Skip to content
Sign In Subscribe
AfricaCybercrimePayments

Nigeria vs. the UK: Who’s Right About Fraud Liability, and What Can Banks Do?

Fraud is becoming an ever-present threat in the financial services sector, and regulators are taking different approaches.

 and  Tochukwu Egesi
4 min read

One of the most pressing topics in financial services today is fraud and how to hold institutions liable for fraud—particularly in cases where scammers trick customers into authorizing payments. As digital payments soar, so do the attempts of fraudsters to exploit vulnerabilities. Two regulatory approaches are emerging from Nigeria and the UK:

  • Nigeria: The Central Bank of Nigeria (CBN) has directed the Nigeria Inter-Bank Settlement System (NIBSS) to debit the settlement accounts of banks that receive funds traced to fraudulent transactions.
  • United Kingdom: The UK is rolling out a shared liability approach under its Authorised Push Payment (APP) Fraud Reimbursement scheme, requiring both the “sending” and “receiving” banks to contribute 50% each to the victim's full reimbursement.

Which approach is correct—and what can banks and fintechs do to protect themselves and their customers?

Nigeria’s Approach: Holding the Receiving Institution Responsible

Nigerian regulators are focused on the idea that if Bank A receives proceeds from a fraudulent transaction, Bank A should bear responsibility for reimbursing the victim. This stance stems from the belief that:

  1. Detection at the Receiving End: The receiving bank is in a unique position to identify suspicious inflows—especially large or unusual transactions.
  2. Strong Transaction Monitoring: Requiring receiving institutions to reimburse fraud losses pressures them to invest more in advanced anti-fraud tools (e.g., transaction monitoring and real-time analytics).
  3. Aligns with local realities: Nigeria’s high fraud rates (e.g., phishing, SIM swaps) demand aggressive measures to curb complicit or negligent institutions.

Potential benefits of Nigeria’s approach include incentivizing improved anti-fraud controls where the transaction finally settles, presumably catching suspicious funds before fraudsters can withdraw or launder them.

However, exclusive blame on the receiving bank can overlook responsibility on the part of the sender’s institution—especially if the fraud originated from insufficient verification at the origin. Additionally, this could lead to overly restrictive policies, such as freezing legitimate transactions, but the CBN’s move signals a zero-tolerance stance.

The UK’s Approach: Shared Liability for APP Fraud

In contrast, the UK is introducing mandatory refunds for victims of APP fraud up to £85,000—to be delivered within five days of the claim. Liability for the reimbursement is shared between the sending and receiving banks. This stems from the rationale that:

  1. Both Banks Play a Role: A transaction has two ends, and both sending and receiving financial institutions have obligations to flag unusual patterns, confirm payee authenticity, and implement strong KYC.
  2. Consistent Consumer Protection: Shared liability ensures that victims aren’t left out of pocket, no matter which bank they use. Previously, reimbursement depended on varying internal policies and was therefore inconsistent.
  3. Fairer Cost-Bearing: Splitting liability means both institutions have “skin in the game,” encouraging collaboration on fraud prevention tools.

The UK’s Authorised Push Payment (APP) Fraud Reimbursement scheme could become a global benchmark. It offers balance: if banks know they must share the refund, they are incentivised to bolster anti-fraud checks—while ensuring customers aren’t automatically left to shoulder the loss.

Which Approach Is Correct?

Ultimately, both models aim to reduce fraud and protect consumers. Also, both models could increase costs for banks, potentially leading to higher fees or stricter account controls.

The right approach may depend on local realities—such as the sophistication of fraudsters, public awareness, bank technology capabilities, and existing legal frameworks. In some markets, focusing liability on the receiving institution may be a simpler first step, especially if the broader ecosystem needs to quickly close off the “exit point” for stolen funds. In others, a shared liability model encourages all parties to invest equally in robust fraud prevention.

One size may not fit all, but regulators worldwide will likely watch the UK’s experience with mandatory reimbursement to see if it significantly curbs fraud losses or creates new moral hazards.

Practical Measures Banks and Fintechs Can Implement

Regardless of the liability framework, banks and fintechs can adopt proactive strategies to reduce fraud. Below are key actions:

  1. Remove Card Details from Physical Cards

Stolen card details are a leading cause of fraud. One tactic is to omit card numbers from the physical card and store them securely in a mobile app or make them accessible via a USSD string. Wise (formerly TransferWise) has demonstrated success with digital-only card details. Mastercard has also initiated a similar approach in Australia by removing visible card numbers.

Wise Card

2. Geo-Fencing

Allow customers to specify which geographic regions their cards can be used in (e.g., city, country, or continent). Revolut has adopted this feature. Transactions originating outside these specified zones are automatically blocked, significantly limiting unauthorized use.

Revolut Card Control

3. Quick Freeze/Unfreeze Options

Enable customers to instantly freeze and unfreeze their cards (or all transactions) via a mobile app, USSD, or phone call. This empowers them to stop potential fraudulent activity the moment they sense something amiss.

4. One-Time Cards or Accounts

Offer virtual, single-use cards or temporary account numbers for e-commerce and other higher-risk transactions. Once used, these “throwaway” details become invalid, minimizing the chance of a repeat fraud attack with the same credentials.

5. Multi-Factor Authentication

Enhance security steps based on transaction value or merchant category. For example, European banks have established the following tiers for authentication

  • Below €100: Might not require additional authentication.
  • Above €100: Require an OTP or biometric check.
  • Above €5,000: Trigger a direct call from the bank for voice confirmation.

This tiered system helps ensure high-risk transactions face more scrutiny.

6. Awareness and Education

Educate customers on common fraud tactics. Ongoing consumer awareness campaigns can reduce the likelihood that a customer will fall for a scam in the first place.

The contrasting strategies in Nigeria and the UK highlight a global debate: who should pay for authorised push payment fraud? While Nigeria places the onus primarily on the receiving bank, the UK’s shared liability model splits responsibility between both sending and receiving institutions.

Neither is inherently “wrong”—each reflects different regulatory priorities and market conditions. What’s clear is that the success or failure of either approach will hinge on robust prevention, swift detection, and fair consumer protection.

What is your take?

Comments

Related

Latest