This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Payment scams result in substantial losses each year for consumers and businesses alike. The problem has been exacerbated by the Covid-19 pandemic, which has given fraudsters new opportunities to deceive and prey on vulnerabilities.1 The UK payments industry body, UK Finance, has recently said that fraud “is now a national security threat”, requiring coordinated multi-sectoral action from the Government.2
Payment scams take different forms. A category that has attracted particular attention in recent years is the “authorised push payment” (APP) scam. A “push” payment is a payment instruction communicated by a customer to their bank. The main example is a funds transfer instruction using internet or mobile phone banking facilities. By contrast, a pull payment involves the customer’s giving the payment instruction to the payee, who then claims the payment from the payer’s bank. An example is a cheque. The label “authorised” in this context indicates that the payer has been deceived into authorising a payment to the fraudster. From a bank’s point of view, there is a valid instruction to pay from its customer; hence the loss ordinarily falls on the payer—unless there are grounds to hold the bank liable.3 The main common law ground on which to hold the bank liable for an authorised payment is the bank’s breach of its duty of care, and it was the scope of this duty that arose before the Court of Appeal in the recent case of Philipp v Barclays Bank UK Plc.4 While the discussion concerns the duty of care owed by banks, it no doubt has some relevance also for the growing number of other payment services providers.
The growing attention on APP scams in the UK was prompted by the intervention of the consumer organisation Which?, in 2016, out of concern for the upsurge in APP scams, and their damaging consequences for consumers.5 The ensuing investigation by the Payment Systems Regulator culminated in the introduction of the Contingent Reimbursement Model Code for Authorised Push Payment Scams (CRM Code) in May 2019.6 The CRM