The writing's on the wall, Payment Service Providers (PSPs) will soon be obligated to reimburse victims of (Authorised Push Payment) APP fraud up to £85k.
To help you get ahead, in this post we examine the imminent changes, look at how fraudster behaviour is changing, what lenders need to do now to comply with the new requirements, and how to protect vulnerable customers.
Summary of APP fraud regulatory changes
Over the last two years, the PSR has been laying the groundwork for a more robust approach to combating APP fraud. Through a series of policy statements, they’ve outlined new requirements for monitoring and managing compliance with the Faster Payments (FPS) reimbursement rules. They have also outlined a new reimbursement requirement within FPS to improve fraud prevention and focus firms’ efforts on protecting consumers.
The most significant change, announced by the PSR in July 2024—and set to take effect in October—involves new changes to liability rules for APP fraud.
Under the new regulations, beneficiary organisations will now be required to implement adequate measures to prevent APP fraud, rather than being able to disclaim responsibility for fraudulent funds they receive.
The PSR aims for this change to prompt PSPs to adopt a more proactive role in preventing APP fraud, ultimately reducing the number of victims. However, as the industry has noted, the practical effectiveness of this liability shift remains to be seen.
The current state of APP fraud reimbursement
Recent data released by the PSR highlights the inconsistent approach to reimbursement under the existing voluntary framework. In 2023, users reported 252,626 cases of APP scams through the Faster Payments system, totalling almost £341 million in losses. While the overall reimbursement rate improved from 61% in 2022 to 67% in 2023, the chances of being reimbursed still largely depend on which bank a customer uses.
According to the PSR, this disparity shines a light on the need for a more standardised approach to protect consumers across the board.
APP fraud definedAuthorised Push Payment fraud (commonly referred to as APP fraud) is a financial scam where a victim is manipulated into sending money from their account to an account controlled by the fraudster. Unlike unauthorised fraud, where money is taken without the account holder’s knowledge or consent, APP fraud involves the victim approving the payment themselves. This can make it more challenging for victims to get their money back, as the transactions are initially made with the account holder's consent. The sophistication of these scams, coupled with their significant financial and emotional impact on victims, makes them a persistent threat in our digital age. |
|---|
Changes in fraudster behaviour
In response to PSPs and regulators' working to combat APP fraud, fraudsters are adapting their tactics. The UK Finance Annual Fraud Report reveals a shift towards higher-volume, lower-value attacks. While there’s been a slight decrease in unauthorised losses and APP losses overall, purchase scams are on the rise, even as impersonation and investment scams have declined.
[Image source UK Finance Annual Fraud Report]
“The average loss from an impersonation scam is £7,448, whereas for a purchase scam it is £549, reflecting a shift in fraudsters’ tactics towards higher-volume, lower-value attacks.”
Additionally, romance scams continue to represent a long game for fraudsters, with an average of 10 payments by the victim per case (compared to one for purchase scams). The total number of romance scam payments also increased 31% in 2023, up 200% from 2020.
The swathe of scams primarily originate from social media, with nearly 80% reportedly starting that way in 2023. The three largest fraud schemes in the UK were purchase scams, impersonation scams and investment scams, however, fraudsters have shown time and again that they will use any current event to find an “in” with a potential victim.
This ‘high volume, lower value’ trend means that an aggressive approach from PSPs will be needed to prevent spiralling fraud attacks as we move through 2024 into 2025.
Overall the average APP fraud scam is £11,000 for businesses and £1,500 for members of the public, the new maximum level of mandatory reimbursement is set at £85,000. There is an argument to be made that the new limit, while being beneficial to customers will entice fraudsters to target this area more.
How will the APP fraud regulatory changes impact PSPs
The new PSR policies could dramatically alter the financial sector. While they hold the potential to support the most vulnerable, these policies will likely result in increased costs for all PSPs.
As regulatory bodies continue to prioritise good customer outcomes, firms should expect increased scrutiny around fraud prevention. Many of the improvement areas are tied to customer experience—for instance, providing simple fraud reporting methods, resolving issues promptly at the first point of contact, supporting vulnerable customers, and recognising the emotional distress caused by fraud.
PSPs must rethink their fraud risk appetite not only from a financial perspective, but also through customer-centric and reputational metrics. A balance between quick payment journeys and strong controls is essential.
The PSR expects PSPs to continue their efforts in preventing and investigating all instances of APP fraud, including those below the £100 claim excess. Firms should implement innovative, data-driven approaches to ensure compliance and effectively modify customer behaviours.
Companies should look into implementing customer communication and educational strategies, with an emphasis on behavioural economics techniques (for example—intervention at point of transaction), to increase customer awareness of APP scam risks and prevention methods.
What should the PSPs do now?
Despite pushback from the banking industry, the PSR stands firm on its new reimbursement model. All PSPs must assess their existing systems and processes to ensure compliance with the new regulations, regardless of their current methods.
In particular, PSPs should focus on enhancing staff training, particularly in identifying and protecting vulnerable consumers.
PSPs must also develop policies and procedures around customer caution standards, with a strong emphasis on the education of customers.
How can Jaywing help?
As we approach the October 2024 implementation date for the new reimbursement rules, PSPs must act quickly to adapt their systems, processes, and strategies. Regular fraud health checks will be crucial for organisations to assess their current fraud risk exposure, identify weaknesses, and stay ahead of emerging threats.
Additionally, conducting a fraud health check enhances operational efficiency by minimising the impact caused by fraud on both the organisation and the customers. It also instils confidence among stakeholders by demonstrating a commitment to integrity and transparency, while enabling organisations to stay vigilant and adapt their fraud prevention strategies to detect and mitigate emerging threats effectively.
Don't wait until October to prepare for these critical changes. Contact Jaywing today to schedule a comprehensive fraud health check and ensure your organisation is ready to meet the new APP fraud reimbursement requirements head-on. Our expert team will help you identify vulnerabilities, enhance your fraud prevention strategies, and protect both your business and your customers.