APP Fraud Reimbursement Explained: Key Updates & What It Means for Victims
Authorised Push Payment (APP) fraud is the most common type of financial scam in the UK.
In 2023, there were 252,626 reported cases of APP fraud in the UK, resulting in over £341 million of losses. At a 12% rise year-on-year, new rules have been implemented by the Payment Systems Regulator (PSR) as of 7th October 2024 in order to tackle this growing problem, obligating payment service providers to reimburse frauds worth up to £85,000 within five days.
With the PSR being given a larger role in ensuring banks are following the guidelines, they aim to give consumers more confidence in digital payments, in the knowledge that greater protection systems are now in place. It marks a significant shift in how financial institutions are expected to handle fraud cases, through automatic reimbursements, faster claims processes and holding banks accountable. However, there has been some criticism for the new rules, with some providers feeling that the PSR is simply dumping the responsibility onto providers. The amount required for reimbursement was initially £415,000, but since a strong backlash, the amount was readjusted to £85,000.
In this article, we will explore the rules and their updates in detail, and their significance for both consumers and Payment Service Providers (PSPs).
What is APP Fraud?
Authorised Push Payment (APP) fraud is a financial scam where fraudsters trick individuals into willingly transferring money to them. As the victim authorises the payment themselves, APP fraud is a highly effective scam, and difficult for victims to reclaim their money as technically they made the transaction legitimately. Prior to the 7th October rules implementation, the regulatory environment lacked specificity in protocols to reimburse victims. Many Payment Service Providers had no obligation to reimburse customers, creating an inconsistent landscape of consumer protections. As general consumer protections did not specifically address APP fraud, consumers were often left to negotiate directly with their PSPs, creating frustrations and uncertainty about timelines and reimbursement amounts.
The ruthlessness of APP fraud
APP fraud typically employs a variety of social engineering tactics, manipulating victims into believing they are making legitimate payments. Complexity can range from simple phishing scams, where fraudsters imitate trusted parties such as banks or recognisable companies, to precisely coordinated ‘romance scams’, where a false relationship is built online over a long period of time culminating in an ‘emergency’, where a large amount of money is requested from the victim.
Other common types of APP fraud include invoice fraud, often targeting businesses where fraudsters pose as suppliers, sending a fake invoice and claiming payment is overdue. Victims can also be easily targeted online through investment scams, where the promise of high returns can be enough to convince victims to part with their money.
This process is what makes APP fraud a particularly challenging issue, as the victim authorises the payment. Combined with a previously murky regulatory environment, they were a devastatingly effective form of fraud to consumers and businesses alike. With the introduction of the APP fraud reimbursement rules, the finance industry is taking steps to improve consumer protection, offering clearer guidelines.
Introducing the October 7th 2024 rules
These updates from the Payment Systems Regulator in the UK represent a major overhaul in how APP fraud is managed. The following are some key updates, with implications for both consumers and PSPs on all payments made on or after the 7th of October 2024.
Mandatory Reimbursement
PSPs must now automatically reimburse victims (individuals, microenterprises and charities) of payment fraud within five business days, provided a claim meets necessary criteria, such as the victim not acting fraudulently themselves, that the payment was made using the UK Faster Payments Service or the CHAPS, and a clear distinction has been made to separate APP fraud from civil disputes.
Further guidance on this from the PSR is available here.
‘Stop the Clock’ Provision
If the sending PSP requires additional information from the victim in order to assess their claim, it has the ability to pause the reimbursement timeline. This allows the five-day limit to be put on hold until further information has been received and evaluated. The PSR states that in order to prevent delays, all claims must receive an outcome within 35 days.
Shared Liability
These updates establish a framework of shared liability between both sending and receiving PSPs. Once an APP scam claim has been made, the sending PSP must notify the receiving PSP within a specified period. This encourages collaboration to recover the stolen funds, with the sending PSP able to seek a 50% reimbursement from the receiving PSP. This responsibility incentivises both PSPs to employ robust fraud detection systems.
Larger Claims
Claims of over £85,000 should be raised with the Financial Ombudsman Service, which has a compensation limit of £430,000.
This is a free service, and the process can be found here.
Implications for Consumers
These new rules have provided much clearer guidelines for consumers on how their claims will be handled, with timelines for communication, as well as what is expected of PSPs once the claim has been made.
The main implications are:
Greater Protection
A more structured and reliable process allows for stronger consumer confidence when interacting with digital payments. With requirements for reimbursement and set timeframes, the new updates provide a much-needed clarification of a previously murky claims process.
Easier Claims Process
These clearer guidelines will likely make the process less daunting for victims. This includes an expectation of better communication and PSP support when navigating their claims.
Increased Awareness
With the recent emphasis on APP fraud prevention, PSPs will be obligated to educate their customers on the risks of APP fraud. The aim is to inform customers how to avoid scams in the first place, with the ability to spot potential warning signs of fraudulent activity.
Implications for Payment Service Providers (PSPs)
The updates have forced PSPs into action, in order to remain compliant. Some of the implications include:
Operational Overhauls
Adjustments of operational procedures will be necessary in order to comply with the new rules. Systems will need to be created and implemented to ensure timely reimbursement and to detect fraudulent activity in the first place.
Financial Accountability
The introduction of the shared liability model requires PSPs to coordinate more closely, in order to mitigate potential APP fraud losses. This collaboration is expected to bring further improvements to fraud prevention strategies across the financial sector.
Technology Investment
In order to align with the PSR’s new framework, updating legacy systems may require significant investment in PSP's operational technology and training. They will need to develop systems for rejecting claims also, as the onus will be on the PSP to prove a consumer is behaving with gross negligence.
Conclusion
The updates from the Payment Systems Regulator introduced on the 7th of October 2024 represent a critical step towards an enhancement of consumer protection against APP fraud, the most common financial scam in the UK.
The introduction of mandatory reimbursement timelines, greater clarity of the claims process and a shared liability between sending and receiving Payment Service Providers will create a more efficient and supportive environment for victims. PSPs will be pushed to prioritise fraud prevention, and education of their customers to promote greater confidence in the usage of digital payments.
