This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Jon Felce

Partner, Cooke, Young & Keidan

Rosie Wild

Partner, Cooke, Young & Keidan

Quotation Marks
It is not yet clear how any model that requires tech companies to contribute to the reimbursement of fraud victims would work or which tech companies would be caught

The reimbursement burden in the wake of increased authorised push payment fraud: are tech companies the new target in town?

Opinion
Share:
The reimbursement burden in the wake of increased authorised push payment fraud: are tech companies the new target in town?

By and

Jon Felce and Rosie Wild, partners at specialist disputes firm CYK, discuss the new Labour government’s reported plans to shift some of the burden of compensating victims onto tech companies, and the possible implications of doing so

Introduction

The rise of authorised push payment (APP) fraud over recent years has left many victims in despair over how to get their money back. According to UK Finance’s Annual Fraud Report, published in June 2024, APP fraud in 2023 was the most common type of financial fraud in the UK, with losses totalling an estimated £459.7 million.

Until now, when not pursuing the fraudsters themselves, the focus for recovery has been the banks, both the victim’s bank and in some cases, the bank of the fraudster to which the funds have been sent. However, there have also been recent headlines about the new Labour government’s plans to shift some of the focus for combating online fraud and compensating victims onto ‘big tech companies’, who according to a leaked Labour Party paper ‘contribute very little’ to tackling online fraud or compensating victims.

In this article, we consider how this might work in practice, and whether this might lead to better prospects of recovery for victims of APP fraud.

The current position for victims of APP fraud

Putting to one side claims against the fraudsters themselves, victims of APP fraud have a variety of potential schemes theoretically available to them insofar as financial institutions are concerned, including:

  • using the Contingent Reimbursement Model, a voluntary code introduced in 2019, which led to £256.5 million being returned to victims in 2023;
  • legislation scheduled to come into force in October, which will mean that banks will have to reimburse eligible fraud victims for claims worth up to £415,000; and
  • the Financial Ombudsman.

However, there are notable limits to each of the schemes above, including compensation limits, and eligibility criteria. A discussion of these limits falls outside the scope of this article, but such issues often mean that victims’ primary focus ends up being the pursuit of legal claims against either the victim’s own bank or the fraudster’s bank. Whether or not the banks are liable will often turn on the facts, and there are a number of legal nuances with which victims need to grapple. That said, there has been a wealthy of recent case law in this regard, and three cases this year appear to be helpful to victims, in the right circumstances.

Should the banks bear the reimbursement burden alone?

With banks in the firing line, earlier this year and before July’s general election, the Financial Times reported on a leaked Labour Party paper, one of the focuses of which was on making ‘big tech companies’ assume a share of the responsibility for APP fraud. Meanwhile in July, the UK Payments Association issued a plea to the Chancellor to impose a ‘tech levy’ on social media giants to pay for the impact of payments fraud originating from their platforms.

Banks have, unsurprisingly, supported this increased focus on tech companies, arguing that making the tech sector contribute would give it an incentive to stop fraud from flourishing in the first place. For example, this could increase the prompt detection and immediate removal of fraudulent ads, not least because a lot of APP fraud stems from false advertisements posted on social media platforms, including Facebook Marketplace and Instagram.

It is not yet clear how any model that requires tech companies to contribute to the reimbursement of fraud victims would work or which tech companies would be caught. Despite the aforementioned suggestion of a ‘tech levy’, the leaked paper outlined a proposal under which banks would still have to refund fraud victims but could later recoup some money from tech companies. Banks and payment companies would regularly submit evidence to an oversight body, which would then determine how much tech companies should contribute. This could generate disputes between banks (of both the victims and fraudsters) and tech companies as to their relative culpability, or indeed between victims and tech companies where the losses exceed compensation limits, and – depending on which tech companies are affected – could be an unsustainable financial burden for many smaller tech companies.

Whilst these proposals seem at a very early stage, and will no doubt have their limits like other schemes, any developments designed to compensate can only be a good thing for victims of fraud.