Three ways APP mandatory reimbursement can work for PSPs and victims of fraud and scams

by Mike Haley, CEO of Cifas

Share this post

What is this article about?

The UK’s increasing fraud and scam problem, focusing on new regulations mandating automatic reimbursement for APP fraud victims.

Why is it important?

The rule changes provide stronger consumer protection but also raise concerns about industry costs and potential fraud exploitation.

What’s next?

Collaboration between regulators, law enforcement, and the counter-fraud community is needed to ensure the effectiveness of the reimbursement scheme and to mitigate emerging fraud risks.

The UK’s fraud and scams problem is not going away. Fraud still accounts for almost 40% of all crime in England and Wales, and with an estimated 3.2 million offences committed each year, there is no question more needs to be done to tackle this threat to people and businesses.

In 2023 alone, UK consumers lost a staggering  £460 million to authorised push payment (APP) fraud. A crime that continues to cause significant harm, APP fraud not only results in financial loss for too many victims, but some also experience shame and emotional harm—a consequence of being tricked into parting with their cash. As a result, many individuals do not even report their loss.

Any of us can be duped into handing over money to a fraudster. It can simply be a case of being in the wrong place at the wrong time. With a wealth of AI and deepfake technology at their fingertips, even the most novice of criminals can perpetrate sophisticated fraud.

As Ben Agnew, CEO of The Payments Association, recently wrote in a blog for Cifas, APP fraud shows no signs of slowing down—it has grown by 12% in both value and volume annually.

That is why 7 October 2024 will be etched into the memories of many—a landmark moment for both organisations and people impacted by fraud and scams. The Payment Systems Regulator’s (PSR) long-awaited new rules have finally come into force, entitling UK consumers to automatic reimbursement for APP fraud losses up to the value of £85,000, with the costs shared between sending and receiving banks 50/50.

Years in the making, the rule changes replace the voluntary system of reimbursement operated by the signatories of the Contingent Reimbursement Model Code. CHAPs and BACs payments, subject to a different regulatory regime, are set to follow.

A positive move forward for victims of APP scams

Consumer groups have said the changes were long overdue. The PSR has also been clear from the start about the intention behind mandatory reimbursement. Not only do the rule changes protect victims of APP fraud and scams—making it quicker and simpler for them to retrieve their money—but they should also encourage payment firms to implement more robust fraud prevention measures that help stop criminals at the source.

In my view, and without a doubt, the rule changes are good news for consumers. They bring a consistent approach, provide peace of mind, and add a vital layer of safety. Mandatory reimbursement could also encourage more victims of APP fraud and scams to report the crime and, in turn, protect themselves from re-victimisation.

It is promising to hear that the changes have already spurred some organisations to review their existing counter-fraud processes and systems. Many will also use this as an opportunity to re-assess the investment required and make improvements that meet the ever-changing threat of economic crime. The rollout of further preventative measures that help keep both customers and businesses safe can only be a positive step.

A step into the unknown for industry

However, although the rule changes are well-intentioned and good for consumers, they are a shift into unchartered territory for many in the industry. The very real concerns voiced by industry players, particularly payments service providers (PSPs), still hold true. For some organisations, especially smaller players in the market, the costs could be financially unsustainable.

Across the industry, there are also questions about the impact the PSR rule changes will have on consumer behaviours. Many strongly believe the changes might now incentivise people to commit fraud or engage in money-muling activity because they’re confident they will get their money back and make some extra cash in the process.

So-called ‘moral hazard’, this type of attitude to fraud is nothing new. Research from Cifas into consumer behaviours shows a rising trend in individuals who see fraud as being okay to commit. In our most recent survey, 1 in 8 admitted to having perpetrated one or more types of first-party frauds. With the rule changes very much in their infancy, the question remains: will the changes exacerbate the willingness of some individuals to see fraud as an ‘acceptable’ crime to commit?

An additional concern is how these changes might drive organised crime groups to exploit the rule changes and make even more money. The fear that fraudsters will use this as an opportunity to either convince people to pose as victims or recruit them as mules is very real. Potentially making matters even worse, with AI technologies and readily available fraud toolkits at their disposal, scam techniques are only likely to become more sophisticated and difficult to detect.

Working together to tackle APP fraud and scams

For these threats to be mitigated and for the mandatory reimbursement scheme to be effective for all who are impacted by the changes, Cifas believes three things must happen:

  1. Industry collaboration: It’s vital the PSR works closely with the counter-fraud prevention community, the Government, law enforcement, and industry professionals to address pain points and find solutions including investing in tools and services that tackle fraud and economic crime.
  2. Effective resourcing: With only 1% of police dedicated to investigating fraud, law enforcement must be adequately resourced to cope with the volume of data and intelligence that fraud losses generate.
  3. Leadership engagement: The Government has a critical role in preventing re-victimisation. This can be achieved by enabling data and intelligence sharing between firms and across sectors so effective controls and protections can be implemented, helping to keep everyone safe.

We should always welcome stronger consumer protections and investment in fraud prevention measures. But the industry needs certainty, stability, and time for the mandatory reimbursement change to bed in.

To ensure the changes work for all—consumers and industry—the PSR must take a collaborative approach with the counter-fraud community and other key decision-makers to tackle issues head-on and address emerging gaps. Only then can we collectively find effective ways to stop fraudsters.

Facebook
Twitter
LinkedIn

Read more Payments Intelligence

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?