In early February, The Guardian’s Shane Hickey had a story about one particularly malicious scam targeting British families.
The “Please, Mum!” scam is straightforward enough: Bots on WhatsApp or SMS channels message phone numbers claiming to be loved ones who are in trouble. Once a victim responds, a human fraudster takes over to add detail to the story and make direct pleas for money.
Hickey, citing a source at Lloyds Bank, reported that the average loss from this scam was nearly £2,000.
Something that stood out about this story was the role WhatsApp assumed. Because of the rising instances of such scams, WhatsApp launched a public awareness campaign in the UK in late 2021 called “Stop. Think. Call.” that aimed to give potential victims tools for handling messages from scammers. In doing so, WhatsApp tacitly acknowledged its role in protecting their users from these scams.
This begs interesting questions.
When a person is tricked into sending money to a scammer, there is clearly a need for justice. But who is ultimately responsible for bearing the cost of carrying out that justice? In the scam above, there are at least four parties, each with some obligation to justice:
- The scammer. Even if every scammer on Earth were caught tomorrow, it’s unlikely that someone could wring sufficient financial restitution from them. What else can be done to compensate the victim?
- The bank. In the UK, banks have a (contingent) voluntary reimbursement model for calculating how much they should pay out to fraud victims. Is this enough, as not all banks are signed up to the code?
- The messaging platform. In this case, WhatsApp’s campaign underscores the importance of vigilance from the user. But does a messaging platform bear more responsibility when a user gets scammed?
- The victim. Even the most vigilant people can be scammed. Morally and legally, how much of that £2,000 loss should the average victim have to write off?
These are the kinds of questions banks, regulators and lawmakers are asking today, and these are the kinds of questions that will shape financial regulations in the years to come.
At the beginning of the year, Featurespace Founder David Excell predicted that banks would begin to advocate for new, stronger laws that provide protection for consumers and help financial institutions bear the costs of fraud losses.
Below are four countries — Singapore, Australia, the United Arab Emirates and the United Kingdom — where such laws are emerging. It’s worth following these legal developments now because what happens in those countries is likely to shape the global regulatory environment.
In early February, the Monetary Authority of Singapore (MAS) published “A Framework for Equitable Sharing of Losses Arising from Scams” that provides an outline for how the country will adjudicate instances of fraud loss.
According to the framework, all parties bear some responsibility, and how much each of those parties pays in a given case “will depend on whether and how the party has fallen short of its responsibilities,” MAS writes.
“MAS expects financial institutions to treat their customers fairly and bear an appropriate proportion of losses arising from scams. At the same time, care must be taken to ensure that compensation paid to customers does not weaken their incentive for all to be vigilant.”
The authority plans to publish a full version of the framework in the coming months.
Also in early February, The Sydney Morning Herald’s Charlotte Grieve reported on documents obtained from the Australian Securities and Investments Commission (ASIC) regarding proposed new scam liability regulations for banks, and those banks’ “strong opposition” to it.
The proposal itself came about, Grieve reported, because ASIC is reviewing the country’s ePayments code, a voluntary agreement that details practices for safeguarding consumers who make digital payments.
According to one document Grieve quoted from, “ASIC noted banks claimed accepting liability for ‘preventing customers from falling victim to scams is problematic, as it raises moral hazard issues (i.e., there is a risk that customers take less care if they know they will always be backed by their [authorized deposit-taking institution]).’”
This is similar to the balance MAS mentions, and it begs another question: Is there an equilibrium of responsibilities that ensures fair compensation to victims without allowing anyone to get complacent about their own obligations to justice?
United Arab Emirates
The Central Bank of the UAE (CB UAE) have also published regulations pertaining to the formalization of Consumer Protection in the region:
The regulation is intended to ensure protection of consumers’ interests in their use of any financial product and/or service or relationship with Licensed Financial Institutions.
Key to these are stringent controls on fraud detection, investigation and reporting stating that
Licensed Financial Institutions must compensate consumers in a timely manner for financial losses and expenses resulting from financial crimes, misappropriation, cyber-attacks and misuse of assets and information unless it can be proven that the loss was due to the gross negligence or fraudulent behavior of the consumers.
In November 2021, the UK Parliament announced plans to legislate for mandatory reimbursement in cases of authorized push payment (APP) fraud, which is what the “Please, Mum!” scam falls under.
Three months later, the Treasury Select Committee published a report calling for more haste and outlining specific proposals for the UK government, which include:
- An amendment to the Draft Online Safety Bill that would force businesses “to be proactive rather than reactive in removing [fraud] from their platforms.”
- An assessment of whether social media platforms should have their own KYC rules.
- A recommendation that the government “seriously consider whether online companies should be required to contribute compensation when fraud is conducted using their platforms.”
So, here we have MPs asking whether platforms like WhatsApp should share in the financial burden that fraud places on society as a whole.
Machine learning’s role in an evolving regulatory environment
In all three cases, the government has indicated that banks, tech companies and consumers all have a role to play in mitigating fraud losses. The proportion of responsibility that each bears remains an open question.
In any case, there is a clear trend: Governments are asking financial institutions and tech companies to assume a more proactive role in detecting and preventing fraud.
This is exactly what we built ARIC™ Risk Hub to do. Our Adaptive Behavioral Analytics and Automated Deep Behavioral Networks monitors customer data in real time so that banks can spot suspicious activity, prioritize alerts and often intervene before money leaves a customer’s account.
To learn more, request a demo today.