APP Frauds & Mandatory Reimbursement: What It Means for You

Authorized push payment (APP) fraud is a scam in which a fraudster convinces a payer to authorize a payment under false pretenses. APP fraud is a form of confidence-based fraud, meaning it relies on deception, rather than brute force, to convince victims to take a specific action.

Many APP scams involve a fraudster impersonating someone from a trusted institution, such as a payer’s bank or a representative from a recognized company’s billing department, to convince the payer that the transaction is legitimate. Other examples of APP fraud include a fraudster posing as a seemingly legitimate business, promising goods and services to their victims when, in reality, those goods and services do not exist.

APP fraud is particularly insidious because it requires the victim to authorize the transaction, making it appear legitimate to their bank. This can make it difficult for victims to retrieve lost funds, as banks can argue that the transaction was made with the payer’s consent. The sophistication of these scams, combined with their reliance on the victim’s actions, makes APP fraud a complex issue for financial institutions and individuals alike, underscoring the importance of heightened awareness and verification procedures before conducting transactions.

It’s important to note that “APP fraud” is a U.K.-specific classification; other global regions may use different terminology to describe this type of fraud.

The Payment Systems Regulator (PSR) is a statutory body and economic regulatory agency tasked with overseeing the payment systems industry in the U.K. The PSR’s primary objectives are to ensure that payment systems are operated and developed in a way that promotes competition and innovation, while also considering the interests of businesses and consumers.

By regulating the U.K. payments industry, the PSR aims to improve transparency, ensure fair access to payment systems, and safeguard the stability and integrity of the financial system. In support of this mission, the PSR has the authority to enforce compliance through various means, including imposing fines and mandating changes in practice.

In response to rising instances of APP fraud, the PSR mandated reimbursement for victims of such scams. This significant regulatory shift, which will go into effect on October 7, 2024, requires U.K. payment service providers (PSPs) to reimburse customers who have been tricked into authorizing payments, provided the victims have not acted with gross negligence.

What makes this regulation so significant is that it splits the responsibility for each fraud loss equally between the sending and receiving banks involved in the transaction. It also places greater responsibility on financial institutions to monitor all incoming and outgoing transactions more closely, as well as educate customers on how to recognize and avoid potential scams.

The mandatory reimbursement rule represents a fundamental change in how APP fraud victims are treated, shifting most of the financial burdens from individuals to financial institutions. Previously, victims faced difficulties in recovering lost funds due to the nature of APP fraud, as the victims themselves deliberately — and often confidently —authorized the fraudulent transactions. The PSR’s new rule aims to rectify this imbalance, ensuring that consumers are not unduly penalized for falling prey to these increasingly sophisticated scams.

In addition to creating stronger consumer protections, the mandatory reimbursement rule is a catalyst for the financial services industry to reinforce its efforts to prevent APP scams and other forms of fraud.

The PSR’s new mandatory reimbursement requirements for APP fraud significantly impacts financial institutions in several profound ways. At the PAY360 2024 conference, Jackie Barwell, director of fraud product management at ACI Worldwide, spoke on the immediate effects of this regulation.

“When you look at the losses on APP fraud in the U.K. — the most mature market for this type of fraud — and 2022’s figure of £485.2M, that’s already a pretty hefty figure,” said Barwell. “However, the U.K. only reimbursed around 58% of those losses. This new regulation will ensure that almost all of those losses going forward will and should be reimbursed – an immediate doubling of losses overnight.”

Based on these figures, the financial implications for banks and other PSPs could be monumental. Moreover, the regulation could inadvertently incentivize fraudulent activities.

“There will be groups of criminals out there who will collaborate to come up with APP fraud scenarios where one of the fraud gang is the ‘victim’ who will fall for the ‘scam’ and claim money back from the bank,” said Barwell. “In essence, having their cake and eating it.”

This presents a complex challenge for PSPs, requiring them to navigate the fine line between fulfilling their reimbursement obligations and preventing abuses of the system. This mandatory reimbursement requirement and any ensuing fraudulent claims necessitate a strategic overhaul of fraud detection and prevention mechanisms –something which Barwell sees as an opportunity, rather than an obstacle, encouraging banks to “lead into the previously considered ‘no-man’s-land’ of true collaboration and intelligence sharing” in real time.

At this critical juncture, where the need for fraud management innovation and robust customer protection strategies has never been more urgent, banks have the opportunity to transform a significant regulatory burden into a catalyst for industry-wide cooperation.

The mandatory reimbursement requirement represents a pivotal moment for the financial services industry, signaling a significant shift in fraud management practices for financial institutions. This shift comes at a time when the pace of innovation in payment systems is accelerating, with real-time payment systems becoming the norm.

“Real-time payments are here to stay, so we need to make changes to our historically siloed approach to managing fraud,” said Barwell at PAY360. “If we don’t, we risk huge financial and reputational losses.”

Barwell’s sentiment underscores the need for the financial services industry to adapt its fraud prevention strategies to the realities of modern payment technologies, which demand a more integrated and collaborative approach.

The implication of the PSR’s new rule for APP fraud is not just a procedural or financial challenge – it’s an essential driver for system change in the industry’s fight against fraud. Though it might seem as a “small, almost inconspicuous regulatory change,” it is indicative of the impact targeted regulatory actions can have on industry practices, pushing institutions toward more effective and united fraud management strategies. The financial services industry stands at the precipice of a transformative period, one where the challenges of complying with new mandates, such as the PSR’s reimbursement requirement, can prompt broader improvements in fraud detection, prevention, and management. 

To navigate the challenges and opportunities presented by the PSR’s new rule for APP fraud, financial institutions must develop a comprehensive fraud management strategy that leverages both existing tools and industry-wide collaboration.

According to Barwell, this involves three crucial steps:

1. Financial institutions must gain a deeper understanding of customer behaviors and account activities. Though many of these institutions already have sophisticated fraud prevention mechanisms capable of verifying the legitimacy of transactions in real time, these systems need to be recalibrated to not only scrutinize outgoing funds but also to monitor incoming transactions.
   
   This adjustment will enable banks and other PSPs to detect and prevent accounts from being used fraudulently or as mule accounts. Rather than replace existing tools, Barwell recommends enhancing them to better recognize abnormal account behavior, which could potentially be linked to fraudulent activity.
   
2. Industry-wide collaboration is essential to more effective fraud management –more specifically, there is a real need for a centralized platform for sharing intelligence on the reputational assessment of accounts in real time. Such a platform would enable institutions to make informed decisions at a faster rate.  Additionally, recent amendments to the rules around immediate payments have granted financial institutions three more days to pause suspicious transactions, allowing for further investigation, evidence-gathering, and education.

3. Patience and persistence are essential virtues in the early stages of implementing this new regulation. The industry is expected to face operational and practical challenges, including possible delays. However, the overarching goal remains clear: to seize this unprecedented opportunity for genuine, real-time collaboration and intelligence sharing. As various industry bodies work toward this aim, fraud prevention experts must maintain momentum and push for continuous improvement.
   
   This collective effort will not only mitigate the immediate impacts of the new reimbursement mandate, but it will also fundamentally transform the industry’s approach to combating APP fraud, marketing a significant step forward in protecting consumers and maintaining the integrity of financial systems in the U.K.