APP fraud reimbursement: One year on

As we mark the one-year anniversary of the UK’s mandatory reimbursement requirement for victims of authorised push payment (APP) fraud, we must acknowledge the sheer scale of the challenge. APP fraud has reached epidemic proportions globally, causing immense financial damage and eroding consumer trust.

While the regulation was ostensibly a positive step for consumer protection, it also brought significant change to the financial services landscape. While many traditional banks had already been following a voluntary reimbursement code for some time – and had accounted for these costs – the mandatory rule represented a major new burden. Specifically for payment technology firms (PayTechs), this introduced a completely new cost centre that they had to factor into their operations. One year on, it is clear that this regulatory shift has created a genuine strain on the competitiveness of the PayTech industry.

While mandatory reimbursement helps victims, the challenge remains that it doesn’t address the underlying systemic issues that allow criminals to operate.

Beyond reimbursement: A whole-of-ecosystem strategy

The financial services industry must now focus on a full-scale offensive. The key to solving the problem of APP fraud lies in a proactive, whole-of-ecosystem prevention strategy that breaks down the silos between the various entities criminals exploit. We cannot effectively tackle these scams unless we fight them from multiple angles.

This coordinated, comprehensive effort requires four key pillars:

1. Advanced prevention systems for financial institutions

Fraudsters are increasingly leveraging advances in artificial intelligence (AI) to create highly convincing and scalable scams. Financial institutions (FIs) must counter this with superior technology, including leading-edge technologies and advanced prevention systems to tackle fraud at its source. Firms must constantly assess their control frameworks and strive to stop the payment while it is in progress, rather than simply reimbursing after the fact.

2. Mandatory accountability for enabling platforms

Fraud often exploits weaknesses across different sectors, making accountability a shared concern. We need a mandatory shared responsibility framework that enforces accountability from Telcos and Tech Platforms. These entities are frequently the point of origin for scams, whether through number spoofing, data breaches, or hosting fraudulent investment advertisements.

3. Intelligence-sharing and collaboration

Criminal networks are transnational, making a siloed defense ineffective. To disrupt the criminal business model, we need:

• Mandatory intelligence-sharing across all sectors – financial services, telecommunications, and tech platforms.
• Better collaboration with overseas authorities to trace and seize illicit funds and coordinate international prosecutions.

4. Enhanced consumer education

The human element remains the primary target for fraudsters. Enhanced and effective consumer education is vital to making consumers more resilient to social engineering and common scam tactics, thereby reducing the attack surface for fraudsters.

By committing to this holistic approach, one that is proactive and shared across all key platforms, we can finally hope to achieve a fundamental disruption of the criminal business model and end the epidemic of APP fraud.