As the epidemic of online fraud escalates, it is increasingly clear that the financial services sector alone cannot – and should not – be expected to shoulder the entire burden of compensation.
With authorised push payment (APP) fraud reaching unprecedented levels, particularly in the UK, there is growing frustration within the banking sector over the refusal of other digital ecosystem players, especially social media platforms and telecom providers, to play their part.
Singaporean Contrast
A glance at Singapore provides a compelling contrast.
The city-state’s new Shared Responsibility Framework (SRF) mandates clear and specific duties for financial institutions, payment service providers, and telcos in the fight against phishing and social engineering scams.
Crucially, it introduces a conditional compensation model: if ecosystem participants fulfil their duties under the framework, the consumer bears the loss.
But if they fall short, they share in the liability.
This “if you fail, you pay” model introduces both accountability and incentive – elements sorely missing in many Western regimes.
UK’s Updated Model
By comparison, the UK’s updated “contingent reimbursement model” now obliges PSPs to compensate APP fraud victims in most cases, splitting the cost between sending and receiving institutions.
While well-intentioned, this reform places the financial sector firmly on the hook, despite mounting evidence that the origins of fraud typically lie elsewhere – most often on social media platforms.
Who is to Blame?
UK Finance reports that nearly 70% of APP fraud involves goods that never arrive, with Lloyds and TSB pointing to Facebook Marketplace as a primary vector.
TSB, in fact, attributes 80% of its social engineering fraud cases to Meta-owned platforms.
Revolut’s latest Consumer Security and Financial Crime Report brings this issue into sharp focus.
In the H2 2024, over half of all fraud cases reported to the neobank stemmed from Meta’s ecosystem: Facebook, Instagram, and WhatsApp.
Telegram, too, witnessed a 121% surge in fraud, with WhatsApp fraud rising by 67%. These are not isolated incidents but part of a well-established pattern of exploitation.
The problem is not simply technological. It is systemic.
Financial institutions are held to exacting regulatory standards while digital platforms – often where the fraudulent journey begins – remain largely unaccountable.
Calls for a more balanced approach are intensifying.
Revolut, alongside other institutions, has demanded a shift from voluntary charters to binding obligations.
It advocates advertiser verification, proactive content moderation, and, critically, a shared duty to compensate victims.
Despite encouraging signs – such as the UK’s Online Fraud Charter and murmurs from the Payment Systems Regulator about levies on Big Tech – progress remains tentative.
PSR’s David Geale admits that holding platforms liable is “complicated,” but also “one of the options that should be considered.”
The UK should stop dithering.
Digital crime is evolving, fast. We need robust digital identity systems, coordinated industry action, and, above all, the political will to hold every player in the fraud ecosystem accountable.
Singapore has shown that such a model is not only possible but effective. The question is not whether platforms should contribute – it’s why they’ve been allowed not to for so long.
The post Rethinking fraud: It’s time to share the burden appeared first on Payments Cards & Mobile.
