What is this article about?
New regulatory changes for Payment Services Providers (PSPs) to combat APP fraud, requiring them to reimburse victims up to £415,000 per claim starting October 2024.
Why is it important?
It aims to enhance consumer protection and address significant financial losses from APP fraud, which amounted to £459.7 million in the UK in 2023.
What’s next?
PSPs need to review compliance documents, complete registrations by August 20, integrate necessary systems by October 7, and stay informed on updates to ensure compliance.
The payment services providers (PSPs) community is on the brink of significant regulatory changes due in October 2024, as the Payment Systems Regulator (PSR) enforces new rules under the authorised push payment (APP) fraud reimbursement policy. This policy aims to combat the escalating issue of APP fraud, where victims are tricked into authorising payments to criminals. According to UK Finance, Britons lost approximately £459.7 million to APP fraud in 2023, highlighting the urgent need for robust protective measures.
The PSR’s decision mandates that banks and payment companies reimburse victims up to £415,000 per claim. The May 2024 bulletin from Pay.UK provides detailed guidance on the upcoming changes and the steps PSPs must take to comply. PSPs are advised to review the published documents, complete their registration promptly, and integrate the necessary systems to be ready by the October deadline.
However, this move has sparked considerable debate within the industry. The Payments Association (TPA) has voiced concerns about the timeline, advocating for a one-year delay to ensure proper implementation and avoid severe repercussions for smaller fintech companies.
Despite these concerns, the new rules are set to take effect in October, making it imperative for all stakeholders to stay informed and prepared. Key actions for PSPs include reviewing all compliance documents, completing registration by August 20, and integrating RCMS systems. Regularly monitoring updates from Pay.UK and attending industry briefings will also be crucial. By staying proactive and engaged, PSPs can ensure compliance, protect their customers, and contribute to a more secure payments ecosystem.
The APP Fraud Reimbursement Policy, as outlined in the May 2024 bulletin by Pay.UK, mandates several new compliance measures for PSPs aimed at enhancing the transparency and effectiveness of reimbursement processes for APP fraud victims. The policy introduces significant tools and deadlines that PSPs must adhere to, ensuring they are well-equipped to handle the changes. (To see how the legislation affects your organisation, click here).
The bulletin highlights the introduction of two primary compliance tools for PSPs:
These tools are accessible via API or a secure web-hosted user interface, offering flexibility to PSPs in integrating the new systems into their existing frameworks. Comprehensive API specifications and contract frameworks have already been published, aiding PSPs in preparing their systems for seamless integration.
Publication of compliance documents: On June 7, 2024, Pay.UK released critical documents, including the FPS APP Reimbursement Rules and Compliance Monitoring Process. These documents were accompanied by a phased “Best Practice Guide,” which addresses various implementation challenges identified during the policy rollout. Pay.UK said the guide aims to provide PSPs with practical insights and recommended procedures to navigate the new requirements effectively.
Targeted marketing and registration campaigns: In May, Pay.UK initiated a targeted marketing campaign, contacting PSPs likely to fall within the APP Reimbursement scope as directed by the PSR. PSPs are encouraged to check Pay.UK’s website regularly for updates and documentation. Registration for APP reimbursement is now open, with firms expected to complete their registrations by August 20, 2024.
These developments are part of Pay.UK’s broader effort to ensure that all PSPs are adequately prepared for the October 2024 deadline. By providing these tools and resources, Pay.UK said it aims to facilitate a smooth transition and ensure compliance with the new APP fraud reimbursement policy, which it claims will protect consumers and enhance trust in the payments industry.
To ensure compliance and readiness for the new APP Fraud Reimbursement Policy, Payment Services Providers (PSPs) must adhere to several critical milestones outlined in the May 2024 bulletin by Pay.UK. These dates are pivotal for the successful implementation of the policy and the smooth operation of the associated systems and processes.
These dates highlight the urgency and complexity of the upcoming changes. PSPs are encouraged to stay proactive and diligent in meeting these milestones to ensure a smooth transition and compliance with the new APP fraud reimbursement policy.
