I’m sure you’re no stranger to scams – the badly worded emails in your junk folder, texts about missing water bill payments, phone calls about car accidents you’ve never been in. We’ve all been on the receiving end. And with scams covered regularly in newspapers’ consumer pages, or even on dedicated TV shows, it would seem they should be obvious to spot and easy to avoid, right?
How many times have you read an article and said to a friend, ‘They must have been so gullible to fall for that’? Or thought, ‘That’ll never happen to me’?
But, the simple fact is: you’re actually just as likely to fall for a scam as anyone else.
Despite the prevalence of fraud, we find that there is a plethora of myths around the profile of a scam victim. You might have an image in mind yourself – perhaps someone who is elderly or lonely. You wouldn’t be alone in thinking this.
At the Lending Standards Board (LSB), we’ve spent the last five years overseeing the first set of consumer protections against Authorised Push Payment (APP) scams – the Contingent Reimbursement Model Code (CRM Code). The Code puts in place measures for signatory payment service providers to detect, prevent, and respond to successful APP scams, including reimbursing people when they have been a victim of a scam through no fault of their own.
As part of our work with the Code, we often speak to different groups about APP scams. Some of what we heard at our Fraud & Scams Special event for representatives across different sectors earlier this year was fairly typical of what we come across about scam perceptions: when quizzed, four-in-five participants said that they thought you’re more likely to get scammed if you’re older, rather than younger; approaching half thought that women are more at risk than men, with less than a third saying the reverse was true; and a quarter thought you were more likely to be scammed if you didn’t have a degree.
These perceptions are wide of the mark. Whether you’re old or young, male or female, and no matter your level of education, there is a scam designed for you. In fact, the cognitive blind spot created by the assumption that you’re not the type of person who would fall victim to a scam increases the risk you face.
At our event, we put this to the test, asking participants from across the financial services, utilities, insurance and other sectors to assess a series of messages to see if they could identify genuine ones from those sent by fraudsters. In one instance, nearly a third incorrectly identified a scam text as genuine.
We’re all susceptible because scammers use the most sophisticated, manipulative tactics to convince people to hit send on that transaction. Not all scams come in the form of a junk email or dodgy text – scammers can spend months socially engineering people to believe their lies. They use key levers to elicit the desired response from their targets:
- Emotions – seeking to create feelings of excitement, fear or obligation;
- Authority and trust – imitating organisations we have confidence in and expect communication from; and
- Urgency – creating panic to ensure victims don’t have time to think through their decisions.
Scammers can harness the most sophisticated technology and impersonate those we trust to the point that even the most tech and financially savvy of us can be convinced.
The CRM Code & Its Impact
The introduction of the CRM Code in 2019 marked a major milestone in customer protections from scams.
- With the CRM Code in place, reimbursement rates have more-than trebled, with 73% of CRM Code customers’ APP fraud losses reimbursed by PSPs in 2023 – up from just 23% in 2018 (the year before the Code’s launch).
- The average amount of money stolen per reported APP fraud case has tumbled from £4,200 in 2018 to £1,600 in 2023 for customers covered by the CRM Code (and £2,000 for all customers).
- As the CRM Code has bedded in, the amount lost through APP fraud has begun to fall – £460m was stolen in 2023, representing a 20% fall from the 2021 peak.
- The rate at which APP fraud has increased has slowed dramatically, from a runaway 45% year-on-year increase in 2019 to 12% annual growth in 2023.
- The Financial Ombudsman Service (FOS) has noted that over half the complaints received about APP fraud reimbursement come from customers not covered by the CRM Code – while CRM Code customers’ complaints are more likely to be upheld.
Tackling Scams
The efforts made by the financial services to put a stop to APP fraud – which can be devastating for their victims – have had a profound impact on slowing down the growth of these scams, but fraudsters are still walking away with nearly half a billion pounds from APP fraud each year. Building on the momentum created by the introduction of the CRM Code is vital, but it’s not a job for the financial services to tackle alone.
Social media platforms, telecoms firms, utilities companies – indeed, any type of business that is used by scammers to reach individuals – have a significant role to play in tackling fraud, both in terms of highlighting to their customers how to stay safe from scams, and by cracking down on the ways in which scammers exploit their services
There’s a lot of social stigma associated with falling for a scam. Research from the Money and Mental Health Policy Institute found that four-in-ten people who have been on the end of a successful online scam have never reported this, with shame and embarrassment being cited as one of the primary reasons for not speaking up. Breaking down the stigma will help people feel able to share their experiences and to seek the support they need; it’ll help others feel more alert to the fact that scams are all around us and easy to fall for, and it’ll help the financial services and other key sectors get intel on how to further protect customers in the future.
From 7 October, the Payments Systems Regulator (PSR) introduced a new, mandatory requirement for all UK Payment Service Providers to reimburse their customers who become a victim of APP fraud; these changes supersede the CRM Code, which is being retired. Unlike the CRM Code, however, the new framework only contains specific provisions on reimbursement; the CRM Code also set requirements on the steps signatory firms needed to take on prevention and detection. Reimbursement, although crucial to reversing the financial distress of a scam, will not take away that stigma or undo the emotional distress caused by being scammed, and that is why there has never been a more important time for the financial services and other sectors to continue to collaborate in their efforts to prevent and detect fraud and to raise awareness among customers.
If we lose the momentum the CRM Code has created, scammers will continue to refine their tactics and more people, including you and I, will be at risk of losing money. If we work together to raise awareness of scams and how to stay safe, while at the same time erasing the myths associated with scam victims, then scammers thinking they’re one step ahead of us will be the only myth left on the table.