The Payments Systems Regulator (PSR) is apparently going to water down its incoming rules around authorised push payment fraud (APP fraud) reimbursement.
APP fraud is when customers authorise an online bank transfer to a fraudster, usually after being conned into doing so. Addressing this criminal activity has become a significant priority for regulators, with the PSR planning to introduce a requirement in October for payment firms to reimburse victims with claims of up to £415,000.
This reimbursement would be split 50/50 between paying and receiving firms. This plan did not come without controversy, however, with the payments industry arguing that the £415,000 threshold would put a significant financial burden on the sector, and also arguing that the regulation ignores other stakeholders with a responsibility.
According to the Financial Times (FT), the PSR has opted to reduce the threshold from £415,000 to £85,000. This follows extensive industry lobbying, with the Payment Association trade body publishing an open letter and HM Treasury ultimately joining calls for a reassessment of the policy.
APP fraud still a growing issue
Regardless of the PSR’s change in plans, the scale of APP fraud in the UK remains extensive. Newly released data from the Financial Ombudsman Service (FOS) shows 8,734 complaints were lodged about fraud in the three months between April and June 2024.
This is an increase from 6,094 complaints lodged last year. The FOS stated that half of these complaints were about APP fraud, where they had approved an online bank transfer to a fraudster themselves.
The ombudsman attributes this rise in fraudulent activity to three factors. Firstly, the number of multi-stage frauds has increased, and so the number of multiple complaints put forward by customers has also risen.
Additionally, there has been an increase in people inadvertently using credit or debit cards to pay fraudsters and more online fraud cases are being brought by professional representatives, the ombudsman added.
Abby Thomas, Chief Executive and Chief Ombudsman of the Financial Ombudsman Service, said: “Being a victim of a fraud and scam is a horrendous experience – not just financially, but emotionally too. That’s why it’s disappointing to see complaint levels rising to even higher levels.
“We often hear from people embarrassed to have fallen victim to a fraud, but these crimes can be complex and incredibly convincing, and nobody should be afraid to come forward.”
FOS has encouraged financial institutions to sign up to the voluntary Contingent Reimbursement Model (CRM). The ombudsman believes that the CRM can make a significant difference, stating that 2,734 of the 4.752 APP scams it was alerted to were not covered by the code. It is also far more likely to uphold complaints when covered by the code, with 49% of complaints under the code upheld against 36% that were not.
Anna Roughley, Head of Insight at the Lending Standards Board (LSB), which oversees the CRM, emphasised the significance of the initiative in comments sent to Payment Expert, responding to the FT report.
“The current consumer protections against APP fraud provided by the CRM Code have no cap on reimbursement and there is no excess fee for fraud victims making a claim,” Roughley says.
“Importantly, the Code also contains specific provisions on APP fraud prevention and detection, which stop consumers from being harmed, stop money from reaching criminals, and stop firms from having to face the cost of reimbursement.
“The PSR’s new framework will be bringing many new Payment Service Providers into the scope of a reimbursement scheme for the first time. As the sector adapts to the new framework, we would urge all Payment Service Providers to look to the lessons of the CRM Code and the emphasis it put on prevention and detection.
“The Code has had a significant, positive impact and helped to slow the growth of APP fraud, lower the average amount stolen per case, and more-than treble reimbursement rates.”
Clashing viewpoints
FOS’ data on fraud complaints was released just prior to the FT report. In its release outlining the figures, the ombudsman cited the incoming APP reimbursement rules as providing an added layer of protection to customers.
This view is unlikely to change, although neither is the view of some payments stakeholders that more needs to be done to address and prevent fraud, rather than treating its consequences.
“We don’t think this will solve the main problem,” Riccardo Tordera-Ricchi, the Head of Policy and Government Relations at The Payment Association trade body, told Payment Expert earlier this year.
“It will bring satisfaction to victims, which is important, but we are not trying to prevent fraud happening, we are just treating the bad consequences of that.”
The role social media firms play in fraudsters’ schemes has also been repeatedly cited by payments firms. The likes of Revolut, Lloyds and Barclays have all pointed to how social media is used to target individuals with scam activity.
Payments’ concerns may have been heard by politicians. The Labour Party, prior to its election victory in July, stated in a policy document that ‘big tech firms’ – this could well include social media companies like Meta and X – should share responsibility for reimbursement. As stated above, the Treasury subsequently joined calls for the PSR to reevaluate fraud reimbursement rules.
Not everyone in the financial ecosystem is pleased with the PSR”s decision, however. Dan McLoughlin, Fraud and Security Specialist at Lynx, a fraud prevention and anti-money laundering (AML) platform, argues that the FOS’ data indicates the significant impact fraud has on consumers, and the importance of addressing this.
“The logic behind the high-value cap on reimbursement – £415,000 – was clear,” he says. “By setting a substantial reimbursement limit, regulators clearly said to banks: “prevent fraud or be prepared to pay.
“Dropping the value of reimbursement so dramatically takes away a big part of banks’ financial motivation to prevent fraud. While most APP fraud cases will still be covered by the regulation, the dropping shows an unwillingness from banks to accept responsibility and make tough decisions. It takes away their drive to invest in robust fraud detection and prevention systems, which ultimately safeguard consumers.”
He continues: “The constant bank lobbying to reduce the liability and pause the legislation shows organisations are seeing this as purely a punitive solution rather than a positive step in reducing fraud. Bold moves are often required to drive change and the reduction in the payout limit takes some of that boldness away.”
Addressing the scammer’s toolkit
Social media’s role in fraud schemes has been backed up by FOS data. Social media platforms are particularly used by fraudsters for promoting false investment opportunities, with 1,500 complaints lodged from people who used cards to pay for investments during April-June 2024, up from 1,100 the year prior.
Lastly, although not mentioned by FOS, it is important to address how emerging technologies are empowering fraudsters, and which may have contributed to the rise in activity seen in FOS data.
Artificial intelligence (AI) in particular has become a valuable asset in fraudsters’ toolkits, most notably for its use in creating deep fake images and voices for use in video, telephone and social media scamming.
“Fraudsters’ methods are always evolving, and we continue to see that reflected in the complaints brought to our service,” remarked Pat Hurley, Ombudsman Director for Banking.
“We are currently receiving – and resolving – around 500 fraud and scam complaints a week. In all the cases we receive, we’ll look at the individual circumstances and investigate whether a business did everything it was required to do.
“When we do uphold complaints, we expect firms to learn from our findings and apply them to any future interactions with their customers. Our service is free, easy to use and impartial.”