Just implement the new regulations to prevent APP (Authorised Push Payment) fraud

The Financial Times last week reported strong industry resistance to the incoming mandatory reimbursement to bank fraud caused by authorised push payment (APP) fraud. This is understandable as banks since 2015 have not refunded 50% of the reported amounts scammed and now are mandated to refunding 100% of the customers money. A serious recurring annual expenditure for the industry.

In 2023 APP fraud totalled £460 million, impacted 250,000 people and a further 100,000 not bothering to report the scam. The new mandated scheme replaces the voluntary reimbursement program which showed TSB at over 90% while Monzo, Dansk Bank and AIB fully refunded less than 10% of reported cases.

The reasons suggested for dilution and delay are:

• The reimbursement ceiling of £415,000 is too high and will encourage fraud. Given fraudsters are ditching physical crime, such as burglary, to go digital. Chances of getting caught and punished are virtually zero. Being digital you can be invisible to the end user. Technology can generate 10,000 scams in an hour and in one example just 14 replies was a success for the scammer. In addition, given the average scam for people is £3,200 and business £95,000, fraud cases over £100,000 will centre on larger business. Fortunately, large companies are not covered by the new regulations. The belief is they can afford to protect themselves. 

• The new regime might not be ready to handle the reimbursement program. Given banks today handle millions of payment transactions handling a further 30,000 per month across 300 banks is what they can do best. The timeframes for the refund program is well thought out by PSR. For the bank customer the target is five working days less £100 for administration. Banks involved in the scam  the Payer and Payee Bank a “reasonable timeframe” (30 for example) is recommended.  The Payer bank is reimbursed 50% of the scam by Payee Bank. Banks are highly competent at cash management. A bi-lateral netting program between Payer and Payee Banks, overseen by Pay.UK, is simple and quick to install. Each month the public can see the results and track scammers’ bank of choice, i.e., the banks with the weakest fraud prevention environment.

UK led the world in introducing Faster Payments in 2008. This started as a regulation requirement aimed at making payments of invoices faster than the 30-60-90 day cycles in place. Since then, e-commerce is flourishing, a growing multi-billion business. In-country Instant Payments channels are in place in 80 countries and being well supported by consumers. For example, India introduced their system, UPI, 3 years ago and now 75% of all retail payments are made in near real time. India found tax collection increased alongside customer acceptance, satisfaction and ease of use.

APP fraud is a growing problem worldwide. UK believes customer reimbursement is needed to bring scams under control by removing the financial damage quickly. The bank customer is not the enemy but the emotional and psychological pain of being scammed is disturbing for millions of people. The EU Directive mandating Instant Payments will be here in 2025. The Directive makes clear that by overriding the verification advice given and making the payment to the Payee the Payer bank customer is liable.   

APP Fraud situation is a problem:

• Fraud is now 40% of all UK crime with APP a sizable contributor.
• Convictions take two to three years to arrive at court with the number of convictions declining year on year.
• Action Fraud sends less than 10% of recorded scams for further investigation.
• Which? Believes 40% of scams remain unreported. 

Naturally we must sort out the sources of the scams, social media accounts, usually managed by the “big tech” companies. EU’s incentive for non-compliance of its regulation is a fine up to 10% of worldwide revenue and that is a great motivator.

Banks have found the move to digital banking has enabled them to shift the liability of payment to the bank account customer. Near real time payments are here to stay. The regulations make the bank verify the owner of the account in the same timeframe.  This means banks details of the customer, (KYC), need to be current. Scammer knows once the money has left the Payer’s account its 99% certain never to be seen again as the money enters the domestic mule network before going international and away.

UK is one of the first to mandate reimbursement of scams. We should be proud and encourage this type of activity by supporting Payment System Regulator. 

UK are putting the welfare of its people first and any activity to protect us from scammers deserves to be strengthened not watered down.