APP fraud reimbursement regulations: How PSPs can prepare

The message is clear: Payment Service Providers (PSPs) will soon be required to reimburse victims of Authorised Push Payment (APP) fraud up to £85k.

In this post, we explore the upcoming changes, examine how fraudster behaviour is evolving, outline what lenders need to do to comply with the new regulations, and discuss ways to protect vulnerable customers.

A quick look at the APP fraud regulatory changes

Over the past two years, the Payment Systems Regulator (PSR) has been establishing a stronger framework to tackle APP fraud. Through a series of policy statements, they’ve introduced new requirements for monitoring and ensuring compliance with the Faster Payments (FPS) reimbursement rules. Additionally, they’ve mandated a new reimbursement requirement within FPS to enhance fraud prevention and direct firms' focus on protecting consumers.

The most significant change, announced by the PSR in July 2024 and set to take effect in October, involves new liability rules for APP fraud. Under these new regulations, beneficiary organisations must now implement effective measures to prevent APP fraud, rather than disclaim responsibility for fraudulent funds they receive.

The PSR intends for this shift to encourage PSPs to take a more proactive role in preventing APP fraud, ultimately reducing the number of victims. However, as the industry has noted, the practical effectiveness of this liability shift remains to be seen. 

The latest on APP fraud reimbursement

Recent data released by the PSR highlights the inconsistent approach to reimbursement under the existing voluntary framework. In 2023, users reported 252,626 cases of APP scams through the Faster Payments system, totalling almost £341 million in losses. While the overall reimbursement rate improved from 61% in 2022 to 67% in 2023, the chances of being reimbursed still largely depend on which bank a customer uses.

According to the PSR, this disparity shines a light on the need for a more standardised approach to protect consumers across the board.

Changes in fraudster behaviour: Key statistics

In response to PSPs and regulators' working to combat APP fraud, fraudsters are adapting their tactics. The recent UK Finance Annual Fraud Report reveals a shift towards higher-volume, lower-value attacks. While there’s been a slight decrease in unauthorised losses and APP losses overall, purchase scams are on the rise, even as impersonation and investment scams have declined. 

As Payment Service Providers (PSPs) and regulators work to combat APP fraud, fraudsters are adapting their strategies. Here’s a summary of the key trends:

Average losses:

• Average loss from an impersonation scam: £7,448.

• Average loss from a purchase scam: £549.

Romance scams:

• Romance scams involve an average of 10 payments per victim (compared to one for purchase scams).

• 31% increase in the total number of romance scam payments in 2023.

• 200% increase in romance scam payments since 2020.

Source of scams:

• Nearly 80% of scams in 2023 reportedly started on social media.

Dominant fraud schemes in the UK:

• The three largest fraud schemes are purchase scams, impersonation scams, and investment scams.

General impact of APP fraud:

• Average APP fraud loss: £11,000 for businesses and £1,500 for the public.

• New maximum mandatory reimbursement is set at £85,000, raising concerns it may attract more fraudsters.

This trend towards high-volume, lower-value fraud indicates that a more aggressive approach from PSPs will be essential to curb the rising tide of fraud as we head into 2024 and 2025.

How will the APP fraud regulatory changes impact PSPs

The new PSR policies could dramatically alter the financial sector. While they hold the potential to support the most vulnerable, these policies will likely result in increased costs for all PSPs.

As regulatory bodies continue to prioritise good customer outcomes, firms should expect increased scrutiny around fraud prevention. Many of the improvement areas are tied to customer experience—for instance, providing simple fraud reporting methods, resolving issues promptly at the first point of contact, supporting vulnerable customers, and recognising the emotional distress caused by fraud. 

PSPs must rethink their fraud risk appetite not only from a financial perspective, but also through customer-centric and reputational metrics. A balance between quick payment journeys and strong controls is essential.

The PSR expects PSPs to continue their efforts in preventing and investigating all instances of APP fraud, including those below the £100 claim excess. Firms should implement innovative, data-driven approaches to ensure compliance and effectively modify customer behaviours. 

Companies should look into implementing customer communication and educational strategies, with an emphasis on behavioural economics techniques (for example—intervention at point of transaction), to increase customer awareness of APP scam risks and prevention methods.

What should the PSPs do now?

Despite pushback from the banking industry, the PSR stands firm on its new reimbursement model. All PSPs must assess their existing systems and processes to ensure compliance with the new regulations, regardless of their current methods.

In particular, PSPs should focus on enhancing staff training, particularly in identifying and protecting vulnerable consumers.

PSPs must also develop policies and procedures around customer caution standards, with a strong emphasis on the education of customers.