach out to us here.

News Flash

• Kate Fitzgerald has been confirmed as the PSR’s Head of Policy (she had held the role in an interim capacity).
• Charlotte Crosswell (Chair and Trustee of OBIE) has given a speech on how the innovation of Open Banking will be key to future UK growth.
• The PSR published two further blog posts in their series of ‘Unlocking Account-to-Account payments’, this month on access and reliability and competitive pricing; we covered the PSR’s last thought piece on retail disputes in our last edition of Payments View.
• Mastercard has announced Mastercard Crypto Secure which provides issuers with a dashboard offering that shows where their cardholders are buying cryptocurrency.
• The FCA’s Annual Public Meeting was held with opening remarks from Nikhil Rathi (on the “once-in-100 year events [faced] every few months recently”) and Richard Lloyd (touching on the “urgent” need for legislation bringing BNPL into regulation).
• Raconteur have published their annual Future of Payments report, this year focusing on Web 3.0, AI and cross-border payments.