Virgin Money’s takeover bid unveils hidden battle against fraudsters
As Virgin Money UK Plc enters into a takeover deal with Nationwide Building Society, a deeper story emerges. Behind the scenes, a £130 million fraud-prevention campaign hints at the challenges posed by an evolving landscape of financial crime. Chief Executive Officer David Duffy points to the rising threat of online fraud and the strain it places on banks. As technology advances, so do the tactics of fraudsters, pushing banks towards consolidation for greater resilience.
Sign up for your early morning brew of the BizNews Insider to keep you up to speed with the content that matters. The newsletter will land in your inbox at 5:30am weekdays. Register here.
By Marc Rubinstein
Did fraudsters take down Virgin Money Plc, the UK's sixth-largest bank?
When the management team of Virgin Money UK Plc presented to shareholders on the merits of their agreed takeover by Nationwide Building Society last month, they laid out various reasons for recommending the offer. There was the price, of course – a 40% premium to the average market value over the prior three months. There was the scale: Together, the combined banks would become the second-largest provider of mortgages and savings in the UK.
But there was something else, left unspoken: The demands of combatting a new generation of scammer. A few months earlier, in late November, the same management team had shocked investors when they unveiled a £130 million ($165 million) fraud-prevention campaign, equivalent to more than a third of last year's pretax profit.
"The rapidly increasing prevalence of online channels and social media are driving higher instances of fraud and financial crime in the UK," Chief Executive Officer David Duffy told shareholders. "Increasingly, this will become an area where banks bear the full extent of fraud losses and associated penalties." Mitigating against it doesn't come cheap. Virgin Money swiftly realized that sharing the cost with a larger partner made more economic sense.
Duffy's observation is an important one. New technologies including AI increase the sophistication and risk of fraud and allow criminals to scale their efforts at lower cost. In the latest available data covering the first half of 2023, UK bank customers lost £580 million to fraud, according to trade body UK Finance, with a further £651 million of attempted theft thwarted by banks' security systems. As well as the monetary loss, many types of fraud, particularly romance and investment scams, cause considerable psychological harm to their victims.
One growth area is Authorized Push Payment (APP) fraud, where customers are misled into making fraudulent payments. It takes advantage of the UK's Faster Payments system, which was launched in 2008 and now accounts for about 40% of bank-to-bank transfers by volume. Exploiting the system's speed, criminals trick customers into sending money to a fraudulent account. So while Faster Payments has lubricated commerce and provided a less expensive alternative to credit-card payments, it comes with a cost. In the first six months of 2023, 116,000 confirmed cases of APP fraud were reported, leading to losses of £239 million. Visa Inc. says its research shows one in three consumers has fallen victim to it.
In the past, it was unclear where the liability lay. Some banks, notably TSB (owned by Spain's Banco de Sabadell SA) reimbursed customers for losses. On average, large banks reimbursed 62% of claims in 2022, according to data from the Payment Systems Regulator – although Virgin Money was at the lower end, at 38%. Starting in October, though, new rules require banks to offer full reimbursement, up to £415,000 per claim, with losses split 50/50 between the customer's bank and the receiving bank. It's a cost the industry will have to bear, either directly or via enhanced prevention systems.
The problem isn't restricted to the UK. In the US, fraud losses hit $10 billion in 2023, according to the Federal Trade Commission, up 14% over the prior year. Bank transfers facilitated the largest share of that, higher even than cryptocurrency. The National Consumer Law Center advocacy group collates some devastating stories, such as that of a college student who lost his entire savings account after someone with two fake identification cards went into a bank and wired $16,500 out; by the time he noticed, the bank refused to reimburse him.
In a speech last week, Acting Comptroller of the Currency Michael Hsu praised the UK's new rules and argued that "this liability model deserves greater discussion and debate here in the United States." He proposed that in cases where AI plays a role in the fraud, splitting the liability between the customer's bank, the receiving bank, and the AI platform would be a good starting point for consideration – although identifying which AI to blame may prove hard.
As the arms race between financial cops and robbers intensifies, the cost for banks will only go up. Hsu is anxious that it doesn't lead to the kind of market concentration in the US now evident in the UK. He concluded his speech with a plea for technology providers to play a role in supporting smaller institutions to counter fraud. But ultimately, someone must shoulder the cost, and most likely it will be shared across consumers – either through slower payments, with more roadblocks or more expensive banking services. The natural response, given the fixed cost nature of detection systems, is scale.
As fraudsters get bolder, banks will have to get bigger. Virgin Money is the latest evidence of that.
Read also:
© 2024 Bloomberg L.P.