A possible way to stop most push payment fraud

Zanderman

theoldmiser said:

eskbanker said:

theoldmiser said:
The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

Says who?

My idea would stop almost ALL push payment fraud, what exactly do you find wrong with it? Something more specific would be helpful. It could be a £2,000 limit, it would be up to the banks to set the initial maximum amount.

No, it would only stop push payment over that limit. Fraud just below it would flourish and expand. You're helping fraud by setting a fixed limit for a trigger.

By doing so you're greenlighting any fraud below that trigger.

It's a gift to fraudsters. 

theoldmiser

Zanderman said:

theoldmiser said:

eskbanker said:

theoldmiser said:
The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

Says who?

My idea would stop almost ALL push payment fraud, what exactly do you find wrong with it? Something more specific would be helpful. It could be a £2,000 limit, it would be up to the banks to set the initial maximum amount.

No, it would only stop push payment over that limit. Fraud just below it would flourish and expand. You're helping fraud by setting a fixed limit for a trigger.

By doing so you're greenlighting any fraud below that trigger.

It's a gift to fraudsters. 

Why would fraud just below it flourish and expand? Push payment fraudsters want to get as much money out of your account as they can.

Currently ALL fraud is "greenlighted" because there is no trigger.

"It's a gift to fraudsters". Laughable. I don't even know where to begin.

Show me ANY cases of push payment fraud where the amount was UNDER £1,000.

eskbanker

theoldmiser said:

eskbanker said:

theoldmiser said:
The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

Says who?

The thousands of victims of push payment fraud, the police, and the banks who have to deal with all of this. If the current system was working, there would be no push payment fraud, at least, that's what I consider 'working' to mean.

I see you couldn't discuss anything else I wrote in answer to your objections...

You wrote a lot of stuff that would take quite a while to debunk - I might get round to it, but was simply challenging the fundamental premise to start with, rather than getting bogged down in detail.

However, total elimination of APP scams is a futile and unrealistic aspiration, so let's just look at some facts to be going along with:

Daily faster payment transactions - circa 10m

Daily APP scams - less than 1,000, i.e. <0.01% of transactions

Average FP size - circa £774

Of APP cases referred to banks, "68 per cent involved values of less than £1,000, while only 6 per cent of cases involved the more life-changing sums of £10,000 plus"

About 18% of reported APP frauds relate to impersonation scams such as police or bank staff, i.e. the vast majority aren't this type of scam, so your apparent belief that this is the primary cause is misplaced....

theoldmiser said:

Show me ANY cases of push payment fraud where the amount was UNDER £1,000.

See above, 68%, according to UK Finance.

Zanderman

theoldmiser said:

Zanderman said:

theoldmiser said:

eskbanker said:

theoldmiser said:
The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

Says who?

My idea would stop almost ALL push payment fraud, what exactly do you find wrong with it? Something more specific would be helpful. It could be a £2,000 limit, it would be up to the banks to set the initial maximum amount.

No, it would only stop push payment over that limit. Fraud just below it would flourish and expand. You're helping fraud by setting a fixed limit for a trigger.

By doing so you're greenlighting any fraud below that trigger.

It's a gift to fraudsters. 

Show me ANY cases of push payment fraud where the amount was UNDER £1,000.

Every single one if your scheme was in place. (Edit to add, from Eskbanker's post above, 68% of them at the moment anyway)

And there'd be nothing to stop 'em.

So they keep repeating it.

Definitely a gift.

theoldmiser

Zanderman said:

You don't think the banks have debated and analysed all sorts of ways of combatting fraud already, and what you're suggesting has been dismissed?

Apart from creating a huge new bureaucracy - actual and virtual - the primary flaw is that every fraudster would, if the default was £1000, set their fraudulent transfer at, say, £900 - and they'd all sail through. Then the limit might be lowered to 900 and they'd change to 800, and so on until the limit was laughably low.  It would, ultimately, be self-defeating as the trigger amounts involved would become trivial.

No, I don't think the banks have debated and analysed ALL ways of combatting fraud already, they probably have people like you who say "But somebody ELSE must have thought all of this through already, so why should I think of a new way to stop it?"

What is this "huge new bureaucracy" you talk of? LOL.

Let the fraudsters set their fraudulent transfers at £900. The bank then has a system that if MULTIPLE PAYMENTS in the same day of more than £1,000 (for example) are attempted, they are then held and the bank phones the customer to confirm they are not being defrauded.

That wasn't difficult to think of, was it? You don't think that is a customer was sending out first £900 to a NEW account they had never sent money to before, and then they sent ANOTHER £900 to that account, that that wouldn't register (or could NOT be made to register) as potentially fraudulent?

theoldmiser

Teapot55 said:

I think your idea sounds like quite good.

My bank’s software always asks me if it’s to someone I’ve paid before and then what sort of reason ie bill, family etc. They’re not asking questions that are too intrusive on my privacy and I think they’ve got the balance about right. 

Thank you.

theoldmiser

Zanderman said:

theoldmiser said:

Zanderman said:

I do £1000+ transfers regularly, between my own accounts, several times a month. I would be mightily annoyed if the bank rang me every time. Banks would be phoning people al the time - £1000 transfers are not unusual at all.

