Share this post
What is this article about?
The Payment Systems Regulator’s decision to lower the cap for APP fraud reimbursements to £85,000.
Why is it important?
It affects how victims of fraud are compensated and how payment service providers (PSPs) approach fraud prevention.
What’s next?
PSPs will need to adapt their fraud prevention strategies and comply with the new reimbursement rules starting in October 2024.
The Payment Systems Regulator (PSR) recently announced a significant change to the cap for authorised push payment (APP) fraud reimbursements. Starting from 7 October 2024, the reimbursement limit will be set at £85,000, down from the initially proposed £415,000 cap. This decision follows consultations with payment service providers (PSPs) and pressure from The Payments Association after concerns that the higher cap would impose heavy financial burdens on smaller firms and start-ups.
Under the new scheme, banks and payment companies will split the reimbursement costs for APP fraud claims equally between the sending and receiving institutions. With 99% of cases still covered under the new £85,000 limit, which aligns with the Financial Services Compensation Scheme (FSCS), the PSR hopes to incentivise banks to strengthen fraud prevention measures.
Riccardo Tordera, director of policy and government relations at The Payments Association, celebrates the regulator’s decision. “The PSR’s U-turn on the APP fraud threshold is a victory for the industry, particularly for The Payments Association,” he says.
However, the decision has sparked debate. While some argue that the reduced cap will alleviate the financial strain on smaller PSPs, others, such as fraud prevention experts, feel it weakens the push for stronger fraud detection systems within the industry. The PSR is also looking into delaying payments for up to four days to give PSPs more time to investigate suspicious transactions.
Thistle Initiatives’ Head of Financial Crime, Jessica Cath, acknowledges the improvement but questions the cap’s logic. “Most scams won’t reach the £85,000 limit, and if they do, APP fraud insurance would cover the rest,” she explains. “The issue here is more that the whole thing hasn’t really been thought about holistically. And ultimately, there isn’t enough responsibility on the customer to take responsibility for their payments.”
According to Tordera, reducing the threshold does not end the industry’s unhappiness with how the new rules are constructed. “Given the disproportionate amount of fraud that occurs on social media, it is unacceptable that these platforms should take no mandated responsibility in reimbursing fraud victims, or even in preventing the fraud in the first place.”
Cath stresses the need for better consumer education and warns the new process may increase scams. She supports lowering the limit but acknowledges convincing consumers will be challenging. According to her, this challenge arises because many may not fully understand the wider impact of the payment model and the reimbursement process, particularly in terms of how it could affect both payment companies and customers. She adds, “It could lead to an increase in scams, with scammers taking advantage of the reimbursement process.”
The urgency of the new rules
APP fraud has become a major concern in the UK’s financial landscape. In 2023 alone, APP fraud losses amounted to £433 million, a slight decrease from the previous year, yet the volume of fraud cases continues to rise. The growth of digital payments, combined with increasingly sophisticated scams, has put both consumers and payment systems at significant risk.
Controversially, more responsibility has shifted onto PSPs, with the PSR aiming to ensure effective fraud prevention measures, including better transaction monitoring, customer onboarding processes, and controls to detect suspicious activities. Ultimately, these rules aim to curb the growing threat of financial crime and restore trust in the UK’s payment systems by making fraud prevention a top priority for all involved in the payment ecosystem.
By reducing the cap to £85,000, the PSR aims to balance the need for robust consumer protection with the realities of operating in a competitive payments market. Despite the reduction, this new limit will still cover 99% of APP fraud cases, ensuring that most victims are reimbursed while not overburdening PSPs with unsustainable liabilities.
According to BDO Director of Fraud Risk Management, Sally Felton, argues that the new rules focus more on reaction than prevention. ‘To prevent fraud, you need strong controls, systems, and human intervention before it happens,’ she explains.
Compliance expectations for PSPs
Under the new rules, PSPs will split reimbursement costs equally between the sending and receiving firms. This 50/50 model encourages collaboration, with both parties incentivised to implement effective anti-fraud measures
This approach helps address a longstanding challenge in fraud prevention. While sending banks typically bear most of the responsibility for reimbursing fraud victims, the new model acknowledges that receiving banks also play a crucial role in identifying and stopping fraudulent transactions. By sharing costs, the regulations aim to encourage receiving firms to strengthen their transaction monitoring systems and customer due diligence processes to detect potential fraud before funds are transferred out of reach.
