RSM UK calls for tighter control over social media ads to protect against scams

16 November 2022

Data obtained from the Financial Ombudsman Service under a Freedom of Information request by RSM UK illustrates the rapid growth of authorised push payment (APP) fraud. The number of complaints to the Financial Ombudsman Service regarding authorised push payment (APP) scams has increased 78% since 2019, from 4,011 to 7,123 so far in 2022*. RSM UK says tighter regulation of social media platforms is essential to protect consumers and businesses from scam ads designed to dupe them into sending money. 

Earlier this year, the Payment Systems Regulator (PSR) set out its proposals to help more scam victims get their money back, by requiring reimbursement in all but exceptional cases. This would improve the protection for victims, while also incentivising banks and building societies to work harder to prevent APP scams. It could also encourage financial institutions to invest more in fraud prevention and detection methods. 

Erin Sims, Associate Director of Fraud Risk Services at RSM UK, says: ‘The protection currently proposed by the Payment Systems Regulator would be strengthened further if the Financial Services and Markets Bill was brought into UK law. This legislation would be teamed with the Online Safety Bill, which is currently making its way rather slowly through parliament. One of the aims of the Online Safety Bill is to ensure large social media companies and search engines include systems to prevent fraudulent adverts being hosted on their platforms. As Christmas approaches, this is urgently needed to stop scammers before consumers part with their hard-earned cash.’

Authorised push payment (APP) or bank transfer scams occur when a criminal tricks an individual into sending a payment from their account to the criminal’s. These can take many forms including retail scams, phishing emails, romance scams and fake investments. For businesses, they often include criminals sending emails claiming to be from the CEO or finance director, requesting an urgent payment or change of payment details, to someone in the finance team of that same organisation.  

Since 2019, when the Financial Service Ombudsman began collating the data, the number of complaints relating to APP scams has risen by around 50% each year. Over half of these complaints (55%) were upheld by the Ombudsman. 

The increase in complaints to the FOS likely represents a fraction of the actual number of cases where banks have refused reimbursement. This suggests victims may not know where to turn for further help if their bank seems unwilling to offer a refund. Since 2019, many UK banks have signed up to reimburse APP scam victims under a voluntary code called the Contingent Reimbursement Model (CRM). Despite this, the PSR states that only 46% of customers are reimbursed for APP scams.

Erin Sims continues: ‘While the Ombudsman’s data shows a marked increase in APP scam complaints, it doesn’t capture the whole picture, as complaints to the FOS only occur when the customer failed to receive a satisfactory response to their initial complaint from their bank. Many customers don’t take matters further in these types of frauds, either due to the perceived stigma attached to being scammed in this way, or because they don’t know where to turn for further help. Sadly, there may be many others who fall victim who don’t complain at all, and simply write off the lost money.’ 

Data from UK Finance** illustrates that last year there was a total of 195,996 APP scams, with almost £506 million stolen from private individuals and over £77 million defrauded from businesses. This is a 39% increase in the value of funds stolen, and a 27% increase in the number of cases, compared to the previous year. Whilst the UK Finance data shows that APP fraud had fallen in the first half of 2022, it is still up 30% on 2020 figures.

Erin Sims concludes: ‘An economic crisis for businesses, a cost-of-living crisis for individuals, the war in Ukraine and the rise in home working during the pandemic all combine to create a perfect storm for increased risk of fraud and cybercrime. For businesses, it is now a case of when, not if, they will fall victim, so they need a clear and robust plan in place. APP scams are hugely damaging, both financially and reputationally for businesses, and for individuals, the impact can be devastating. There is much debate on the levels of liability for APP fraud, and while the CRM code was a positive step to reimbursing victims, greater focus on prevention is needed.’