Banking Sector

In relation to push payments, financial fraud and scams are on the rise. According to FraudSMART, the fraud awareness initiative led by Banking and Payments Federation Ireland, fraudsters stole nearly €45 million through frauds and scams in the second half of 2021, an increase of 50% compared with the previous year. Citizens are increasingly aware and frightened of the techniques fraudsters are using. These have become sophisticated with time, including through authorised push payment fraud. What steps are the Government and Department taking to tackle this growing crime?

I thank the Deputy for raising this issue. I am informed by the Central Bank that it does not collect this granularity of data in relation to the total number of victims of authorised push payment fraud or the compensation paid by payment service providers and payment institutions to victims of authorised push payment fraud.

The provisional crime statistics for 2022, released by An Garda Síochána, note that technology based fraud, including phishing, account takeover, card not present, online shopping fraud, which increased significantly during the Covid-19 pandemic, particularly in 2021, reduced during 2022. However, the Banking and Payments Federation has supplied data on the number of transactions affected by authorised payment fraud and the total value of those transactions from 2019 to 2021, noting that this information is not available for the years prior to 2019.

In 2019, there were 1,646 transactions with a gross loss of €10.3 million. In 2020, there was a significant rise associated with the Covid-19 pandemic with 2,947 transactions and a gross loss of €15.6 million. The trend continued in 2021, which saw 3,967 transactions and a gross loss of €16.8 million.

While the payment service directive, PSD2, set out the industry requirements concerning liabilities for unauthorised payment transactions and the applicable security requirements to help protect consumers against fraud, there is no requirement for payment services providers to compensate customers where authorised push payment fraud occurs. The Deputy will appreciate the actions they have taken to tackle the issue of payment fraud.

This matter is especially timely considering the upcoming review of the PSD2, which is being undertaken by the European Commission. The review is expected to cover a wide variety of areas related to the directive, including payment fraud.

As we know, authorised push payment fraud occurs when a fraudster tricks somebody into making a payment to a bank account that the fraudster controls. An individual could see a holiday on a website and purchase it for thousands of euro only to find out that he or she has been the victim of a scam or an individual may enter a dating relationship through an online dating app and transfer money to help someone with a medical cost only to discover that he or she has been the victim of a romance scam.

Authorised push payment, APP, fraud is on the rise, as the Minister mentioned. We have seen the figures increase by 35% in 2021, with €16.8 million stolen from nearly 4,000 victims. That is double what the figure was two years previously.

Under the payment service directive, payment service providers are required to compensate victims for unauthorised payments but there is no requirement to compensate victims for APP fraud. Protections are stronger in Britain. The regulator is replacing a voluntary code with a mandatory requirement on payment providers to compensate the victims of this fraud. Will the Minister clarify if moving forward with such a requirement here would be possible under the payment service directive?

The Deputy has submitted parliamentary question on this issue recently. As PSD2 is a maximum harmonisation directive, member states may not maintain or introduce provisions through the European Union payment services regulations other than those laid down in the directive, including the introduction of provisions to require reimbursement from payment service providers to victims of authorised push payment fraud. I have raised this issue with my officials. I am advised that the introduction of domestic legislation requiring reimbursement from payment service providers to victims of authorised push payment fraud could lead to unintended consequences and introduce impediments into the payment system causing roadblocks for ordinary users. While preventing fraud is a priority, it is important that any action taken to solve the issue must be considered within the wider European context.

As the Deputy will be aware, the European Commission is undertaking a review of PSD2, which is expected to cover a wide variety of areas relating to the directive and is likely to result in a new legislative proposal, the third payment service directive, PSD3.

We need to address APP fraud and start with protecting victims and putting more pressure on banks and payment providers to improve their systems. Requiring compensation to victims would do both.

I have been in contact with an individual who was a victim of APP fraud. Payments were made through a bank in Britain and a bank in this State, and while she was compensated by the British bank, she received no compensation from the Irish bank. It was the same scam but it involved two different banks in two different jurisdictions. One provided compensation, while the other did not.

Another initiative that could be implemented is confirmation of payee. This requires payment providers to check the payee name entered by the sender against the name on the account to which the payee is sending funds. This requirement is in place in Britain and also the Netherlands. It has been an effective tool in reducing incidents of fraud and should be introduced here without delay. I understand such a proposal is made in the Commission's legislative proposal on instant payments published in October. There is no reason we cannot move forward in implementing this system without delay. Would the Minister consider that?

The advice received from my officials at this point is that the best way of addressing this issue is through the review the European Commission is undertaking of PSD2, which it is expected will result in a new legislative proposal to bring forward PSD3.

The Deputy has raised a valid point. I acknowledge that there is a gap here for the people who are directly affected. It is not provided for currently within PSD2. I will continue to work with my officials to find a way of ensuring that people who are affected by APP fraud can be protected and I will work with the Deputy on that.