5 min read

What voluntary reimbursement rates reveal about APP fraud

Jacob Story
Jacob Story
Head of Content

Forthcoming changes to UK legislation, which will make reimbursement for APP fraud compulsory from October 7th, are a hot topic in the financial crime space.

Before mandatory reimbursement launches, the Financial Times wrote a piece on the current reimbursement rates. It highlights how some UK banks fully refund fraud losses in less than 10% of cases, while some are refunding over 90% of the time.

To understand what this shows, and get an idea of how banks and fintechs can respond, Jacob Story, Head of Content at Salv, caught up with Taavi Tamkivi, Salv’s Co-Founder and CEO.

Watch the interview using the video below. If you’d prefer to read through Jacob and Taavi’s conversation, check out the table of contents on the right-hand side of this page.


Jacob: I’m excited to speak to you this morning. Last week the FT wrote an interesting piece on fraud reimbursement. The piece highlights how some UK banks fully refund fraud losses in less than 10% of cases, while some are refunding over 90% of the time.

In general, reimbursement has been rising, but clearly, when you get into the detail there’s a lot more to this.

So why do smaller banking firms have higher rates of receiving fraud than larger ones?

Taavi: I think it’s really great that the Financial Times is focusing on this topic on a regular basis and keeps everyone’s attention on this massive problem, which is still rising.

One reason why smaller firms might receive higher fraud rates is that they are being used as money mule accounts. Often, large banks are holding accounts for the victims whose money gets stolen. The smaller firms are being used to launder this money away from these large banks. And they’re being used like honeypots maybe.

And that’s basically the role [of smaller banks] in this fraud schema. It’s quite different from the large institutions—that’s the main conclusion. When I speak with the financial institutions in the market, then very clearly people working in the large banks, always call out for five smaller financial institutions who are being used as honeypots for their clients to steal money away from them.

Honeypot companies are actually the ones where the [APP fraud] rates are much higher than the classical banks.

How can banks, fintechs, and PSPs protect consumers more effectively in the first place?

Taavi: Protecting consumers in the first place is getting to a better level. There’s always proactive communication with the clients on the media and advertising.

When I log into my own banking app on the phone or website, I always see a message popping up to be cautious of this kind of scam. So this proactive education is happening to a pretty good level. Also, financial unions like UK Finance and similar organizations are training consumers.

Unfortunately, that’s not enough. And then the crime is still happening. So the bigger question is actually not how to train and how to educate and how to prevent the fraud, but actually how to react to it, how to stop it, and how to recover funds for the banks themselves.

That’s the bigger challenge that, I think, the industry is trying to resolve right now.

Salv Bridge

Recover 80% more stolen funds

LEARN MORE
bridge product mockup

If you were a Head of Financial Crime, how would you start getting on top of this challenge?

Taavi: I would ask myself: what are the main drivers for my decisions? And I can think of three main motivators to fight this type of fraud.

One is economic loss, direct financial loss that my company might suffer or my clients might suffer. And basically, it ends up in the P&L for my company. The second reason might be that actually my company’s financial license depends on that.

In the AML space, the AML people know that really well. In fraud, it hasn’t been seen as that big of a problem yet. But I suspect that over the years, if the fraud is not controlled properly, then actually this kind of failure to stop it will start impacting regulations and licensing. And the third driver can be that actually there’s public pressure, like creating a negative impression on the market or on me for the market.

That’s what we see here in the Financial Times article as well, that maybe companies, if I would feel if I would work in a company where the reimbursement rates are very low, then I would be maybe shamed. Maybe I would get hammered by my C-level team, like ‘Guys, you should fix this. Otherwise, we look bad compared to our competitors.’

So these are like the three main levers and drivers. What triggers my counter activities will differ slightly based on the main driver. But while saying that, everyone in the market now agrees that there’s more collaboration needed and more intelligence sharing between banks, fintechs, payment service providers, and banking as a service providers. Because everyone sees that this [stolen] money is moving from one institution to another.

And I would like to ask from my neighbour bank or neighbour fintech, where did it go or where did it come from? So that’s definitely something I’m looking to build up as a head of the anti-fraud team to collaborate more with my colleagues.

Is there anything you’d like to add before we finish this Q&A?

Taavi: I think one important factor, especially for the specialists and the leaders in our space, is to keep in mind that there are things that didn’t come out from the article itself, which is reimbursement for the customers or for the people whose money got stolen.

The other part is: what’s the portion of money that banks or fintechs themselves can recover? Basically, if they need to pay back 100% of the losses to their customers, it’s fine for the customers. But the question is how much of this money is actually recovered [from the fraudsters] for the financial institutions themselves. So like how effectively can [they] reclaim these funds from other institutions if the fraud was stopped?

If I were a CFO, then that would be an even bigger problem or bigger question for me to resolve, like how much money am I getting back to my bank, regardless of the 100% I need to pay to my customers?

And that’s something that should be like the main KPI to check for the fraud team. And if I were a journalist at the Financial Times, I would really love to ask it from these target companies as well.

Like, okay, your mandatory reimbursement (currently still voluntarily reimbursement) rate is 10%, but how much are you recovering for your accounts?

I don’t know what the answer is, but I have seen banks and fintechs exchange intelligence between themselves. For them, this recovery rate can be up to 80% of all the stolen proceeds, which proves how valuable collaboration is actually.

Salv Bridge

Start sharing intelligence with Salv

LEARN MORE
bridge product mockup
×
ISO/IEC 27001 logo
Aicpa logo
GDPR compliant logo
OWASP logo

We build security to our products and organisation from the start. We use security best practices (incl. ISO 27001, CIS etc.) to ensure that our security management system meets the highest standards.

Salv has an ISO/IEC 27001: 2022 certificate, as well as ISAE 3000 compliant SOC 2 Type 2 report.