/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Payments watchdog suggests £415,000 ceiling for APP fraud reimbursement claims

The UK's Payment Systems Regulator plans to set a £415,000 maximum reimbursement level for victims of authorised push payments (APP) fraud.

  3 4 comments

Payments watchdog suggests £415,000 ceiling for APP fraud reimbursement claims

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The watchdog in June set out its final position on tackling APP fraud, which will mean the vast majority of victims will be reimbursed within five days of the fraud being reported to their bank.

Before the new requirements come into force next year, the PSR is gathering views on the maximum level of reimbursement and claim excess, as well as on the consumer standard of caution.

On the latter, customers will be expected to heed warnings from their bank about likely scam attempts, inform their bank within 13 months of the last fraudulent payment and furnish the bank with information for assessing a reimbursement claim.

If it can be demonstrated that the consumer has been "grossly negligent" in not meeting one of more of these requirements, then they may not be reimbursed.

"However, gross negligence is a very high bar which will critically depend on the individual circumstances of each case," the PSR states. "The PSR only expects it to apply in a small minority of cases. Gross negligence will never apply where a victim's vulnerability is a factor in them being defrauded."

The PSR is also seeking views on the most appropriate way of structuring a claim excess, which will be applied to the sending bank. This includes whether an excess should be a fixed amount - similar to an insurance claim excess - or a percentage of the reimbursement claim amount.

The PSR also proposes that the maximum reimbursement level should be in line with the prevailing Financial Ombudsman Service limit of £415,000 per claim - which around 98% of APP fraud falls within. The regulator is also consulting on whether the maximum level will apply to vulnerable consumers.

Chris Hemsley, managing director at the PSR, says: “The changes we are delivering will bring a major shift in preventing fraud, increasing reimbursement for victims, and incentivising the banks to do more to help their customers."

Stakeholders have until 12 September to respond to the consultation, with the new reimbursement requirement entering into force in 2024.

Sponsored [Webinar] Operational Resilience in the age of DORA

Comments: (4)

Jeremy Light

Jeremy Light Co-founder at Fourdotzero

How does reimbursing fraud victims prevent fraud? It is more likely to increase it.

Much more focus is needed on preventing fraud, starting with regulation to force banks to check the beneficiary on an incoming payment matches the name on the beneficiary bank account. Sounds obvious, but it is neither a legal requirement in the UK nor a standard banking practice. Who/what is preventing this obvious measure?

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

I thought Confirmation of Payee on Sender Bank side already offers a way for Payors to check that the beneficiary of an outgoing payment matches the name on the beneficiary bank account at the Receiver Bank.

Not sure why Receiver Bank needs to do anything.

Jeremy Light

Jeremy Light Co-founder at Fourdotzero

Confirmation of Payee is a sending bank check but is advisory and the sending bank has no details of the beneficiary account at another bank other than on the CoP database.

With the banks I use, you can ignore the CoP warnings and send the payment without getting a match; and often, especially for business accounts, you get "unable to verify account, proceed anyway?". It is a step in the right direction but it is hardly a bullet-proof solution, particularly since some banks and PSPs have not implemented CoP.

Whereas the receiving bank has detailed knowledge of the beneficiary account - account holder name, KYC history, usage history etc and is in a much better position to identify fraud and take action if there is a mismatch between the beneficiary name on the payment and the name on the beneficiary account. The receiving bank is also in a better position to identify suspicious transactions in the event a legitimate account is taken over by fraudsters.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

TY for the clarification. 

The A in APP stands for Authorized. By definition, Fraud means Unauthorized. Therefore, "APP Fraud" is an oxymoron. Ergo I call it APP Scam.

As industry insiders know, if a payment fails to go thru' in STP mode, banks will always find a way to delay it by days to earn float. I wouldn't want my incoming payments to be stuck on the grounds that my bank is doing some vague KYC checks. I thought consumers fought for FPS only to prevent banks sitting on their money, it would be a pity if they have to go back to the good old days of T + 5 days just because a thin minority of customers makes incorrect payments.  

Banks can do a lot of things they should be restricted to what they MUST do. That is Name Check. If CoP is deficient, it should be improved and made fit for purpose. It should also be made mandatory for all banks to join CoP.

[Webinar] Operational Resilience in the age of DORAFinextra Promoted[Webinar] Operational Resilience in the age of DORA