/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

PSR to cut APP reimbursement limit to £85,000

In the face of growing government and industry pressure, the UK's Payment Systems Regulator is set to bow to demands to reduce the reimbursement limit offered by banks to victims of authorised push payment fraud from £415,000 to just £85,000.

  6 10 comments

PSR to cut APP reimbursement limit to £85,000

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The regulator has been forced to push down reimbursement levels amid fears that the new rules could put many smaller fintechs out of business. A lower threshold of £85,000 would bring the maximum sum protected in line with the financial services compensation scheme, which protects depositors if a bank goes under.

The PSR has kicked off a consultation on the new limit. The watchdog says the proposed new cap will still see over 99% of claims (by volume) covered.

David Geale, the PSR’s managing director, comments: “We listened to concerns about the reimbursement limit and committed to collecting more evidence to inform our approach. As a result, we are now consulting on a limit that still covers the vast majority of authorised push payment scams and strikes the right balance. Under our proposals, consumers in the UK will still receive world-leading protection, payment providers will still be heavily incentivised to improve anti-fraud protections and we maintain effective market competition and innovation.”

The PSR said last month there was a wide divergence between UK banks in the amount of payments fraud they were refunding to customers.

Some big banks, such as Nationwide and TSB, were fully refunding more than 95% of lost funds last year, while others such as digital bank Monzo, Danske Bank and AIB fully refunded customers in less than 10% of reported cases.

The PSR's climbdown comes as fraud and scam cases reported to the UK’s Financial Ombudsman Service hit a record high in the second quarter of the year, with APP fraud accounting for over half. Between April and June 2024, consumers lodged 8734 complaints about fraud and scams – a 43% increase on the same time last year.

Speaking to the FT, Rocio Concha, Which? director of policy and advocacy, says: “It’s outrageous that the payments regulator is set to water down vital scam protections weeks before they were due to take effect and that this move follows months of lobbying from firms that refuse to take fraud seriously.

“Slashing the reimbursement limit risks exposing victims of the highest value scams to devastating financial and emotional harm and also significantly reduces crucial financial incentives for payments firms to put in place effective fraud security measures. This makes it more likely that scammers will continue to thrive on some payment platforms.”

By way of contrast, fintechs welcomed the news. Tiago Veiga, CEO at Aurum Solutions, says: “It’s a huge relief that the PSR has come to its senses and lowered the maximum payout. While well-intentioned, such a high refund cap would have significantly hindered the ability of smaller fintechs to compete with larger banks, stifling innovation in the long run. Given that no other country has such stringent reimbursement measures, this risked shrinking our fintech sector and driving firms out of the UK."

Innovate Finance also applauded the turnaround but called for further reviews of the rules.

CEO Janine Hirt, states: " We remain concerned that the PSR is still proposing that many cases which British courts have judged as gross negligence - such as ignoring repeated warnings from their bank or lying about a payment - would still be eligible for reimbursement. Today’s review by the regulator demonstrates that they have listened to our repeated warnings about a high maximum reimbursement negatively impacting competition in the sector. We now need to see the same commitment from the PSR to review other details of the regime in order to guard against unintended consequences."

Sponsored [Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates

Comments: (10)

James Smith

James Smith MD at Dsruptiv Ltd

"Citing people briefed on the plan, The FT reports that the regulataor [sic] was forced to push down reimbursement levels amid fears that the new rules could put many smaller fintechs out of business."

Let them go.  if they can't keep customers safe, or reimburse them when they fail, they shouldn't be writing the business. Leave it to the bigger fish (or better firms). Or lower their own transaction limits.

A small vocal minority of lobbyists should not be dictating regualtory policy designed to keep customers safe (and incentivise FIs to do more to prevent economic crime for the benefit of society at large) for the sake of a few niche players.

Bill Trueman

Bill Trueman Director at Riskskill.com

This is just a side issue...... re-arranging the deck-chairs on the sinking Titanic perhaps?

Until the parties that are causing the losses become the ones that are HELD LIABLE, then the losses will continue........

The main issue is that fraudsters lie and cheat people to make payments to them rather than to intended recipients. We can try and teach people NOT to be cheated, and we are not going to stop the fraudsters. BUT, we can make it harder for the fraudsters to get bank accounts and to move the money. How?

From the statistics produced by the industry reporting: it is a small number of payments companies that allow the fraudsters to open accounts and receive the money and then pass on the payments elsewhere. So the losses need to be paid by the RECEIVING banks that (in the main) breach AML/CTF law !! - when they:

a) Open accounts for fraudsters that they have not identified properly or with fake or inadequate identification
b) Quickly receive a large sum(s) of money into these accounts that they will have inadequate processes to understand the nature of the payments; and which they then pass-on to other accounts.

