APP fraud and the launch of the RCMS platform: What PSPs need to do

Share this post

What is this article about?

The launch of the RCMS and what PSPs need to do to comply with new APP fraud reimbursement requirements.

Why is it important?

The RCMS aims to help PSPs streamline fraud claim management, meet PSR obligations, and enhance consumer protection.

What’s next?

PSPs must sign the RCMS contract, onboard their teams, and prepare for compliance by the 7 October 2024 Go Live date.

Authorised Push Payment (APP) fraud remains a major challenge for the payments industry, impacting consumers and Payment Service Providers (PSPs) alike. High-value scams often involve multiple smaller transactions, revealing vulnerabilities in current payment systems. To address these persistent issues, the Payment Systems Regulator (PSR) has proposed several measures, including a reimbursement cap aligned with the Financial Services Compensation Scheme (FSCS) limit of £85,000. This cap is designed to protect consumers while incentivising PSPs to enhance their anti-fraud mechanisms and maintain a competitive market environment.

As part of its broader strategy to tackle APP fraud, the PSR, in partnership with Pay.UK, is introducing new systems to streamline the management and reimbursement of fraud claims. Central to this initiative is the Reimbursement Claims Management System (RCMS), which began onboarding service administrators on 16 September 2024, marking the start of its live operation.

For PSPs, navigating the RCMS effectively is crucial, but it brings with it specific responsibilities and requirements. This article outlines what PSP leaders need to understand about the RCMS, its alignment with wider efforts to combat APP fraud, and the necessary steps to ensure compliance.

The RCMS serves as a market-wide tool to help PSPs meet their obligations under the SD20 APP fraud reimbursement policy. It facilitates two-way communication between sending and receiving banks, streamlining the claims process and enabling accurate data reporting to Pay.UK. By 7 October 2024, all in-scope PSPs are expected to be registered and actively using the RCMS to manage claims in line with PSR standards.

The role of the RCMS in APP fraud management

The RCMS is more than just a claims processing tool; Pay.UK claims it’s a single, whole-of-market solution to help PSPs fulfil their obligations under the PSR’s SD20 requirements. By facilitating two-way communication between PSPs, the RCMS aims to:

  • Streamline the management of APP scam claims, ensuring a consistent and efficient process for all parties involved.
  • Automate data reporting to Pay.UK, minimising manual intervention and helping PSPs meet regulatory deadlines.
  • Enable PSPs to adhere to common best practices and data standards, improving consistency across the industry.

Deep dive into the RCMS: Core and Core + Claims

The Reimbursement Claims Management System (RCMS) is structured into two key components: RCMS Core and RCMS Core + Claims, each tailored to help PSPs meet their obligations under the APP fraud reimbursement policy. Understanding these components is crucial for PSPs to navigate the system effectively and streamline their processes.

RCMS Core: Essential Functions for All PSPs

The RCMS Core is the foundational product designed to support all PSPs in fulfilling their SD20 obligations. It offers a suite of features focused on user management, communication, and compliance:

  • User access management: Service administrators can set up roles for compliance users and directory users within their organisation. This feature also allows for updates to PSP reference data, including contact details, sort codes, and account numbers, ensuring accurate and up-to-date information.

  • Directory access: PSPs can search the comprehensive directory to locate other registered PSPs, facilitating direct communication. This capability is particularly valuable when managing APP scam claims, allowing both sending and receiving banks to coordinate and progress claims collaboratively.

  • Standard A and B reporting: PSPs will initially input their Reporting Standard A data manually, in line with PSR obligations. Eventually, once all PSPs have adopted RCMS Core + Claims, the system will transition to Reporting Standard B, where data will be extracted automatically from RCMS, removing the need for manual input.

  • Compliance monitoring dashboard: Beginning in January 2025, the compliance dashboard will provide PSPs with insights into their compliance status. This tool allows PSPs to monitor their performance and adherence to the PSR’s APP reimbursement requirements.

  • Help desk: The RCMS includes a dedicated help desk, enabling PSPs to raise support tickets for incidents, system support, and compliance-related issues. This ensures that PSPs have the necessary support to navigate the system effectively.

RCMS Core + Claims product: Enhancing APP scam claims management

For PSPs looking to streamline their APP scam claims processing, the RCMS Core + Claims product offers an enhanced suite of features:

  • Create new APP scam claims: This feature enables PSPs to initiate new APP scam claims as soon as the consumer notifies their bank. The system facilitates the 2-business-hour notification requirement to the receiving bank, as outlined in the Faster Payments System (FPS) reimbursement rules.

  • Receive and respond to claims: Once an APP scam claim is received, the receiving bank can use the “Opportunity to Respond” function to request the sending bank to ‘stop the clock’ if more time is needed to assess the situation.

  • Workflow management: The RCMS Core + Claims module supports the entire lifecycle of a scam claim, progressing it through various stages, from Assessment to Decision. This ensures that claims are processed efficiently and according to industry standards.

  • Automated reimbursement calculations: The system automatically calculates the reimbursement amount owed to the consumer, factoring in any applicable excess. This streamlines the claims process and reduces the risk of errors in manual calculations.

