Despite changes announced by the Payment Systems Regulator (PSR) Wednesday (Sept. 4), the industry is pushing for further amendments to these rules, Bloomberg reported Friday (Sept. 6).

The Payments Association wrote to City Minister Tulip Siddiq on Friday, urging for the maximum reimbursement for victims of authorized push payment (APP) fraud to be reduced to 30,000 British pounds (about $39,000), according to the report. The association said this amount would still cover 95% of fraud cases.

The request came after the PSR announced its plan to lower the cap on reimbursements to 85,000 pounds (about $111,600) from 415,000 pounds (about $545,000), following lobbying from the payments industry and feedback from government officials, the report said. The regulator said the new cap would cover over 99% of claims by volume.

APP fraud involves victims being tricked into sending money to criminals. Last year alone, this type of fraud led to 460 million pounds (about $604 million) in losses, the report said, citing research by trade group UK Finance.

The industry is also calling for Big Tech companies to share the liability of fraud losses, per the report. Many banks argue that more than 60% of reported scams in the U.K. originate from sites like Instagram. They say social media and tech companies should have the same financial incentives to control fraud as traditional financial institutions.

Under current rules, Big Tech firms like Instagram parent Meta Platforms are outside the PSR’s jurisdiction, according to the report.

However, the Labour Party, which recently took over the U.K. government, has plans to include Big Tech in the battle against APP fraud, the report said. In a document seen by Bloomberg News, Labour called for Big Tech companies to tackle fraud and reimburse victims.

The implementation of the new fraud-reimbursement rules has proven challenging for many financial firms, the report said. Less than 500 firms have been onboarded onto the Pay.UK system, which is responsible for setting up the communication infrastructure for reimbursements. This means that approximately two-thirds of payments firms are not yet part of the system. However, the firms that have joined represent 95% of fraud volume.

To gather additional responses from banks and payments firms, the PSR has initiated a two-week consultation that will run until Sept. 18, per the report. The regulator plans to announce its final plan by the end of September.

The post UK Payments Industry Seeks Further Reduction of Fraud-Reimbursement Cap appeared first on PYMNTS.com.

Banks have been able to pivot fully into the digital age, serving a broader swath of customers than they otherwise might have if those partnerships had not been struck in the first place.

The PYMNTS Intelligence report “The FinTech-Bank Relationship Shifts Toward Collaboration” found that 95% of banks are focused on using partnerships to enhance their own digital product services and offerings, streamlining the time to market to get customer-facing features in place.

However, the same interdependencies and interconnectedness with relatively nascent firms in a world of new attack vectors and untested business models can lead to several avenues of risk for traditional financial services players.

Through the last few months, regulatory bodies overseeing the banking sector have noted that banks must take steps to maintain and bolster their operational resilience.

The “Semiannual Risk Perspective” from the Office of the Comptroller of the Currency (OCC) said: “Sound operational resilience includes identifying critical operations and core business lines and mapping interdependencies within a bank’s organization and with significant third parties. Increased interconnectedness and interdependencies across the financial industry elevate the threat of a single participant’s outage, creating broader sector disruption.”

One Link Goes Down — and Creates a Domino Effect?

Think, then, of a bit of domino effect. A FinTech or other partner is hit by a cyberattack, operational failure or loss of customers, forcing them to go dark, so to speak, and the ripple effects hit the federal banking system at large. The OCC said in the report that fraud is a “significant risk,” and timely suspicious activity reports on the part of the banks protect the financial institutions themselves but also their end users.

The Federal Reserve, in another example, last year issued guidance on the various stages of third-party life cycle management, which includes the wealth of considerations inherent in these relationships, such as the “direct contractual costs and indirect costs to augment or alter bank staffing, processes and technology,” and the interactions that the third parties will have with end customers.

The interconnectedness is proving extensive, especially for smaller banks. The Fed, Federal Deposit Insurance Corp. (FDIC) and OCC said in a joint guide on third-party risk management that banks must glean insight into whether a third party’s information security program is consistent with the bank’s program and “expectations related to protecting the confidentiality, integrity and availability of information.” The third parties, in turn, may have relationships with other companies, including subcontractors, which expose them to risks, including breaches.

The Federal Reserve Bank of New York said in a June blog post that banks and nonbanks are “intimately interconnected,” and the latter are dependent on banks for term loans and lines of credit. Overall lending to shadow banks is estimated to exceed $1 trillion as of January. Term loans, which are upfront payments from the lenders that are paid out by the borrowers over time, represented a bit more than a quarter of lending to nonbanks, up from about 15% in 2015.