The industry reporting *** (sadly) shows that there are common offenders that process these frauds 1000s of times more often commensurate with their size. These are generally the small financial institutions that have not yet learned to do what they should do. And in talking to many of these organisations: the stance is often akin to: "we are not establish/big enough to compete with the big banks and comply with all these identification requirements that the law requires of us".

If the losses that they cause are passed-on to the offending organisations: then they will quickly find ways to stop the fraudsters that they are helping today, and recover more of the funds from the fraudsters and banks that the money subsequently goes on to. This is the only way that delivers success and until we use these traditional 'follow the money' disciplines: the losses will continue.

*** PSR - Authorised push payment (APP) scams performance report - July 2024 

Jeremy Light

Jeremy Light Co-founder at Fourdotzero

Reimbursing fraud victims is important but the metrics in the latest PSR scams report show clearly that APP fraud increases with reimbursement. If the 'victim' is an accomplice to the fraud it is very difficult to detect, while mandatory reimbursement provides an easy route to defraud banks in this way. 

Mandatory reimbursement may have the effect of forcing banks and PSPs to invest more in preventing APP fraud, but it is likely to lead to banks delaying or even suspending legitimate payments, intruding on customer privacy and impeding open banking payments.

It is surprising that the PSR has no measures in place to prevent reimbursement from being used to defraud banks and to prevent customer inconvenience. It is even more surprising that the government is doing nothing about the blatant scams on social media where 80% of APP fraud originates.

Jonathan Frost

Jonathan Frost Consultant at Vox Veritas Vita Consulting

The apparent demands for a lower limit are nothing more than a distraction. It potentially protects receiving firms, but does not remove the opportunity for customers to seek recourse via the FOS.

As the consultation observes the cost of compensation then falls on the sending firm and there is scope for up to £430K to be reimbursed. 

It will be interesting to see how some of the firms that have pressed for this change will react when they're the sender and the FOS rules against them based on a control failure. 

If we're victim-centric we will reject this change and embrace the current £415K limit as to do otherwise forces victims of high-value APP (who are few) to seek recourse via the FOS.

It is unethical friction, deployed on the demands of a few vocal PSPs who hope to delay the inevitable recognition that their performance in respect of financial crime is poor. 

Robin Setty

Robin Setty Partnerships Lead for banking solutions at ACI Worldwide (EMEA) Limited

Reimbursing victims tackles the symptoms but more needs to be done to tackle the root causes: social media being a playground for fraudsters and Financial Institutions allowing such dodgy funds to enter their accounts.

Bill Trueman

Bill Trueman Director at Riskskill.com

Yes: the adage of addressing root causes generally works.  But I have no idea how social media allows dodgy funds to enter the system. Equally, if social media can't be 'addressed' for child abuse and human-trafficking ......

The solution rests in making those that cause the problem pay:  I.e. the fraudsters and those banks that collude with them to open bank account for them.  

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

£0 is the correct amount. With some more lobbying by banks, I'm sure it will come down to that figure. APP Scam is caused by gross negligence of payor. Let them be held liable for the full amount, including, but not limited, to £415,000 or £85,000. OTOH, if unscrupulous payor-payee scammers engage in first party fraud, as it happens frequently in credit card payments, scammed banks should be reimbursed the full amount, without any cap at £415,000.

Meanwhile, until the reimbursable limit touches £0, banks will hold up payments under the pretense of having to do more scrutiny to prevent APP Scam, earn more float, and totally defeat the purpose of Faster Payments.  

Bill Trueman

Bill Trueman Director at Riskskill.com

@Ketharaman Swaminathan - This is simply not the way that banking or consumer law operates in the UK, or at the UK regulators. Maybe in India (I do not know)! "Make the victim pay" - is cold, and encourages fraud. In risk management, one has to 'follow the money' and make the perpetrators of the fraud pay - and the people (receiving banks that have aided the fraudsters) through their negligence and non-compliance with AML/CTF law - should be the people that suffer the losses when the fraudsters cannot be found and the money returned. It is their responsibity to understand the nature of the funds that they pass to fraudsters.  

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

@BillTrueman: (1) Feel free to show your jingoism by dragging India into the picture unnecessarily but that won't stop you from displaying your ignorance about what's happening in UK: British courts have ruled that APP scams are caused by gross negligence of payors and tossed out demands for reimbursement by banks. (2) It's a fraud commited by payee on payor, not by bank, payor can seek redress from law enforcement but it's not banks' job to reimburse. At least that's how civilized societies work - when B defrauds A, they tell cops to nail B, they don't tell C to compensate A. (3) If payee bank has broken the law in opening account for scammer payee, there are provisions in the law to penalize the said bank, they should be invoked without waiting for a scam to happen.

Bill Trueman

Bill Trueman Director at Riskskill.com

@Ketharaman Swaminathan - same answer.  The argument does not change, and no precedence is set based upon the minority of cases. Imposing your values, does NOT make the reality change.  

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates