Authorised Push Payment (APP) fraud has been on the rise, posing a significant challenge for both individuals and businesses. To address this growing threat, the Payment Systems Regulator (PSR) took decisive action in 2023 by implementing a mandatory reimbursement requirement for APP fraud. The regulation is set to take effect in October.
While the reimbursement requirements promise to improve the process for victims of fraud, banks will face significant implications, including financial impacts, operational changes, heightened risk management and more.
Christine Reisman, Managing Director at Protiviti, shared insights in an exclusive interview with Payment Expert, discussing strategies for banks to navigate PSR’s new requirements for reimbursing APP fraud.
Payment Expert: How do you think this cost-sharing arrangement will affect banks’ strategies for preventing and addressing APP fraud?
Christine Reisman: Internally, strategies will be focused on assessing how the end-to-end prevention, detection through to disbursement processes can be streamlined and underpinned with technology, risk awareness, and timeliness, all while keeping the client experience front of mind.
We anticipate financial institutions (FIs) will experience increased operational costs via training, embedding easy-to-use upfront security and authorization measures, and technology upgrades. FIs may focus efforts on customer empowerment to help improve upfront recognition of fraud red flags and help support early reporting of potentially suspicious activity.
Externally, this will help enforce the need for data sharing between PSPs and law enforcement to ensure that they are able to prevent fraud against their customers effectively.
PE: With the new reimbursement requirements in place, what role do you see technology playing in enhancing banks’ ability to detect and prevent APP fraud?
CR: Real-time fraud monitoring will play a significant role in detecting APP fraud and preventing those transactions from going through. Fraud monitoring systems should consider requirements, such as its reporting mechanisms to stay compliant with PSR’s requirement to report APP fraud and to provide appropriate management oversight and the system’s ability to adapt to new fraud typologies.
Another consideration is investing in a case management tool to streamline the investigation process. Pay.UK will provide stringent timeframes to complete investigations, communicate with other PSPs and pay out reimbursement to customers.
Technology can help streamline effective reimbursement processes, strengthen prevention and detection controls, ultimately leading to an improved consumer journey and experience, even when fraudulent activity occurs. We anticipate behaviour analytics and real time monitoring will play a significant role in identifying trends by analysing common characterises and patterns within fraudulent transactions, which in turn can help feed continuous monitoring, improved suspicious activity reporting and red flag identification processes.
Further, we expect to see technology used to support customer authentication and identity verification, and streamline the reimbursement review, validation and payout processes.
PE: How do you envision this cultural change playing out, and what steps will banks take to prioritise fraud prevention and protect their customers?
CR: I think we will see an enhanced culture of fraud and consumer protection, stemming from the tone at the top and a continued prioritisation of allocating resources toward fraud prevention, detection and monitoring. We’ve experienced an uptick in demand for targeted employee fraud training, and we anticipate that FIs will continue to focus on providing as much transparency, accountability and timeliness to their client base and workforce. Further, FIs should be thinking more seriously about collaboration, and how best to knowledge share and compare best practices with industry peers, law enforcement and networking groups. Lastly, we anticipate a strong culture of innovation to support the fight against fraud.
PE: Could you discuss the specific measures or safeguards that banks will implement to support these customers during the reimbursement process?
CR: FIs should look to review their client communication channels and strategies, ensuring they are clear, timely, nimble and enable prompt and transparent correspondence in a method that customers prefer. Timeliness of case resolution and disbursement will be of paramount importance, which can be met in part by clear policies and procedures, streamlined technology and ensuring notifications, resolution and outreach processes are meeting customer expectations and not creating further friction to what could be an already aggravated process. Additional safeguards will also need to be implemented for vulnerable customers.
PE: What considerations should banks keep in mind when determining thresholds for the maximum level of reimbursement, especially in light of customer expectations and fairness?
CR: FIs will need to take a risk-based approach when establishing reimbursement amounts, which should be informed by the institutions’ risk assessment and recalibrated as the landscape evolves. Disbursements should be carefully thought through to help strike a balance of protecting customers, meeting compliance obligations, encouraging customers to exercise caution when authorising transactions while also risk managing and mitigating financial losses.
PE: Can you discuss any potential challenges banks may face in implementing the reimbursement requirements and how they plan to overcome these challenges?
CR: As noted above and throughout, challenges are intertwined and multi-fold. FIs will need to carefully strike a balance between and amongst numerous priorities, including but not limited to encouraging prudent customer behaviour, maintaining and building client trust, improving customer experience by prioritising timely and transparent reimbursement processes, and instilling and managing clear and flexible communication challenges.
