Payments regulator makes APP fraud reimbursement mandatory

The Payment Systems Regulator (PSR) has made it mandatory for victims of authorised push payment (APP) fraud to be reimbursed within five days.

New rules will also see the payment service providers (PSPs) at both ends of the fraud share the cost of repaying the victims.

The new rules will be applied to payments made using the Faster Payments system, which is where most APP fraud is committed.

Chris Hemsley, managing director of the PSR, said: “Once implemented, our changes will deliver a major shift from the status quo, giving everyone across the payments ecosystem a reason to act to prevent fraud from happening in the first place.”

He added that the changes would put the UK at the forefront of the global fight against APP fraud.

APP fraud occurs when criminals use fake websites and emails to trick consumers into authorising payments to them. Because payment is authorised, it bypasses the security systems banks have in place to prevent fraud. It caused losses of $789.4m to UK citizens in 2021, which could rise to $1.56bn by 2026, according to a report from payments software supplier ACI Worldwide and analytics firm GlobalData.

The new rules will mean the PSP that sends the funds must repay the customer, and the PSP receiving the money must then pay 50% to the sending PSP. The only exceptions to reimbursement are when the customer has acted fraudulently or has acted with gross negligence.

Next month, the PSR will consult on the draft legal instruments to put the reimbursement requirements in place, it will consult on the maximum level of reimbursement in August and, by the end of 2023, will publish the claim excess and maximum level of reimbursement. 

“By confirming these changes now, it means we will be ready to act once new laws come into effect,” said Hemsley.

Andrew Griffith, UK economic secretary, said: “As payment scams become ever more sophisticated, it is right that the government, the regulator and industry work together to ensure victims are not left out of pocket by fraudsters.  

Griffith added that the government was looking at how to enable banks to have the ability to identify and pause suspicious payments where appropriate.

APP scams are often instigated through social media platforms, where victims are contacted and tricked into making payments. But the social media companies are not expected to contribute to the repayments to bank customers.

In 2021, Anne Boden, founder and former CEO at Starling Bank, called for cooperation between different sectors to clamp down on APP fraud.

In a blog post at the time, Boden said other sectors must shoulder some responsibility for APP scams, particularly social media platforms. “Banks invest billions of pounds in tackling economic crime, but we cannot stop it on our own,” she wrote.

“Very often, [social media] accounts are used for advertising for ‘money mules’ for the purposes of money laundering, selling stolen identity and credit card data, phishing, bogus investment scams and impersonation fraud.”

Boden said banks “seem to have become the underwriter of all kinds of fraud that are not really financial fraud at all”.

Last month, Lloyds Banking Group called on tech giants to share responsibility for online scams, with the bank’s research revealing that over two-thirds of all purchase scams are reported by customers on Meta’s platforms.

The bank said purchase scams, where victims are conned into sending money for goods and services that don’t exist, have cost UK consumers £27m this year.

According to Lloyds Bank’s research, 68% of purchase scams – accounting for 40% of total losses – began on Facebook and Instagram.