The equal liability also seeks to drive better data sharing between PSPs, as both firms have a vested interest in preventing fraud. With the cost split, PSPs are likely to be more proactive in sharing information and collaborating to identify patterns of fraudulent behaviour, thereby reducing overall fraud risk across the payments ecosystem.
This measure is part of a broader strategy to distribute responsibility across the payments chain, ensuring that all parties involved in processing a payment are incentivised to protect consumers from fraud.
Cath highlights that the key barriers for smaller payment firms are the costs involved and their limited access to broad transaction data compared to larger banks. This makes it much more challenging for them to implement effective fraud detection and prevention measures on par with the capabilities of bigger financial institutions.
She adds: “Smaller payments players, unlike large banks, only see a tiny portion of transaction patterns. Barclays sees a lot of transactions coming in from so many different including both direct customers and other financial institutions, whereas your small payments players only see a small portion of that.
“So when you’re looking at big behavioural patterns and trying to identify a cluster of mule accounts using multiple payments firms, you’re much more likely to spot that if you’re Barclays. This is particularly as fraudsters tend to use lots of different payments firms to spread their bets across different players, so cost and data access are significant barriers for smaller firms.”
FCA’s expectations on firms
The FCA has set clear expectations for PSPs under the new APP fraud reimbursement rules. Firms must implement robust anti-fraud systems and controls to protect consumers and prevent fraudulent transactions. The FCA’s guidance emphasises several key areas for PSPs to focus on:
Effective governance and controls:
- PSPs must have appropriate governance frameworks in place to oversee fraud prevention strategies, ensuring that anti-fraud measures are integrated into the organisation’s risk management processes. Regular reviews and updates of these measures are expected to adapt to evolving fraud tactics.
- This includes ongoing monitoring and assessment of fraud detection technologies to ensure they remain effective and can respond quickly to new threats.
Transaction monitoring and onboarding:
- The FCA stresses the importance of comprehensive transaction monitoring systems that can detect unusual payment activity, such as rapid movement of large sums or transactions involving high-risk accounts. PSPs should have systems that can identify potential indicators of fraud and flag them for further investigation.
- Firms are also expected to apply rigorous customer due diligence both at onboarding and throughout the customer relationship. This includes verifying customer identities and monitoring for any suspicious activity linked to money mule accounts or other forms of fraud.
Data sharing and collaboration:
- PSPs are encouraged to participate in data-sharing initiatives to improve fraud prevention across the industry. Firms can better protect their customers and mitigate risks by sharing insights and information about known fraud patterns. The FCA expects PSPs to contribute to and utilise shared fraud databases actively.
Consumer protection and support:
- Under the new rules, PSPs must also ensure they support customers throughout the fraud claims process, offering clear guidance on reporting fraud and pursuing reimbursement claims. Additionally, firms should provide effective scam warning messages to help customers identify and avoid potential fraud during payment transactions.
Actionable steps for payment firms
To comply with the new APP fraud reimbursement rules and effectively mitigate fraud risks, PSPs need to take several proactive measures including primarily strengthening anti-fraud systems. Firms are recommended to invest in advanced data-driven fraud detection tools and robust transaction monitoring technologies.
These systems can help identify unusual or high-risk transactions in real time, flagging potential fraud for further investigation. Implementing machine learning algorithms and leveraging data analytics can enhance the detection of sophisticated fraud patterns, allowing firms to stay ahead of evolving threats. Regular reviews and updates to anti-fraud systems, including PSPs’ effective use of the Reimbursement Claims Management System (RCMS), are also necessary to ensure that firms can adapt quickly to emerging scam tactics.
Cath acknowledges that regular reviews are important, given the changing nature of the beast. She says: “Fraud changes all the time. Fraud patterns change all the time. Fraud values change all the time. It does not make sense to implement something without frequent reviews. Cath clearly states that frequent reviews are necessary, given how quickly fraud patterns and values can change. She also extends that view to the overall reimbursement framework; she believes it “does not make sense” to implement the framework without regular reviews.
Improving the onboarding process will also be pivotal, with customer due diligence being crucial at this stage and throughout the customer lifecycle. Firms must conduct thorough identity verification and background checks to detect and prevent fraudsters from setting up accounts for fraudulent purposes, such as money mule schemes. This includes ongoing monitoring to detect any changes in customer behaviour that could indicate involvement in fraud. Enhanced onboarding processes can help reduce the likelihood of fraudulent accounts being used to receive or transfer illicit funds.
