Open banking and fraud: A response to the UK government’s new Fraud Strategy

At the beginning of this month, UK Prime Minister Rishi Sunak outlined his government’s new Fraud Strategy. It’s a clear sign that fraud, which costs the country almost £7bn a year, and accounts for more than 40% of all its crime, is being treated as a political priority.

Aiming to cut 2019 fraud levels by 10% in less than two years, the strategy proposes everything from the establishment of a new national fraud squad to tech firms giving their customers extra protection. It also says that banks need more time to process payments so that suspicious transactions can be properly investigated.

The changing nature of payment fraud

There’s no doubt that new measures are needed. As the strategy itself explains, the nature of payment fraud is changing. There’s been a swing from unauthorised fraud – where a payment is made using a stolen card – to authorised push payment (APP) fraud, where fraudsters persuade their victims to authorise payments themselves.

It’s clear, too, that a coordinated response from government and industry is needed to tackle fraud’s ongoing evolution. We recognise that, as a Payment Service Provider (PSP), we have a duty of care to our merchants. We are one of those tech firms that needs to offer extra protection.

Open banking: inherently more secure than card payments

We’re fortunate to operate in the open banking space, where consumer-to-business payments inherently benefit from bank-grade security, and which don’t come with the same risks as cards. APP fraud, meanwhile, is largely prevented by the fact that, as an open banking provider, we do our due diligence on our business customers. There’s very little possibility that a merchant using Volt-powered open banking payments could commit APP fraud.

We know, however, that we cannot rest on our laurels. Fraudsters proactively adapt. So must we. We have to acknowledge the possibility of account takeovers and, at the other end of the value chain, criminals targeting banks’ own PSD2 implementations for PIS.

This is why, back in 2021, we launched Circuit Breaker – open banking’s first fraud prevention tool. Aside from allowing merchants to block confirmed fraudsters, it enables them to score transactions based on their circumstances and appetite for risk. If a transaction goes above a certain score, it gets blocked.

Intelligent fraud prevention = merchant satisfaction

It’s a product we’re constantly evolving in line with merchant feedback and wider fraud trends. In March this year, for example, we launched ‘allowlists’. These enable merchants to approve payments that would have otherwise been blocked, based on very specific criteria. It’s a recognition of the fact that fraud prevention is complicated. In certain industries in particular, there’s often a fine line between what appears suspicious and what is in fact completely legitimate. We owe it to our merchants to get this right. Their satisfaction depends on it.

Part of the Fraud Strategy’s recommendations is for PSPs to “adopt a new risk-based approach to provide additional time for potentially fraudulent payments to be investigated”. Circuit Breaker technically goes above and beyond this; its own risk-based approach is what recognises and subsequently blocks fraudulent transactions, without them needing to be investigated.

By filtering transactions ‘at the gate’ before they’re sent to the bank, Circuit Breaker offers a key additional benefit. A problem with the European banking system is its inhomogeneity: different banks in different jurisdictions have different anti-fraud systems, and some work better than others. Circuit Breaker, by virtue of when it’s actioned, helps overcome this.

Open banking will be at the forefront of fraud prevention

The government’s strategy goes on to say that “the financial sector has invested in resourcing and new technologies to better identify and block suspicious payments”. Circuit Breaker is a very specific example of this, alongside mandated, widely implemented initiatives such as Strong Customer Authentication (SCA).

Again, we have the luxury of operating within the open banking space, where payments benefit from embedded two-factor authentication (an important part of SCA), no chargebacks, no manual data entry (typing out card numbers and/or CVV codes isn’t necessary), and no storing of sensitive data. Fraudsters are left with nothing to work with.

We believe these inherent anti-fraud benefits, combined with well-architected products such as Circuit Breaker, can go a long way to reducing the impact of online payment fraud – especially with the shift from card to account-to-account payments firmly underway. The UK government’s proactivity, and the measures it’s suggesting, can only help in this regard.

The government’s Fraud Strategy was published on 3rd May 2023. It can be read in full on the government’s website.