We’ll get a bit more insight this week when the FDIC releases its quarterly report card on the financial condition of the U.S. banking system. The second-quarter data will give details on problem banks and even the number of insured institutions extant, which has been declining. If the number of banks declines, the concentration of risk increases.

The post From Partnerships to Problem Banks: FDIC Report Looms Large appeared first on PYMNTS.com.

The FTC alleged that Care deceived caregivers about the availability of jobs and the amount they could expect to earn, while also failing to offer families looking for care a simple way to cancel their paid subscriptions to the platform, according to a Monday (Aug. 26) press release.

Care agreed to a settlement requiring it to turn over $8.5 million, which will refund consumers hurt by its practices, the release said. The settlement also requires the company to back up its claims about earnings, be honest about the number of available jobs on its website and allow users to easily cancel subscriptions.

“Care.com used inflated job numbers and baseless earnings claims to lure caregivers onto its platform, and used deceptive design practices to trap consumers in subscriptions,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in the release. “The order announced today puts a stop to these unlawful practices, returns millions of dollars to consumers, and helps ensure an honest marketplace for families looking for care and caregivers looking for work.”

Care issued a statement Monday, which said although it was ready to litigate the matter for “the next several years,” it instead chose to reach an agreement with the FTC to focus on its customers.

“This settlement is in no way a validation of the FTC’s claims,” the company said. “In fact, the settlement requires no material change in how Care.com serves those who use its platform.”

The statement added that as caregivers are leaving the field and people are facing steep costs for eldercare and childcare, “it is disappointing that the FTC has chosen to attack trusted businesses who are part of the solution.”

In addition to the allegations around Care’s dealings with its workers, the FTC said in the release that the company made it difficult for users to cancel the paid subscriptions needed to contact job posters or job seekers by employing so-called “dark patterns.”

“When consumers try to cancel Care subscriptions, they must click through a number of unrelated links to find information about how to cancel,” the release said. “According to the lawsuit, consumers regularly complained about difficulties in finding the cancellation options, with many resorting to searching online for instructions on how to cancel.”

The post FTC Accuses Care.com of Misleading Job-Seeking Caregivers appeared first on PYMNTS.com.

The fine from the Dutch Data Protection Authority (DPA) stems from an investigation that found that the ride-hailing/delivery giant transferred personal data of its drivers to the United States while failing to protect that data, according to a Monday (Aug. 26) press release.

This violates Europe’s General Data Protection Regulation (GDPR), and Uber has since ended the violation, the release said.

“In Europe, the GDPR protects the fundamental rights of people by requiring businesses and governments to handle personal data with due care,” Dutch DPA Chairman Aleid Wolfsen said in the release. “But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union.”

The fine is the steepest penalty ever issued by the DPA and the largest Uber has received, Bloomberg reported Monday.

“This flawed decision and extraordinary fine are completely unjustified,” an Uber spokesperson told PYMNTS. “Uber’s cross-border data transfer process was compliant with GDPR during a three-year period of immense uncertainty between the EU and U.S. We will appeal and remain confident that common sense will prevail.”

The company also argued the decision relates to a complaint from 2021, a time that Uber said was marked by uncertainty about EU-U.S. data transfers. Uber also noted that it will not have to pay a fine while appealing the case, a process that could take years.

According to the DPA release, the regulator’s investigation found that Uber collected “sensitive information” about drivers from Europe and held it on servers in the U.S. The information included account details, location data, photos, payment details, and in some cases, drivers’ medical and criminal history.

For more than two years, Uber transferred this data to its American headquarters without employing transfer tools, meaning the data was not sufficiently protected, the release said.

The investigation began when more than 170 French drivers issued a complaint to the country’s human rights interest group, Ligue des droits de l’Homme, which subsequently forwarded a complaint to the French DPA. Because Uber’s European headquarters is in the Netherlands, the case was turned over to the Dutch DPA, per the release.

The fine comes days after the CEOs of Meta and Spotify issued a joint statement criticizing EU tech regulations in the wake of an application of the GDPR that required Meta to delay training its artificial intelligence models on content shared publicly by adults on its social media platforms, Facebook and Meta.

The post Uber Fined $324 Million for EU Data Protection Breach appeared first on PYMNTS.com.