Finally, preparing for payment delays will be essential in helping combat the growing issue. With the introduction of new legislation allowing a 4-day delay on suspicious payments, PSPs should implement procedures to identify transactions that warrant additional scrutiny. This delay provides firms with more time to assess the legitimacy of payments, reducing the risk of processing fraudulent transfers.
“Felton is in favour of the delay, claiming that “anything designed going to stop fraud is a step in the right direction”.
Challenges and controversies
Despite the reduction in the cap generally being considered good news, it has drawn criticism, with concerns that it could weaken incentives for PSPs to invest in robust anti-fraud measures. Some experts argue that by lowering the cap, the financial motivation for PSPs to actively prevent fraud is diminished, as they now face lower reimbursement liabilities. There is a risk that firms may not feel as compelled to enhance fraud prevention systems or collaborate on industry-wide initiatives to tackle APP scams.
Cath expresses several criticisms of the proposed changes to the APP fraud reimbursement cap. Firstly, she acknowledges that lowering the limit is a “hard sell for the consumer” because they do not fully understand the “wider implications” of the reimbursement model. Cath believes there is insufficient responsibility placed on customers to take accountability for their own payment transactions, although recognises that this is a difficult line to take given the increasing complexity of fraud that can be hard to spot.
Additionally, she points out that the current limit is misaligned, as it is based on account balance rather than per-transaction limits, which she finds inappropriate. She argues the limit should be better aligned with per-transaction or per-scam limits for improved coherence. Cath is also concerned that lowering the limit could negatively impact customers’ access to payment services and newer innovations and products.
“Felton expresses several concerns about the impact of the reimbursement cap change citing both sides of the issue. She notes that the cap change may have a more significant effect on smaller firms, as “two or three of those larger amounts would be a huge financial and operational challenge on them”. Additionally, Felton says consumer associations are worried “that the consumer is offered less protection as a result” of the cap change.
“She also believes the new rules will incentivise fraudsters to become more sophisticated in their attempts to “circumnavigate the system,” as they continually adapt their approaches. Furthermore, Felton is worried the rules themselves are focused more on “reacting to fraud” rather than prioritising prevention, which she sees as crucial to actually stopping fraud from happening in the first place.
The role of social media
A significant proportion (60%) of APP fraud originates on social media platforms, where fraudsters often target victims through fake profiles, phishing schemes, and fraudulent advertisements. Despite the payments industry’s focus on reimbursement, there has been increasing pressure on social media companies to take more responsibility for preventing fraud. Currently, social platforms face no liability for fraud that occurs through their networks, leading to concerns that they lack the incentive to implement stronger anti-fraud measures.
Felton argues that social media companies “absolutely have to play their part” in preventing fraud. She stresses that social media companies must take proactive steps to detect and prevent fraudulent activities, leveraging the data they have to safeguard users and reduce the risk of exploitation.
Call to action
The introduction of the new APP fraud reimbursement rules marks a significant step forward in enhancing consumer protection within the UK payments industry. By requiring payment service providers PSPs to share the cost of reimbursements and implementing a cap of £85,000, the PSR aims to create a fairer, more accountable system that incentivises all parties to prioritise fraud prevention. These measures not only seek to reimburse victims but also encourage firms to strengthen their anti-fraud systems, improve transaction monitoring, and foster collaboration across the industry to detect and prevent scams.
As the regulatory landscape evolves, payment firms must adapt their strategies to meet the new requirements. This involves not only complying with the reimbursement rules but also taking a proactive approach to combatting fraud. Firms should review and upgrade their fraud prevention frameworks, implement risk-based transaction monitoring, and ensure staff are adequately trained to handle the complexities of fraud detection and customer support.
Firms should act immediately when reviewing anti-fraud systems and making necessary updates to ensure compliance, training staff on the latest fraud detection techniques and regulatory requirements, collaborating with other PSPs and sharing data to enhance fraud prevention efforts.
These new rules offer the payments sector a chance to boost fraud prevention while ensuring victims are compensated. By adapting to these changes, firms can meet regulatory expectations, build customer trust, and contribute to a more secure payment environment.
Read more Payments Intelligence
Payments trends report 2024
Discover how AI-driven innovation, blockchain advancements, and evolving consumer behaviours are reshaping the payments industry.
Unveiling digital fraud: Insights into scam trends and prevention in the UK payment sector
APP scams cost UK victims over £340 million in 2023, exposing systemic vulnerabilities and the urgent need for stronger fraud prevention and collaboration.
Key insights in navigating fraud in open banking
Open banking faces rising fraud risks, demanding industry-wide collaboration and smarter security solutions to build trust and resilience.