  • Requesting reimbursement: Once the amount owed is calculated, the RCMS facilitates the requesting of reimbursable contributions from the receiving bank. It ensures transparency and accuracy in determining how much is due to the sending bank.

  • Repatriation workflow: In cases where fraudulent funds are recovered, the RCMS can initiate a repatriation workflow, either mid-process or after the claim has been closed. The system will automatically calculate and split the recovered funds between the sending and receiving banks, simplifying an often complex process.

Benefits and considerations for PSPs

The RCMS promises several benefits, but it is not without its complexities. Here’s what PSPs can expect:

Operational efficiency:

  • Automated processing: By automating the claims process, the RCMS can significantly reduce the time and resources required to handle claims. This could lead to operational savings and allow staff to focus on more complex tasks. However, achieving this efficiency hinges on how well PSPs integrate the RCMS into their current workflows.
  • Cost management: The RCMS will be free to use in 2024, allowing PSPs to familiarise themselves with the system without an immediate financial burden. As a not-for-profit organisation, Pay.UK aims to manage costs transparently and efficiently. To recover the costs of the RCMS system, servicing, compliance monitoring, and other APP reimbursement support services, expenses will be covered via the Faster Payments System in 2025 and 2026. After this period, Pay.UK said it plans to transition to direct billing for PSPs.

Enhanced fraud prevention and collaboration:

  • Consistent communication: The RCMS offers communication templates that ensure uniform information is collected from consumers during claims processing. This improves the overall efficiency of assessing and progressing claims, but it requires PSPs to adapt to these standardised methods.
  • Reduction in fraud losses: By facilitating collaboration between sending and receiving PSPs, the RCMS can help reduce overall fraud losses. The receiving banks are now liable for 50% of the fraud loss, potentially easing the financial burden on sending PSPs. However, this collaborative approach requires PSPs to work closely together to maximise its effectiveness.
  • Improved claims management: The RCMS enables PSPs to create new APP scam claims, notify receiving banks within the required 2-hour timeframe, and progress claims through various stages.

Compliance and reporting:

  • Data reporting: PSPs must submit Reporting Standard A data to Pay.UK to meet the PSR’s SD20 obligations. Initially, this data will be entered manually, but the RCMS will transition to automated Reporting Standard B once all PSPs adopt RCMS Core + Claims. Data for the period 7 October to 30 November 2024 must be submitted by 5 pm on 2 January 2025. The RCMS streamlines this process, reducing manual intervention and helping PSPs comply with their legal requirements.
  • Compliance monitoring: Starting in January 2025, the RCMS will include a compliance dashboard, giving PSPs visibility into their compliance status. This feature can support PSPs in tracking their obligations under the PSR’s APP reimbursement policy, though it will require continuous monitoring and adjustments to processes as the standards evolve..

Consumer-focused features:

The RCMS is also designed to enhance the consumer experience during the claims process:

  • Faster response times: With improved communication between sending and receiving banks, PSPs can reach decisions faster, providing quicker resolutions for consumers.
  • Consistency: By using standardised templates and definitions, including those for “gross negligence,” the RCMS aims to ensure a consistent experience for consumers regardless of their bank.

Realistic view: challenges and adjustments

While the RCMS aims to standardise claims management and streamline compliance across the market, its implementation will require significant effort, particularly for smaller PSPs. Larger firms already operating under the Contingent Reimbursement Model (CRM) code may experience a more straightforward transition. However, smaller PSPs that haven’t previously followed such frameworks will need to make considerable adjustments to their processes and systems to align with RCMS requirements.

This transition involves not only adopting new workflows and data management practices but also ensuring staff are trained to use the system effectively. The RCMS provides tools to support these changes, but according to Pay.UK, its benefits will only be fully realised if PSPs actively integrate the system into their operations.

Next steps for PSPs

  • Sign the RCMS contract: if your organisation hasn’t already. This is the first step to gaining access and configuring your settings before the 7 October 2024 Go Live.
  • Onboard your team: Ensure your service administrators are ready for the onboarding invitation on 16 September and understand how to set up user roles and directory information.
  • Prepare for reporting: Familiarise your team with the data reporting standards required by Pay.UK, and be ready to submit the necessary information by the 2 January 2025 deadline.
  • Monitor the PSR’s consultation: Stay informed about the PSR’s final approach to the reimbursement cap and any implications for your processes and financial obligations.

Final thoughts

The launch of the RCMS represents a significant step towards an ostensibly unified approach to APP fraud claims management and reimbursement. While not a cure-all, it is a critical tool in the ongoing effort to protect consumers, reduce fraud losses, and streamline compliance for PSPs. By taking the necessary steps now, PSPs can position themselves to meet the new requirements and actively contribute to a safer, more transparent payments environment.

Facebook
Twitter
LinkedIn

Read more Payments Intelligence

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Continue reading

Explore how the RCMS streamlines APP fraud management for PSPs ahead of the 2024 compliance deadline. Join The Payments Association to read the full article.

Become a member to continue reading

Member of The Payments Association? Log in to continue reading

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?