A bid to cut a rising source of payments fraud could leave telco operators on the hook.
Imagine the scene – you receive a call from the taxman, asking why you haven’t paid your bill.
Flustered – and seeing it’s from a legitimate number – you agree to settle right away to avoid any extra fine.
Only this call wasn’t from the government, but arose from a sophisticated and increasingly common fraud known as spoofing – that EU lawmakers are now on a mission to stop.
In legal plans put forward in June last year, the European Commission said that banks should reimburse customers for any losses suffered as a result of scammers impersonating bank staff.
In a report due to be voted on 14 February, lawmakers on the European Parliament Economic and Monetary Affairs Committee want to extend that.
The new rules would also put telecoms operators and online platforms within scope, in line with the EU’s existing Digital Services Act, lawmaker Ondřej Kovařík (Czechia/Renew Europe) told Euronews.
“We’ve taken important steps forward in the Parliament to address impersonation fraud,” Kovařík said in a statement, adding: “In this respect we can cover more than simply someone pretending to be from your bank.”
The new plans would cover fake emails or phone calls that purport to come, not just from payment providers, but “any other relevant entity of public or private nature”, according to an amendment circulated internally among lawmakers.
Communications providers who don’t remove fraudulent or illegal content would also have to offer refunds to victims, according to the text, seen by Euronews and dated 26 January.
Those plans still need to be formally agreed by lawmakers and would also need support from governments meeting in the EU Council – but proponents are hopeful.
“We could have a game-changer in this fight,” Anna Martin, financial services officer at Brussels-based consumer advocacy group BEUC, told Euronews in an interview, adding: “I’m convinced banks will take action – if they have financial consequences.”
It’s a serious problem. Existing EU payment laws which took effect in 2019 require online sales to be verified by fingerprint scans or one-time passcodes.
That made fraud harder – but also made scammers more creative, and the amounts involved can be high, if not lifechanging.
In Belgium alone, according to banking lobby group Febelfin, phishing scams rose 60% in a year to reach nearly €40m in 2022. The average loss from a fraudulent credit transfer is €4,191 – far higher than what’s typically at stake for credit card or ATM scams – says data from the European Banking Authority.
The hope is that new rules can encourage telecom operators and banks to work together to stop calls falsely appearing to come from legitimate banks, energy companies or tax authorities – yet not everyone is convinced.
In an October submission to the European Commission, the GSM Association, a lobby group for mobile operators such as Orange and Telefonica, said a further liability could amount to €8bn a year with a “severely disruptive” effect on European connectivity.
Operators are worried there could be a conflict with existing online privacy laws, if they’re expected to moderate phone calls as if these were social media content.
But those within the financial sector are keen to see responsibility for tackling fraud thrown a bit wider.
“It makes sense to put a bit of pressure on the telco operators,” Elie Beyrouthy, chair of the European Payment Institutions Federation, told Euronews. “It remains to be seen how to do that.”
Read the full article here