UK payment firms now required to reimburse APP fraud victims

Man typing on keyboard with warning triangle overlay.
Image courtesy of Shutterstock.com

Starting today (7 October), UK payment firms are now obligated to reimburse victims of authorised push payment (APP) fraud, with compensation capped at £85,000.

Introduced by the Payment Systems Regulator (PSR), the new reimbursement rules were implemented in response to the rising cases of APP fraud, where individuals are deceived into transferring funds to fraudsters pretending to be legitimate recipients.

David Geale, Managing Director of the PSR, said: “Today is a very important day in making it quicker and simpler for victims of APP scams to get back money they’ve lost to criminals, with a guaranteed minimum level of protection in place.

“But not only that, our new requirements will see all payment firms involved facing strong incentives to introduce more robust ways of identifying and preventing these scams from happening in the first place. Firms have already made a good start in making changes and we expect to continue seeing new and innovative systems being rolled out to drive fraud out of our payment systems.”

For months, this regulatory shift has gripped the payments industry, sparking ongoing debates both in support of and against the new rules. Among the most vocal opponents is The Payments Association, which has urged the PSR to delay implementation for another year.

Riccardo Tordera-Ricchi, Director of Policy and Government Relations at The Payments Association, commented:  “We will be monitoring the impact of the new APP fraud rules closely. We remain focused on pushing for effective data sharing that can tackle the fraud at source and for a mandatory involvement of social media platforms in the reimbursement scheme.

“The launch of the Fraud Intelligence Reciprocal Exchange (FIRE) between some banks and Meta is a small step in the right direction, but other issues remain including the alignment of the definition of consumer standard of care to the interpretation that British courts give of gross negligence. We call for the regulator to review the rules in six months time, rather than 12 as currently planned.”

As outlined by Tordera, a key concern raised by some stakeholders is that the new rules fail to hold social media platforms accountable for their role in APP fraud, instead placing the burden primarily on payments companies.

Last month, Ellie Burns, Head of Product and Customer Marketing at ID verification company IDnow, also highlighted this issue when talking to Payment Expert, stating that social media is the majority of APP fraud originates. 

The PSR has shown some flexibility regarding these changes, contrary to its earlier stubbornness at the beginning of the year.

Originally, the maximum reimbursement for fraud victims was set at £415,000. Though this reimbursement would be shared 50/50 between the sending and receiving firm, there were worries that this could bankrupt some companies and lead people to try and take advantage of the process. 

These reimbursements aren’t the only measures the UK is taking to fight back against fraud. 

Last week, the HM Treasury announced that banks have been given new powers to delay and investigate payments suspected of being fraudulent. The maximum delay for suspicious payments has been extended by 72 hours, up from the existing timeframe of just one day from when the payment was made.