6 Key Takeaways from PSR’s Inaugural APP Scams Performance Report

by Feedzai

Share this post

The Payment Systems Regulator (PSR) has published its inaugural APP Scams Performance Report, which presents data from the year 2022. This report aims to provide transparency on the state of scams in the UK, offering consumers a comprehensive view of how well their bank performed in addressing APP fraud and treating victims compared to other UK banks.


Here are the six key takeaways from the report:


1. Customer Consequences: Early signals suggest that the media is most concerned with the rate of refunds rather than the strengths of banks’ fraud defences. Refund rates therefore are something we expect the banks to devote more focus to as we move towards a market of mandatory reimbursement. The consumer perception of this information however remains uncertain; will we witness a shift in where consumers decide to do their banking due to enhanced protection offered by selected banks, for example?


2. A Broader Spotlight: Regardless of any specific interest in a particular bank, the report shines a very clear spotlight on the broader issue of APP fraud. Within the industry the interest has been high, and there has also been national coverage. This implies that one of the goals of the report in terms of creating interest in APP fraud would initially be viewed as a success. Specifically, the report highlights the magnitude of the problem and emphasises the need for various parts of the ecosystem, including social media, to take more significant action. It cannot always be down to the banks, for example.


3. Data-Driven Investment Opportunities: We should not overlook that the data behind the report is from 2022, and we are already 10 months into 2023. Banks that react to this data only upon publishing, will suffer from a significant lag effect and find themselves constantly behind the curve and facing the brunt of low league table positioning even if they are making positive steps in the moment.


It is likely that those that have performed well will invest by doubling down on their market campaigns, emphasising security as a factor to entice new consumers. Those who performed badly, on the other hand, may well seek investment to enhance their technology, processes, and people, with the objective of improving their position.


4. Correlation Between Losses and Refunds: The correlation between the amount lost per £m sent and the amount refunded is a significant statistic and should be considered as such. We can broadly categorise banks into three groups based on their strategies and capabilities for protecting customers from APP fraud.

– High Refund Rates, High Loss Rates: Banks in this category focus on customer reimbursement, offering quick resolution despite initial losses.

– Low Refund Rates, Low Loss Rates: These banks excel at protecting customers from suffering APP fraud in the first place. They invest in educational campaigns and strong transaction monitoring capabilities, reducing the chance of ever having to consider a refund.

– Low Refund Rates, High Loss Rates: Banks in this category are the weakest performers, lacking controls to protect victims initially and providing limited refunds when scams are reported.


5. Banks Receiving large sums of APP fraud have Significant Risk Exposure: The report shows a large variation in the value of APP fraud received per organisation as high as £10k to as low as £44 for every £1m received. This has implications as it might imply significant control variation, but it becomes even more relevant given the latest PSR proposal. Under the PSR’s proposals, receiving banks will be responsible for 50% of the liability for APP fraud come October 2024. This necessitates a shift in fraud strategy to monitor both outgoing and incoming payments, as well as addressing mule accounts more broadly. Banks that adapt successfully will experience fewer fraudulent funds hitting their accounts, thus reducing their financial risk exposure.


6. International Implications: The UK is pioneering data publication of this nature. It is often a trailblazer in this sense for global markets, with initiatives on UK shores frequently adopted elsewhere in the world. Media and consumer reactions in the UK will likely be closely monitored in countries such as the USA, Canada, and Australia, where pressure is increasing on banks to better protect APP fraud victims.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?