The UK Payment Systems Regulator’s new APP reimbursement policy, that sees mandatory reimbursement for victims of authorised push payment (APP) fraud, is in force as of today.
First published by the PSR in 2023, the new policy prescribes mandatory reimbursement for victims of APP fraud. The cost of losses are split 50:50 between sending and receiving PSPs.
Go deeper with GlobalData
In its role as payment systems operator, PayUK has worked extensively and collaboratively with the industry to support in-scope PSPs in complying with the policy and meeting their legal obligations as part of the PSR’s Specific Direction 20 (SD20).
PayUK says that it has successfully delivered on this mandate and is satisfied that the industry is suitably prepared for the legislation, and any associated, resulting action.
Specifically, PayUK has gone beyond its mandatory requirements and developed a single, sophisticated, whole-of-market solution to facilitate the management of claims under the policy. Its Reimbursement Claims Management System (RCMS) will streamline the management of APP claims and support in-scope PSPs in meeting their legal obligations.
Industry reaction
Kate Frankish, Pay UK
Pay UK Chief Business Development Officer, Kate Frankish, said: “The launch of our RCMS is the culmination of months of dedicated work at Pay.UK and within the payments industry as a whole. Together, we have prepared the market for new legislation and worked to support compliance from 7 October 2024. While a significant achievement in its own right, I am immensely proud that we have gone beyond this mandate and delivered the RCMS. Designed to further support existing and new customers in meeting their regulatory obligations, it will also help to ensure that victims of APP fraud are reimbursed in a consistent manner, regardless of who they bank with.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataMarca Wosoba, COO, ZBD
There is a need for more measures to ensure that consumers can make transactions securely, without the risk of fraud or falling victim to scammers. The UK’s regulation on authorised push payment (APP) fraud is a positive step in this direction. It ensures that consumers who have been affected by APP fraud are redressed in a timely manner.
However, regulators and the sector should do more, including:
- Continuing to educate consumers about the risks of fraud and scams. However, an unintended consequence of this regulation is that it might encourage scammers, as they know they are unlikely to be caught but consumers are likely to be reimbursed.
- Coordinating to ensure that the latest scam tactics are widely known to the sector, consumers and financial crime investigators across the EU and globally to help mitigate future fraud and catch and prosecute fraudsters.
- Establishing a broader fund to support consumer education and fraud reduction through advanced procedures and information sharing.
- Coordinating with social media sites, which are often the source of financial scams, but have far less incentive to reduce or address fraud compared to the fintech industry, which bears the regulatory and financial responsibility to prevent and rectify such incidents.
Anil Nanda, Partner, UK and Europe Payments Lead, Capco
Today marks the official launch of the APP fraud rules in the UK, a significant milestone in enhancing consumer protection and reducing financial fraud. The new regulations mandate reimbursement for APP fraud victims, with liability now shared between sending and receiving Payment Service Providers (PSPs).
With annual APP fraud losses nearing £500m, these measures will be crucial in providing a more robust safety net for consumers while enhancing accountability across the financial services ecosystem.
While firms have made considerable progress in preparing for these requirements, some are taking a “wait and see approach” before conducting major upgrades of operational and technical infrastructure. With the rules now in force, the pressure will be on these firms to step up. There are several key areas we would suggest firms focus on as they look to comply. Retail banks, for example, must focus on optimising operational workflows to efficiently manage increased fraud claims within the five-business-day reimbursement timeline.
This includes streamlining processes and ensuring dedicated resources are in place to balance operational efficiency with maintaining a high standard of customer service. For PSP aggregators, the priority must be to enhance auditing of PSPs to ensure they have proper systems and controls in place as well as sufficient capital reserves to cope with fines. Finally, PSPs themselves must focus on implementing rapid and efficient dispute resolution processes to effectively differentiate between fraudulent claims and purchase disputes.
Across the board, all financial institutions must ensure that fraud teams are ready and adequately resourced to handle the anticipated increase in claims and investigations brought about by the new rules.
Scaling fraud teams as necessary, and investing in appropriate training and technology, will be fundamental to supporting swift and compliant fraud detection and resolution. These capabilities will be essential to maintain consumer trust and achieve the intended outcomes of the APP regulations—ensuring a more resilient and trusted payments environment.
Liz Edwards, money expert, Finder
Our research reveals the refund lottery that fraud victims are now facing.
Victims’ protection has been squeezed at both ends. When the upper refund limit was cut to just £85,000, many in the industry, including the PSR, justified this by saying it would still cover over 99% of claims. But because so many banks are now saying they won’t cover – or may not cover – the first £100, that 99% must surely be lower.
Based on 2023 fraud figures, more than 58,000 cases would have resulted in no refund if all companies had applied the excess, and now only 4 of the major providers have confirmed they won’t. £100 is a lot of money to many people. It doesn’t help that 12 banks said they might apply it – customers don’t know where they stand.
Dan McLoughlin, fraud and security expert, Lynx Tech
The PSR was wrong to lower the reimbursement cap to £85,000. The logic behind the high-value cap on reimbursement – £415,000 – was clear. By setting a substantial reimbursement limit, regulators clearly said to banks: “prevent fraud or be prepared to pay.
Dropping the value of reimbursement so dramatically takes away a big part of banks’ financial motivation to prevent fraud. While most APP fraud cases will still be covered by the regulation, the reduction shows an unwillingness from banks to accept responsibility and make tough decisions. It takes away their drive to invest in robust fraud detection and prevention systems, which ultimately safeguard consumers.
The Financial Ombudsman Service (FOS) reports that fraud and scams have hit their highest level for at least six years, with 8,700 cases reported in a three-month period. This clearly illustrates that more needs to be done by banks to protect consumers and combat fraudulent activity.
The constant bank lobbying to reduce the liability and pause the legislation shows organisations are seeing this as purely a punitive solution rather than a positive step in reducing fraud. Bold moves are often required to drive change and the reduction in the payout limit takes some of that boldness away.
Jake Moore, Global Cybersecurity Advisor, ESET
Fraud now makes up a huge portion of crime in the UK, and police forces have long been left in the wake of these evolving crimes. Authorised Push Payment (APP) fraud is where a victim is tricked into making a large bank transfer to an account posing as a legitimate organisation, and new regulations are forcing banks to reimburse customers who fall victim to these scams. However, not only could the new rules force banking costs to rise, but we could also see an increase in scam attempts, as fraudsters will know the money is available; creating a vicious cycle whereby these new regulations are fuelling this criminal activity. It’s also possible that we may see an uptick in first-party fraud, where the actual account holder uses their own credentials for fraudulent means.
There’s no doubt these new rules will offer comfort to those who may still be a bit wary of online payments and the security on offer with digital banking. Criminal gangs are continually improving their techniques from better skills to more advanced technology, so it is vital that people do not feel foolish if they become a victim of these sophisticated crimes. However, the powers that be may well need to consider ways, not only to protect consumers, but cut these criminal activities off at the source.
Riccardo Tordera, director of policy and government relations, The Payments Association
We will be monitoring the impact of the new APP fraud rules closely. We remain focused on pushing for effective data sharing that can tackle the fraud at source and for a mandatory involvement of social media platforms in the reimbursement scheme.
The launch of the Fraud Intelligence Reciprocal Exchange (FIRE) between some banks and Meta is a small step in the right direction, but other issues remain including the alignment of the definition of consumer standard of care to the interpretation that British courts give of gross negligence. We call for the regulator to review the rules in six months’ time, rather than 12 as currently planned.