With the APP fraud reimbursement policy’s critical deadlines rapidly approaching, PSPSs must take immediate and strategic actions to ensure compliance and readiness. Here are the key steps PSPs need to follow:
The new APP fraud reimbursement policy has not been without contention. The Payments Association (TPA) has raised significant concerns about the potential impacts of these regulations. In a letter to City minister Bim Afolami, thirty members of TPA outlined several key issues that could affect smaller fintech companies and the broader financial services landscape.
Concerns raised: Robert Courtneidge, board advisor and payments expert at TPA, has highlighted that the proposed mandatory reimbursement scheme could threaten the viability of smaller fintech companies. He states, “The maximum per claim reimbursement threshold of £415,000 is considered both disproportionate compared to average losses for individuals of less than £2,000 and also illogical as a mandatory amount that must, in most cases, be paid out in 5 working days without any chance to properly review a case.”
Courtneidge further explains, “The Financial Ombudsman, from where the limit was taken, would never be able to review a claim in this timeframe. Even with the longest timeframe with the ‘stop the clock’ invoked of 35 working days, any similar claim in court for this value would take years and be very thoroughly reviewed. This timeframe for review and payout is irresponsible, making it impossible to allow for proper review of claims.”
He argues that this high threshold could lead to significant additional costs, making many payment service providers economically unviable and potentially forcing them out of the market. “Please understand, we are not saying to remove the higher limit, but to give sufficient time in the (less than 5%) of cases above the £30,000 threshold (suggested by us) for the sending and receiving banks to conduct a proper review to determine if there was fraud and if the criteria (which need to be decided) have been met so that the victim should be reimbursed. Without a proper dispute resolution mechanism and thorough scrutiny of cases, the UK will fail one of its most important industries.”
Impact on competition and innovation: TPA emphasised that the new rules could stifle competition and innovation in areas such as open banking and digital challenger banking. They noted that the increased costs associated with the mandatory reimbursement scheme could create higher barriers to entry for new players and make it more difficult for challenger banks to compete with established incumbents.
Consumer and industry risks: The association also expressed concerns about the potential for increased first-party fraud and moral hazard, as the near-100% reimbursement policy could be exploited by fraudsters. They pointed out that without clear criteria for consumers to act cautiously, the policy might inadvertently encourage riskier behaviour among consumers.
Call for a balanced approach: The Payments Association urged for a more balanced consumer standard of caution and a lower per claim upper liability threshold. They suggested reducing the threshold to £30,000 and implementing measures to incentivise consumers to exercise greater caution. Additionally, they called for delaying the reimbursement obligations until the necessary industry utility for managing reimbursement reporting and settlement is operational.
Need for multi-stakeholder involvement: Highlighting that 77% of all APP fraud cases originate online, TPA stressed the need for social media platforms and telecommunication providers to play a more active role in preventing fraud. They advocated for these entities to share the costs of mandatory reimbursement and participate in new data-sharing requirements to mitigate fraud risks at the source.
These concerns underscore the broader tension between regulatory demands and industry readiness. The Payments Association’s recommendations aim to ensure that the new reimbursement rules are both effective in protecting consumers and sustainable for the industry, particularly for smaller fintech companies.
The APP Fraud Reimbursement Policy represents a pivotal shift in protecting consumers and enforcing accountability within the payments sector. As the October 2024 deadline approaches, payment leaders must act decisively: review all compliance documents, complete registration by August 20, and integrate RCMS systems promptly. Regularly monitor updates from Pay.UK and attend industry briefings for the latest insights. By staying proactive and engaged, PSPs can ensure compliance, protect their customers, and contribute to a more secure payments ecosystem.
A deep dive into the Financial Crime 360 survey, highlighting key challenges, prevalent fraud types, and strategic responses across various financial sectors
The payment operations sector is navigating significant challenges due to capped interchange fees, driving a need for digital transformation, cost reduction, and innovative revenue models to maintain profitability.
Banks de-bank payment providers, disrupting cross-border transactions and financial inclusion.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
