The regulator has opted to phase in new rules which were supposed to be in place from next week.
Financial fraudsters have had a fruitful time in the UK of late.
According to the most recent data from fraud prevention service CIFAS, overall fraud levels rose by 6% in 2018, with more than 323,000 individual cases reported.
Notably identity fraud ‒ where someone poses as you and essentially spends your money ‒ hitting a new record high, having jumped by 8% on the year before.
With CIFAS warning of an “inexorable” rise in fraud, an incoming set of further protections should be welcomed with open arms.
Bringing in Strong Customer Authentication
New rules were supposed to be introduced on 14th September called Strong Customer Authentication (SCA), designed to make payments more secure.
The idea is that when you or I want to use our card to pay for something, extra authentication will be needed, to ensure that it’s really you that’s trying to use the card and not a thief.
So SCA requires at least two of the following three elements: something the shopper knows (such as a password or PIN), something the shopper has (like their phone), and something the shopper is (so using your fingerprint or facial recognition).
The rules apply to ‘customer initiated’ purchases, such as when you are shopping on Amazon.
They don’t apply to direct debits and the like, while there are also exemptions for purchases below €30 though if you make five consecutive payments below that amount, the next payment will then require SCA.
Putting on the brakes
However, last month the Financial Conduct Authority announced that it was going to delay the full implementation of SCA.
Instead, it was allowing payment firms to phase it in at their own pace over the next 18 months.
In other words, while some banks and lenders will have SCA in place and up and running from next week, others might not actually have it properly sorted until March 2021.
Jonathan Davidson, executive director for supervision ‒ retail and authorisations at the FCA, said that while the SCA measures would reduce fraud.
“We want to make sure that they won’t cause material disruption to consumers themselves so have agreed a phased plan for their timely introduction.”
Less carrot, more stick
The fact that payments firms knew about SCA back at the start of 2018 and were apparently dragging their heels to such an extent that the FCA felt it had to go for this fudged approach is deeply concerning.
We know that fraudsters are having a good time of things at the moment, and the reaction to payments firms failing to keep up their end of the bargain should be a little more stick and a lot less carrot in my view.
However, this confused setup is not only delaying the introduction of extra protections, it’s actually giving scammers yet another opportunity to trick people.
Who really sent that email?
Some firms have been on the ball and started communicating with their customers about SCA and what it means for them. I’ve had legitimate emails from Addison Lee, Patreon and American Express about the new rules, for example.
But consumer champion Which? has spotted a host of scam emails from crooks posing as the likes of Santander, HSBC and Bank of Scotland which talk of new security rules coming in and asking recipients to confirm certain details, like their passwords.
Now you and I are probably fairly confident when it comes to spotting these iffy emails and recognising them for the nonsense that they are.
But with the drip, drip, drip of emails mentioning new security rules, both legit and otherwise, it’s easy to see how someone could fall for one of these shady scam emails and end up sharing their info or accidentally downloading some malware.
Getting serious about scams
The authorities, whether that’s the Government or the financial regulators, talk an excellent game when it comes to cracking down on scams. But too often the action taken is half-hearted.
Just look at how long it has taken the Government to actually ban cold calls about pension investments, a problem that has existed from the moment that the pension freedoms were introduced and has cost too many people their entire retirement savings.
But getting actual rules in place around it has been akin to getting blood out of a stone.
There’s a cruel irony to the fact that the slapdash way that these new rules are being introduced is actually opening a new door to scammers.