top of page

How Is the UK Changing the Way Users Are Protected from Digital Scams?

  • Writer: WAU Marketing
    WAU Marketing
  • Apr 1
  • 3 min read

One of the least discussed but most urgent topics in the financial system's evolution is the impact of scams involving instant payments (or fast payments). This model continues to grow rapidly around the world. Instant payments allow fund transfers between bank accounts at any time, on any day of the year, with the beneficiary receiving the money in real-time.


Scam

Between 2017 and 2023, over £1.7 billion was stolen from bank accounts in the UK through scams—and what’s most concerning is that account holders couldn’t recover their money. Users often didn’t report the fraud due to the burdensome claims process. This reveals that despite technological advances, the system has not always been designed to protect end users.


The UK’s Payment Systems Regulator (PSR) took action in response. As of October 2024, a new regulation came into effect that marks a turning point: both sending and receiving banks are now equally responsible for reimbursing money stolen in instant payment scams. This improves user protection and creates a strong incentive for financial institutions to upgrade their systems and security measures.


Why is this change so important?


Because instant payments are reshaping the digital economy, they are not only the fastest payment method available but have become the preferred choice for online transactions. They are on track to dominate all forms of commerce, regardless of currency.


The speed of these payments allows money to "work multiple times in a single day," driving economic growth. It’s estimated that adopting instant payments could boost EU countries' GDP by 1% to 2% annually.


But here comes the challenge: many banks still operate with outdated "batch" systems, meaning they don’t process in real-time. Over 90% of banks update their systems overnight. That’s a dangerous disconnect in an environment where fraud can happen in seconds.


Changing the logic: from user blame to protection incentives


The traditional model blames the user for authorizing the payment. In many jurisdictions, including several EU countries, banks are not required to verify if the recipient's name matches the account. Under this logic, the customer authorizes, the bank executes, and any fraud is "the user's fault."


The PSR is breaking away from that logic by introducing a shared responsibility model. This changes the game's rules and creates a real financial incentive for banks to invest in #legacy system modernization, security, authentication, and account verification. Additionally, each bank’s performance under this new model will be made public, encouraging healthy competition.


Verifying the account name: a historical omission


A key point in this evolution is verifying the beneficiary’s name. Until now, many systems have assumed that having the account number and bank code is sufficient. But fraudsters have exploited this gap.


That’s why initiatives like "Confirmation of Payee" and SWIFT standards (to link the IBAN with the actual account holder’s name) are essential. It’s not just a technical issue—it’s a new way to build trust in digital financial systems.


What comes next?


The UK, which is not only the largest foreign exchange hub in the world (handling 38% of global volume) but also a leader in shaping international instant payment systems, is taking the conversation further. This includes real-time transfers not just in #FIAT currencies but also with #cryptoassets.


The integration of the PSR into the Financial Conduct Authority (FCA) aims to provide a unified regulatory response, eliminate redundancy, and strengthen supervision of a rapidly evolving ecosystem.


Final Reflection


This new UK regulation not only protects consumers but also clearly sends a message: financial innovation must be accompanied by responsibility.


At WAU, we've experienced firsthand the challenges of operating with tightly coupled legacy systems that lack secure integration mechanisms. These environments compromise operational efficiency and open the door to security risks and fraud for both users and financial institutions.


That’s why tech modernization isn’t a luxury or a "someday" option—it must be a strategic priority on the banking sector’s roadmap. Embracing open, secure, and flexible architectures is key to building a more robust, resilient, and user-centered financial ecosystem.


Trust remains the most valuable asset in a digital transformation. Designing systems that integrate securely, respond in real time, and restore user peace of mind after a scam isn’t a luxury—it’s a necessity.


Are we ready to adopt these models in Latin America? Please share your thoughts, and let’s keep the conversation going.

Commentaires

bottom of page