But as CNBC reported Sunday (Aug. 25), restaurateurs are trying to avoid this fight.

The report, citing data from the National Restaurant Association, said that 15% of restaurant owners added surcharges or fees to checks due to higher costs last year. And a recent report from Square found that 3.7% of the restaurant transactions it processed in the second quarter included a fee, more than twice the amount from two years ago.

While the White House has gone after a range of so-called “junk fees” such as undisclosed service charges for concert tickets, the Federal Trade Commission (FTC) is expected to publish a rule banning businesses from “charging hidden and misleading fees” in the fall.

Restaurants, however, say their fees and surcharges help them stay in business and compensate their workers fairly, the report added.

“The challenge for the restaurants is that not all fees are junk fees. … People know what they’re paying for when it comes to most fees that are on a restaurant bill,” Sean Kennedy, executive vice president of public affairs for the National Restaurant Association, told the network.

The report said some customers may not agree, pointing to a Denver restaurant worker who said in a public comment responding to the FTC’s proposal that while his employer claims fees are “equitably distributed to the staff,” the restaurant actually holds onto 30% of the proceeds.

Consumers, meanwhile, are also getting fed up with “tipflation, the upward march of the tips paid at the table and for delivery, which adds to the bill and subtracts from diners’ wallets,” as PYMNTS wrote earlier this month.

As our reporting on the perceptions around inflation shows, around three-quarters of consumers have noticed the impact of price increases from their favorite restaurants. The pinch is being seen at table service restaurants and quick-service eateries alike, with indications that delivery apps are denting consumers’ wallets as well.

The PYMNTS Intelligence report “Tipflation Is Changing Spending Habits of 1 in 6 Consumers” found that consumers across all income groups are spending less due to tips driving up the cost of goods and services. 

“Data showed that 29% of consumers say tipping has gotten out of hand, as it seems they are universally being prompted at the point of sale to sign off on some level of suggested tipping,” PYMNTS wrote. “A full 17% of respondents to our surveys said that they have actually cut back on spending on items — including food and delivery — because the tipping aspect makes things cost too much.”

The post FTC Junk Fee Crackdown Leaves Restaurants Feeling Queasy appeared first on PYMNTS.com.

Ashley Alder, chair of the Financial Conduct Authority (FCA), allegedly forwarded correspondence featuring a whistleblower’s name, address and concerns without redaction, the Financial Times (FT) reported Friday (Aug. 23).

The report, based on internal emails at the FCA, noted that the regulator’s whistleblower policy says: “Your identity will not be revealed without your consent.”

According to the FT, the whistleblower was let go from the FCA in 2021 for alleged misconduct and also lost an employment tribunal case against the regulator, which they are appealing. However, their worries about allegedly “opaque” hiring practices that were detailed to Alder led to an internal review.

The report said the FCA has begun another in-house audit in response to the whistleblower’s claims, which will examine its process for determining if misconduct allegations should be the subject of a formal internal investigation.

The FT notes that the FCA has already been criticized for the way it deals with whistleblowers. Last year, the Information Commissioner’s Office determined that the FCA had breached its data protection obligations in a case in which the regulator allegedly intercepted and diverted staff correspondence — including confidential whistleblowing emails — to track workers it considered a nuisance.

The report includes a statement from the FCA and Alder: “This is an exceptional case. A former employee raised multiple concerns in different ways, including through an internal complaint and at an employment tribunal. The senior independent director of the FCA’s board will review how it was handled.”

In other recent FCA news, the regulator last month proposed new rules on publishing a prospectus, raising capital and regulating secondary markets, while also finalizing new rules on investment research.

The FCA said these rules are designed to strengthen the U.K.’s capital markets and its position as a global financial center.

“The package we have set out today, alongside our recent reforms to the listing rules, will help to strengthen the U.K.’s position in wholesale markets,” Sarah Pritchard, executive director of markets and international at the FCA, said in a news release. “We know we need to strike the right balance between protection for investors and allowing capital markets to thrive.”

The post FCA Chair Allegedly Revealed Whistleblower’s Identity appeared first on PYMNTS.com.

“The cost of fraud is high,” Ryan Dew, SVP, Product Solutions for Thredd, noted to PYMNTS in a recent interview, adding that FinTechs are already tasked with defending their business models as they strive to achieve profitability.

