The sky didn’t fall but are we on the right track? The UK’s fraud fighting dilemma
Credit: BCFC / Shutterstock

It’s still too early to tell, but payments firms are not reporting record losses and staff are not fleeing London’s banks in terror. At least for now, it seems that the new rules around fraud reimbursement came into effect last month without a hitch.

The topic remains a fiercely debated one in UK payments though. The regulator remains confident that the rules will have a long-lasting positive effect, banks are adjusting well for now, and there has been no noticeable increase in fraudulent claims.

As Tony Craddock, Director General of The Payments Association (TPA), put it at the industry trade body’s Financial Crime 360 (FC360) last week, ‘the sky didn’t fall in’ when the Payment Systems Regulator’s (PSR) new rules around authorised push payment (APP) fraud reimbursement came in on 7 October.

The Managing Director of the PSR, David Geale, asserted confidence at the event, as did his colleague Oliver Hammer, the regulator’s Head of Compliance. Though acknowledging that there is more to do, the duo are positive that the reimbursement rule is a step in the right direction.

“We’re quite confident, we’re pleased with where we’ve got to but recognise that this is part of the journey,” Geale told TPA’s Craddock on a cross-sector panel at the event. The onus is now on the industry and regulators to focus on fraud prevention, so that the need for reimbursement does not even arise, he says.

The main motivation behind the new rules was that banks would be more incentivised to act to prevent fraud and protect customers if they had more liability for reimbursement. The industry subsequently raised concerns about the potential financial impact and the possibility of false claims.

It is of course not that long ago that the PSR’s reimbursement rules actually came into effect, not even one quarter after the introduction date actually. The impacts of the policy have therefore yet to be fully seen, but so far the industry seems to be adapting to a new normal.

“We were nervous as we approached the deadline, but I think we’ve been quite familiar,” said Alison Webdale, Chief Compliance Officer, Santander UK, the Spanish multinational bank with a prominent presence in the UK.

Though many in banking showed a lot of discontent with the rules ahead of the 7 October implementation date, the notion of reimbursement is hardly one these firms are unfamiliar with, as Webdale alluded to.

“We’d signed up to the contingent reimbursement model in 2019 so we were familiar with the settling of claims, of dealing with other organisations,” she continued. 

“But I think the key thing for the implementation of this is industry collaboration, communication across the whole industry, with the regulator, with Pay.UK, absolutely made a success of any teething problems we had. In terms of what we’ve seen, we’ve seen very similar, static levels of claims.”

UK must become ‘a terrible place to be a fraudster’

Success then, it seems. The industry’s concerns about a spike in fraud claims and subsequent financial losses, which would obviously hit the sector’s extensive network of SMEs and startups has not yet materialised.

Regarding false claims, throughout the nearly year-long build up to the reimbursement reintroduction date a concern was raised that the reimbursement rule could in effect be turned around on its head and used by fraudsters to de-fraud banks by claiming to be victims of fraud.

Judging whether or not this is happening is somewhat difficult given the sheer volume of fraud losses in the UK, where fraud accounts for around 39% of all criminal activity. According to UK Finance, the finance industry trade body, over £570m was lost to fraud in H1 this year alone, of which £213.7m was to APP fraud.

A simple way to do so, and one of the only ways currently available to the industry, is to examine the scale of fraud claims. If the number has gone up since 7 October then it could be an indicator that false claims are being put forward.

But it isn’t, according to Pay.UK, the operators and standards body of the UK’s interbank payments systems. The body’s CEO, David Pitt, noted that around 10,000 claims had been put forward from 7 October to what we can assume is around the time of the conference, 19 November. This is relatively ‘par for the course’, he says.

“I think what I see in 2025 is a significant push from Pay.UK and the industry to do it exactly as David [Geale] has said,” he added. 

“Reimbursement is really super important, but the detection beforehand and the provision of information in order to help make a really quick, informed decision on the authorisation is really super important. Confirmation of payee is just one aspect of that.”

Concerns have not abated, however. In an increasingly competitive and apparently challenging investment environment, some companies are concerned that the liability they have for reimbursement may deter investors.

It is hard to deny that the concerns around the financial burden reimbursement could put on smaller firms to have some merit. The requirement is that companies must reimburse victims of APP fraud up to £80,000 – originally up to £415,000 but this was dropped after industry lobbying – split 50/50 for the paying and receiving bank.

For the UK’s biggest banks – the likes of Barclays, HSBC, NatWest and Lloyds – this might be an annoyance but it is something they can shoulder, and as Santander outlined at FC360 is something many are familiar with anyway. For the smaller firms, this is more difficult.

“I am concerned that people are sitting on their investment budgets and not yet investing and are not quite sure what the financial impact is on the terms involved,” said TPA”s Craddock.

“My hope is that in 12 months time, it’s proven that this is a country that has come together holistically across the whole ecosystem, both the regulator and the government and the participants in imposing, implementing changes that make this a terrible place to be a fraudster.”