‘Giant leaps, not baby steps’ needed for APP fraud regulations

Challenge of business concept. Group of businesspeople climbing a mountain. Teamwork. Success.
Editorial credit: metamorworks / Shuttesrstock.com

Following the introduction of the authorised push payment (APP) fraud regulation on 7 October, experts emphasised that much work still needs to be done.

As the Payment Systems Regulator‘s (PSR) new rules on APP fraud come into effect, requiring firms to reimburse victims up to £85,000 and share the responsibility equally between the sending and receiving payment service providers (PSPs), it’s clear this marks only the start of the battle, not the conclusion.

With annual fraud losses approaching £500m, it’s no surprise that the new regulation has been largely welcomed by the payments industry. However, as ZBD‘s COO Marca Wosoba points out “regulators and the sector should do more.”

Wosoba has identified four critical areas where further action is needed, stating that there needs to be continued education for consumers regarding the risks of fraud and scams.  Despite this, she did warn that the new APP rules may entice scammers more. 

She added: “ An unintended consequence of this regulation is that it might encourage scammers, as they know they are unlikely to be caught but consumers are likely to be reimbursed.

“Coordinating to ensure that the latest scam tactics are widely known to the sector, consumers, and financial crime investigators across the EU and globally, to help mitigate future fraud and catch and prosecute fraudsters.

“Establishing a broader fund to support consumer education and fraud reduction through advanced procedures and information sharing.

“Coordinating with social media sites, which are often the source of financial scams, but have far less incentive to reduce or address fraud compared to the fintech industry, which bears the regulatory and financial responsibility to prevent and rectify such incidents.”

As Wosoba mentioned, social media platforms have come under fire from many financial institutions affected by the new regulations. This concern was echoed by Woody Malouf, Head of Financial Crime at Revolut, who remarked: “These plans are baby steps, when what the industry really needs is giant leaps forward.

“Victims and financial institutions still ultimately bear the cost. These platforms share no responsibility in reimbursing victims, and so they have no incentive to do anything about it. A commitment to data sharing, albeit needed, simply isn’t good enough.”

Malouf referenced Revolut’s Consumer Security and Financial Crime Report, which revealed that Meta platforms, Facebook and WhatsApp, and in particular Telegram, were the leading sources of scams reported to the company, accounting for 69% of all incidents in the first half of 2024.

Nevertheless, there is still significant work to be done within the payments industry. Anil Nanda, Partner, UK and Europe Payments Lead at Capco, highlighted that while many firms have made substantial progress in preparing for the new requirements, some are adopting a “wait and see approach” before committing to major upgrades of their operational and technical infrastructure.

This approach may have been wishful thinking by some institutions, influenced by the Payment Association‘s calls to delay the regulations. However, it could also stem from a lack of clarity, as the rules were revised just weeks before their implementation.

Whatever the reason for this approach, Nanda has highlighted several key areas that firms need to address. 

For retail banks, the focus should be on optimising operational workflows to manage the rise in fraud claims efficiently, ensuring they meet the five-business-day reimbursement requirement. This includes streamlining processes and dedicating resources to maintain both operational efficiency and high customer service standards.

He also stressed that “for PSP aggregators, the priority must be to enhance auditing of PSPs to ensure they have proper systems and controls in place, as well as sufficient capital reserves to cope with fines”. 

Additionally, Nanda noted that PSPs themselves must focus on implementing quick and efficient dispute resolution processes to differentiate between fraudulent claims and purchase disputes.

“Across the board, all financial institutions must ensure that fraud teams are ready and adequately resourced to handle the anticipated increase in claims and investigations brought about by the new rules,” Nanda concluded.

“Scaling fraud teams as necessary, and investing in appropriate training and technology, will be fundamental to supporting swift and compliant fraud detection and resolution.

“These capabilities will be essential to maintain consumer trust and achieve the intended outcomes of the APP regulations – ensuring a more resilient and trusted payments environment.”