The so-called hot button issues right now revolve around know your customer (KYC) and know your business (KYB), said Dew, who added that knowing who’s on the other side of a transaction is critical. Sponsors in financial services want to know as much as possible about the FinTechs with which they are doing business, and need to know that the FinTechs themselves are proving adept at detecting and reporting fraud.

But amid the risks of attacks, “It’s becoming much harder for them to gain sponsorship and support from the wider ecosystem — especially from a regulatory standpoint,” Dew said.

It’s more important than ever, he said, that FinTechs demonstrate their value proposition and assure investors and partners that they are meeting their regulatory obligations, from a transaction processing standpoint all the way through to back office support for chargebacks and disputes.

“If these FinTechs are not taking the right steps now, and upfront, as they craft their business models, it’s really going to hurt them more so now than ever in the past,” Dew said.

Read more: Thredd CEO Counts on Regulators to Address Vulnerabilities of Banking as a Service

Historically, the task of meeting regulatory requirements would fall, depending on the FinTech use case, on program managers. But now, with a mix of stakeholders and complex interactions between those stakeholders, processors such as Thredd and issuer sponsors are “now being held accountable in many ways” for the FinTech businesses and use cases, and must help ensure compliance.

Several Stakeholders

“Everyone has a stake in this game,” Dew said.

The burden is especially high on the FinTechs that might have limited resources to staff up their compliance and regulatory functions, and fraud, as Dew noted, is constantly changing.

From his own vantage point at Thredd, Dew said that several FinTech clients in the push payment or cross-border money movement spaces are seeing fraud proliferate in those use cases — especially in real-time and account-to-account settings, as open banking takes shape here and abroad.

“Many of the FinTechs are struggling to keep pace with and choose the right tools to monitor those types of transactions that fall outside of the norm of what they traditionally have dealt with on the ‘card side’ of their businesses,” Dew said.

Security is not just about validating customer accounts, he added, with a nod to open banking, but about giving customers a regulated and standardized way to transport their money and data as they deem necessary.

Thredd, he said, looks across the transaction lifecycle, spanning KYC and ID verification, with learning models that are embedded in the processes and change as the transactions (and fraud vectors) change too. The company also offers client firms scam detection services for push payments, disputes and chargeback fraud. 

“We see a lot of data, a lot of transactions and various anomalies across all of our portfolio of companies, and we play that back to our customers and help them stitch together solutions that leverage the fact that there are similarities in the ways FinTechs are being attacked,” he said.

We’re headed towards an environment, he said, where FinTechs, formerly competitors, will collaborate to ensure safe data and money transmission, even as there’s some consolidation in the works.

As he told PYMNTS, “Open banking is here to stay, and the types of products and services that will rely on open banking standards will continue to grow. … Fraud and compliance are going to be things that every provider in the space is going to have to take seriously.”

The post Thredd SVP Says FinTechs Need a Gut Check as They Safeguard Money Movement   appeared first on PYMNTS.com.

In December, the Payment Systems Regulator (PSR) put forth a “call for views,” which included proposals for how it could support an expansion of VRPs. On Thursday (Aug. 15), the PSR published its response to the call.

Kate Fitzgerald, head of policy at the PSR, noted in a news release that upwards of 10 million British consumers and businesses are benefiting from open banking.

“Our call for views response aims to provide the transparency around what’s needed to make sure open banking keeps growing, delivering new financial opportunities and services that increase choice and flexibility for consumers,” she said.

“This is an important step in keeping up momentum to expand the use of VRPs. We’ll continue to work closely with the ecosystem to ensure this happens effectively and identify where regulation will have the most impact — promoting competition and driving better value and outcomes for consumers.”

According to another U.K. regulator — the Competition and Markets Authority (CMA) — VRPs are a type of payment that lets customers connect authorized payment providers to their bank account to make payments on their behalf “in line with agreed limits.”

The CMA has approved nine British banks — known as the CMA9 — to implement a VRP open banking API to allow for an easier sweeping of funds from a customer’s current account to another of their accounts.

The feedback the PSR got showed support for coordinating the expansion of VRPs through a multilateral agreement (MLA), along with concerns about the need for an MLA and whether it should include a central price. 

And while a majority of respondents supported the need for a central price, the PSR added, there were mixed views on how best to price Application Programming Interface (API) access for VRPs in the first stage of the project. The PSR plans to evaluate different price approaches.

“The PSR will also consider the potential effectiveness of interventions that do not establish a VRP API access price, such as price transparency or reporting requirements,” the regulator said.

In other open banking news, recent research by PYMNTS Intelligence finds a gap between consumer interest in open banking and its actual usage in the U.S.

While 46% of American adults expressed strong interest in open banking payments, just 11% of them have used it.

The post PSR Explores Expanding Variable Recurring Payments in UK appeared first on PYMNTS.com.

The Committee on Foreign Investment in the United States (CFIUS) said in an announcement of the enforcement action that T-Mobile committed these violations between August 2020 and June 2021, and the company’s failure to report some incidents delayed the regulator’s efforts to investigate and mitigate any potential harm.

The violations came after T-Mobile entered into a national security agreement with CFIUS in 2018 due to the company’s merger with Sprint and the foreign ownership of the entity resulting from that merger, according to the announcement.

“CFIUS concluded that these violations resulted in harm to the national security equities of the United States,” the regulator said in the announcement. “T-Mobile has worked with CFIUS to enhance its compliance posture and obligations and has committed to working cooperatively with the U.S. government to ensure compliance with its obligations going forward.”

T-Mobile said, per The Wall Street Journal (WSJ), that the incidents resulted from technical issues during its integration with Sprint, that they involved unauthorized access to information shared from law enforcement requests, and that the information remained within the law enforcement community.

“We reported this in a timely manner, and the issue was quickly addressed,” a T-Mobile spokesperson said, according to the WSJ report. “We are glad to have reached a resolution and look forward to continuing to work cooperatively with the law enforcement community to help keep the country and our customers safe.”

The CFIUS announcement of the enforcement action was made on a website that was unveiled by the Treasury Department Wednesday (Aug. 14) and shares information about civil monetary penalties imposed by CFIUS, according to a press release.

“Today’s penalty updates underscore CFIUS’ commitment to accountability and the protection of national security,” Assistant Secretary of the Treasury for Investment Security Paul Rosen said in the release.

The civil penalty imposed on T-Mobile is the largest ever imposed by CFIUS and is the first enforcement action taken by the regulator that publicly named the targeted company, according to the WSJ report.

The post CFIUS Fines T-Mobile $60 Million, Alleging Failure to Protect Data appeared first on PYMNTS.com.

A pair of trade organizations — the European Banking Federation and Payments Europe — say the proposal by the British Treasury was “potentially discriminatory” and a “risk to the integrity of national payments and retail banking markets in the EU,” the Financial Times (FT) reported Wednesday (Aug. 14).

The letter, seen by the FT, argues that the proposal could be especially harmful to FinTechs and digital banks, as they do not provide lending at scale and are thus more dependent on income from payment fees than larger banks.

The U.K.’s Payment Systems Regulator (PSR) proposed the cap last year after a review of cross-border interchange fees on transactions between U.K. businesses and the European Economic Area (EEA), in an effort to protect merchants from overpaying.

“In this market review we have provisionally found that the fees charged by Mastercard and Visa to UK businesses which accept payments from within the EEA are likely too high,” Chris Hemsley, the PSR’s then-managing director, said in a news release. “In short, at this stage, we do not think this market is working well.”

The PSR’s proposal would place an initial, one-time limited fee cap of 0.2% on consumer debit transactions between the U.K. and EEA, along with a 0.3% cap on consumer credit transactions made online at businesses in the U.K. The regulator is also proposing a “lasting cap” on credit card interchange fees after further study determines an appropriate level.

“After the U.K. left the European Union, both Visa and Mastercard raised interchange fees for online transactions between the EU and the U.K. to 1.15% for debit cards and 1.5% for credit cards, saying the hike was needed to contend with fraud and increased competition,” PYMNTS wrote last year.

Both Visa and Mastercard have told PYMNTS they do not agree with the PSR’s conclusions, with Visa saying its interchange rates apply to less than 2% of U.K. card payments for EEA cardholders buying online from a U.K. seller.

The PSR issued a report in May that concluded that charged increases in the fees levied on acquirers and issuers through the past five years by Visa and Mastercard “could not be explained by changes in the volume, value or mix of transactions.”

Once again, Mastercard and Visa said they disagreed with the findings of that report.

“In its analysis, the PSR has failed to account for the significant investment required to provide a secure network which prevents billions of pounds of fraud  each year,” a Mastercard spokesman told PYMNTS at the time.

The post EU Banks Have ‘Serious Concerns’ About UK Transaction Fee Cap appeared first on PYMNTS.com.