APP fraud reimbursement: What should your firm do next?

On 7th June, the UK Payment Systems Regulator (PSR) announced new reimbursement requirements for authorised push payment (APP) fraud victims. In this blog and my video below, I break down what the announcement means and – as someone who has seen these kinds of changes from positions in the banking and regulatory sectors – the steps I would be taking now as a compliance officer. 

Why is the PSR taking this action? 

APP fraud – where victims are tricked into sending a payment to an account outside of their control – is becoming increasingly common. In the UK, there were 207,372 incidents of APP fraud in 2022, with gross losses of £485.2 million, according to UK Finance. This is, however, a global problem. US APP fraud losses are set to exceed $3 billion by 2026, with 72 percent of victims closing their account at the institution where they were a victim. 

What has the PSR proposed? 

The PSR has announced that it will require all payment service providers (PSPs) to reimburse victims of APP fraud, barring some exceptional circumstances – and this is a significant change. Historically, around 59 percent (by volume) of these scams are reimbursed, and the PSR aims to see that figure go up to 95 percent.

These new rules will lead to more reimbursement for victims and will hopefully make it more difficult for fraudsters to carry out this type of fraud. But they will also significantly change the fraud prevention frameworks payment service providers (PSPs) must have in place.

How can firms prepare for the new regulations?

We work with compliance teams across the UK and worldwide, so I know how hard the industry already works to protect consumers from APP fraud. But in light of this new announcement,  firms should weigh up the potential costs associated with these new reimbursement requirements and evaluate the suitability of their current defences. 

Any shortcomings in APP fraud detection capabilities could soon cost firms a lot of money and impact customer retention rates. So now is a good time to ensure you have the right protections in place for the long-term. 

Three key questions I would start with are: 

1. Can you accurately detect anomalous behaviour indicating a vulnerable person has been taken advantage of by a third party? This is a hallmark sign of APP fraud but requires advanced AI-driven detection capabilities to be done well.
2. Can you detect discrepancies between payment reference texts and payment details?
3. Can you uncover deviations in periodic behaviour that would indicate fraud – for example, a change in a bank account number on a typical payment? 

If you can’t answer one or more of these questions confidently, now is a good time to explore new potential partnerships or – at a minimum – to begin a conversation with your existing vendors.