APP fraud has been an increasing concern for both banks and customers. While consumer education and fraud prevention are being prioritised by financial institutions, regulators have been looking at the question of liability. The new PSR directive on APP fraud reimbursements highlights a historic change in the way fraud liability is handled. This article is a short introduction on APP scams and upcoming liability changes.

What is APP fraud?

Authorised push payment, or APP, fraud is a form of scam where victims are being tricked into approving fraudulent payments. Social engineering is a large part of APP fraud, and scams usually include tricking the victim into purchasing products which don’t exist/are never received, or impersonating trusted authority figures (i.e., their bank) to trick the victim to transferring money into the fraudster’s account.

2023 APP fraud losses and trends

Exacerbated by the pandemic, APP fraud is becoming a threat that’s increasingly damaging to customers and financial institutions alike. When it comes to payment fraud, APP scams have become the number one threat and are expected to double over the next three years, reaching $5.25 billion by 2026 in the US, UK, and India alone. In the UK, consumers already lost over half a billion pounds to scams in the first half of 2023.

Other key figures include:

• 77% of APP fraud cases originated from online sources.
• The total number of APP scams was up 22% in H1 2023 compared to H1 2022.
• The number of romance scams increased by 29%, resulting in £18.5 million lost.
• Following significant investment into fraud prevention, the number of fraud cases where criminals impersonate a bank or the police fell by 35%.

Who is liable for APP fraud?

Yet while there has been investment in fraud prevention and consumer protection, PSR (Payment Systems Regulator) recently found a wide disparity in the ways different banks treat victims. The FCA (Financial Conduct Authority) similarly found that, when making decisions about fraud claims and complaints, banks are not fully considering characteristics of customer vulnerability.

Generally, the victims of APP fraud have been liable for any losses incurred by scams, unless their accounts have been hacked or account information has otherwise been compromised. Yet due to the fact that 72% of fraud victims end up closing their account after a scam occurs, many banks opt to rather re-imburse up to 80% of the losses rather than losing all future earnings of that account.

But the brunt of the liability is about to shift, at least in the UK. The PSR has announced new mandatory reimbursement requirements that will come into effect in 2024.

What are the new PSR APP fraud requirements?

In order to ensure that people are more reliably getting their money after falling victim to APP fraud, the PSR has introduced new reimbursement requirements for banks and payment companies. Measures under the new directive include:

• A 50:50 liability split between sending and receiving firms
• New rules in Faster Payments to strengthen Pay.UK’s ability to tackle fraud
• Improvement in the level of protection for APP scam victims
• Incentivisation for banks and payment companies to prevent APP scams

Changing the way we look at liability, the PSR’s upcoming reimbursement changes are likely to speed up fraud prevention innovation at financial institutions. As banks will now be liable for APP fraud, they are more incentivised to enhance their own security methodologies as well as educating their customers in order to prevent fraud in the first place.

You can read more about the impact of the new PSR’s requirements on banks here.