Banks and payment companies have new requirements to give money back to the victims of Authorised Push Payment (APP) fraud, the Payment Systems Regulator (PSR) reports.
APP fraud has become one of the most significant types of fraud, in the UK and globally. After consultation, the Regulator has set out how mandatory reimbursement will work in practice, clarifying what this means for customers and firms.
There will be new rules in Faster Payments – the payment system across which the vast majority of APP fraud currently takes place – strengthening Pay.UK’s2 ability to tackle fraud. All payment firms will be incentivised to act, the Regulator says, with both sending and receiving firms splitting the costs of reimbursement 50:50.
Customers will be protected under consistent minimum standards, with most APP fraud victims being reimbursed within five business days and further protections offered for vulnerable customers. Industry will have clearer guidance to follow, including around the ability to apply a claim excess and maximum level of reimbursement, which the PSR will consult on later this year.
The Financial Services and Markets Bill, which is making its way through Parliament, will remove current barriers and allow the PSR to direct firms to reimburse customers. The Bill is expected to receive Royal Assent in 2023. Then the PSR will be able to enforce its requirements on payment firms.
Chris Hemsley, Managing Director at the PSR, said: “Once implemented, our changes will deliver a major shift from the status quo, giving everyone across the payments ecosystem a reason to act to prevent fraud from happening in the first place. That means everybody who makes payments can do so with much greater confidence, knowing that they will be better protected against fraudsters.
“In delivering this step-change, the UK will be at the forefront of the fight against APP fraud globally. And by confirming these changes now, it means we will be ready to act once new laws come into effect. We will continue to work with Pay.UK, industry, consumers and organisations beyond the payments sphere to drive effective intervention and start to turn the tide against APP fraud.”
At the Treasury, Economic Secretary Andrew Griffith, said: “This is an important step in the Government’s fight against fraud. As payment scams become ever more sophisticated, it is right that the Government, the regulator and industry work together to ensure victims are not left out-of-pocket by fraudsters. In parallel, the Government is looking at how to enable banks to have the ability to identify and pause suspicious payments inflight where appropriate.”
What happens next?
In July the PSR will consult on the draft legal instruments to make reimbursement requirements;
In August the PSR will consult on the maximum level of reimbursement and claim excess and additional guidance on the customer standard of caution (gross negligence);
In October the PSR will give the final legal instruments to Pay.UK and a further consultation on the legal instrument to be given to PSPs;
By the end of 2023 the PSR will publish the claim excess and maximum level of reimbursement, additional guidance on the customer standard of caution (gross negligence) and publication of all legal instruments; and
In 2024 the new reimbursement requirement will come into force.
Comment
Mike Haley, CEO of the counter-fraud trade association Cifas said: ‘These requirements highlight the critical importance of all PSPs undertaking industry standard fraud checks at all stages of the customer journey, to help avoid scam payments being made to criminals and used to fund other types of serious and organised crime.
‘Fraud continues to rise, with cases filed to the National Fraud Database in 2022 up 14 per cent compared to the previous year. The deepening economic crisis continues to create opportunities for scammers, who prey on members of the public experiencing financial difficulties.
‘Our focus as an organisation is on delivering data, intelligence and learning solutions, to empower organisations to better scrutinise payments, protect consumers from APP scams and wider economic crime, and prevent fraud losses before they occur.’
Background
Total reported APP losses in 2021 were £355.3m and £249m in the first half of 2022 alone according to the trade body PayUK. APP scammers are adapting and their victims are sometimes losing life-changing amounts of money. Data sharing is one of the key approaches for addressing APP fraud. See also on the website of PayUK about the first iteration of technical collateral for the Enhanced Fraud Data standard, for review, consideration and wider input by the retail payments industry. PayUK aims at an Application Programming Interface (API) solution through which standardised customer data will be sent. This, in turn, will help economic crime specialists identify suspicious payments, or Authorised Push Payment (APP) scams, prior to a credit transfer occurring.
