Authorised Pushed Payment (APP) Scams: Requiring reimbursement PSR

APP Scams continue to grow, and we appreciate the PSR is committed to doing more to protect consumers. Nonetheless, we do not believe that measures such as requiring mandatory reimbursement will effectively prevent fraudsters from acting, rather we believe this could create the opposite effect. Whilst the implementation of these measures do provide additional protection for consumers, we highlight four main areas of concern:

  • Friction: the proposals will slow down the Faster Payment Scheme (FPS) for some payments and this could cause customers to stop using it. Instead, they could revert to using cheques and cash; further, whereas the current EU proposals on the widespread adoption of instant payments are likely to be adopted soon, these proposals take the customer experience in the opposite direction – towards slower or delayed payments.
  • Education of payment users: educating customers to be careful should be at the core of this approach rather than adjacent to it.
  • Increase in first party fraud: because most people will be reimbursed from what are claimed to be fraudulent transfers, fraudsters will target consumers and reward them for claiming reimbursement of a transaction that can then be claimed as being fraudulent. This is fraud by both the payer and the fraudster. This could have the unintended consequence of indirectly incentivising consumers to be party to the fraud.
  • Reduced competition: if all firms will have to reimburse consumers for all APP fraud, the relative burden on smaller firms will be greater. This runs contrary to PSD2 and the goal of opening up the market.

We recommend that anyone who is concerned about the prosperity and viability of the payments industry reads the responses that we submitted to the Payments System Regulator today.

With special thanks to:
• Aoife Hurley, Chief Strategy and Partnership Officer, PPS
• Erik Vasaasen, CTO, Okay
• Fabien Ignaccolo, CEO, Okay
• Ingvar Ülpre, UK General Counsel, LHV
• Jane Barber, Regulatory and Trade Association Lead – Payments, NatWest Group
• Jeremy Evans, Regulatory Change Manager, Modulr
• Julian Brand, Chief Lead and Compliance Officer, PPS
• Marco Magalhaes, Senior Product Manager, Form3
• Nick Fleetwood, Head of Data Services, Form3
• Other members who have preferred not to be listed, as their companies have decided not to respond to this consultation, but have expressed personal views on this topic.

Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?