I very much doubt banks haven't already thought through your scenario and dismissed it.  The key need is for the customer not to fall for the scam in the first place.  To take your example; banks don't ring to say your account is compromised, and even if they did why oh why would they not be able to merely freeze the account?  The bank have full control of the account at all times. Only a fraudster would tell you the account must be emptied!

I don't understand your final part. Is that a quote from me? If so, it helps if you put it in quotes.

If it was a quote it would be in quotes!

It was a reference to your example of fraud, where you were referring to fraudsters saying accounts are compromised and money should be moved to another account. 

I was merely pointing out that a bank would, fairly obviously, never say this.

Because if an account is 'compromised' they could freeze it - as they are, er, the bank.

Only a fraudster would suggest money should be moved to another account.

So anyone falling for that scam isn't really thinking it through. Why would a bank not be able to stop an account being used? Why would a bank ask you to move money?  Anyone suggesting that should happen is, obviously, a fraudster.  

It's obvious to YOU, but obviously it isn't obvious to the many people who are victims of push payment fraud every year!

Are you going to address my question about how often you make payments of over £1,000 that are NOT between your own accounts? Your first response to my idea was completely irrelevant - because you were talking about transfers between your OWN accounts, which are nothing to do with my idea, as if they somehow negated it...

theoldmiser

eskbanker said:

theoldmiser said:

eskbanker said:

theoldmiser said:
The current system isn't working, therefore it isn't a sensible compromise between security, convenience and cost.

Says who?

The thousands of victims of push payment fraud, the police, and the banks who have to deal with all of this. If the current system was working, there would be no push payment fraud, at least, that's what I consider 'working' to mean.

I see you couldn't discuss anything else I wrote in answer to your objections...

You wrote a lot of stuff that would take quite a while to debunk - I might get round to it, but was simply challenging the fundamental premise to start with, rather than getting bogged down in detail.

However, total elimination of APP scams is a futile and unrealistic aspiration, so let's just look at some facts to be going along with:

Daily faster payment transactions - circa 10m

Daily APP scams - less than 1,000, i.e. <0.01% of transactions

Average FP size - circa £774

Of APP cases referred to banks, "68 per cent involved values of less than £1,000, while only 6 per cent of cases involved the more life-changing sums of £10,000 plus"

About 18% of reported APP frauds relate to impersonation scams such as police or bank staff, i.e. the vast majority aren't this type of scam, so your apparent belief that this is the primary cause is misplaced....

theoldmiser said:

Show me ANY cases of push payment fraud where the amount was UNDER £1,000.

See above, 68%, according to UK Finance.

Fair enough - then at least my idea would stop people from losing life changing amounts of money, and I presume it is obvious that those are the cases that it's most important to stop?

theoldmiser

Zanderman said:

Every single one if your scheme was in place. (Edit to add, from Eskbanker's post above, 68% of them at the moment anyway)

And there'd be nothing to stop 'em.

So they keep repeating it.

Definitely a gift.

"there'd be nothing to stop 'em". As if there is something to stop them now...

As I said, they wouldn't keep repeating it, because the banks would be checking for REPEAT transactions to new accounts which the customer had never sent money to before, and would phone them on the SECOND payment.

How could you not have thought of that?

Zanderman

theoldmiser said:

Zanderman said:

You don't think the banks have debated and analysed all sorts of ways of combatting fraud already, and what you're suggesting has been dismissed?

Apart from creating a huge new bureaucracy - actual and virtual - the primary flaw is that every fraudster would, if the default was £1000, set their fraudulent transfer at, say, £900 - and they'd all sail through. Then the limit might be lowered to 900 and they'd change to 800, and so on until the limit was laughably low.  It would, ultimately, be self-defeating as the trigger amounts involved would become trivial.

No, I don't think the banks have debated and analysed ALL ways of combatting fraud already, they probably have people like you who say "But somebody ELSE must have thought all of this through already, so why should I think of a new way to stop it?"

What is this "huge new bureaucracy" you talk of? LOL.

Let the fraudsters set their fraudulent transfers at £900. The bank then has a system that if MULTIPLE PAYMENTS in the same day of more than £1,000 (for example) are attempted, they are then held and the bank phones the customer to confirm they are not being defrauded.

That wasn't difficult to think of, was it? You don't think that is a customer was sending out first £900 to a NEW account they had never sent money to before, and then they sent ANOTHER £900 to that account, that that wouldn't register (or could NOT be made to register) as potentially fraudulent?

Ok, this is my last contribution, as I've risen to the bait enough:

Re the banks debating it all already - yes, of course they have, and of course they regularly review options. Fraud costs them a lot of money - far more than a member of Joe Public. It's in their interests to keep combatting it and reviewing it. They are very unlikely to have people who say let's not bother 'cos we've already gone though this a few times already..

Re the bureaucracy - new system on every bank website, app and counter service required. New staff training, plus a load of new staff, with desks, computers etc, to cope with all those calls, and dealing all those people contacting them wanting to tailor their limit up or down. 

Re the fraudsters doing multiple transactions - yes, there might be systems to detect those, but they may or may not work as ell as you think, and anyway if they did the fraudster just moves to the next victim. It's obviously worthwhile at this level - 68% of APP scams are already under £1000 according to Eskbanker's stats.

But that's me done for this thread. You're clearly not going to accept anything I say!