What is APP Fraud
Authorised Push Payment (APP) fraud occurs when individuals or businesses are persuaded to authorise a payment that seems legitimate, only to find that they have fallen victim to fraud. APP fraud resulted in losses totalling £459.7 million in 2023.
A staggering £376.4 million was fraudulently taken from private individuals while businesses experienced losses totalling £83.3 million. Naturally, the consequences of this can be crushing, and to address the issue, the Mandatory Reimbursement Scheme was implemented on the 7th of October 2024.
Overview of the Mandatory Reimbursement Scheme
Under the rules set out by the Payment Systems Regulator (PSR), payment service providers (PSPs) must reimburse victims of APP fraud. The service provider who sent the payment shares the cost of reimbursement with the provider that received it. The maximum amount per claim is set at £85,000.
This follows an initial proposal by the PSR that up to £415,000 could be claimed. The amount was reduced owing to concerns expressed by financial services providers. The average value of APP fraud transactions, which stands at £2,000 for individuals and £11,000 for businesses, was also considered. In 2023, over 252,000 cases of APP fraud were reported. Only 429 cases involved amounts over £85,000.
The Mandatory Reimbursement Scheme aims to protect the public by ensuring prompt reimbursement while incentivising financial service providers to focus on fraud prevention and detection. It is hoped that the scheme will promote better cooperation and information sharing between financial services industry players as they work to enhance market integrity.
Key Rules of the Mandatory Reimbursement Scheme
Type of Payment Covered and Claim Limit
APP fraud reimbursement rules apply to payments made within the UK using the Faster Payments system or Clearing House Automated Payment System (CHAPS). International payments are not covered. As noted, a limit of £85,000 has been set, but larger amounts can be considered.
Affected customers may call on the Financial Ombudsman Service (FOS) to evaluate the case for a higher-value reimbursement if they are not happy with their PSPs response.
Payments Made and Excess Levied
Following a claim, the payment service provider involved in sending the payment must refund the claimant. The PSP may then claim 50 percent of the cost from the recipient’s PSP.
Payment service providers can levy £100 per claim as excess. However, vulnerable customers such as the elderly or those lacking financial resilience are exempt from this charge. The sender’s PSP can levy a qualifying excess payment from their customer but not the recipient’s PSP.
Claims Eligible for Dispute or Rejection
Reimbursement is mandatory unless financial service providers can prove that claimants are conspiring to defraud them. For example, a claimant may have made a payment to an accomplice with the intention of sharing the proceeds following reimbursement. Unlawful payments are not eligible for reimbursement.
Gross negligence also provides grounds for refusing reimbursement. However, the onus is on the payment service provider to prove that it occurred. As the PSR notes, “the bar is high” if claims of gross negligence are to succeed.
For example, the customer ignored explicit warnings or failed to respond when their PSP requested further information on the transaction. Vulnerable customers may not be held accountable for negligence.
Finally, payment service providers will not reimburse customers if claims relate to civil cases. For example, a consumer bought a product, received it, and was not satisfied with its quality.
Important Time Frames
Claims must be lodged within 13 months of the last payment to an APP scammer. If a customer is late in lodging a claim, their PSP can deny it, but the customer can still appeal to the Financial Ombudsman Service (FOS).
In the event of APP fraud, the consumer will receive reimbursement within 5 working days. If further investigation of the claim is required, the payment service provider can temporarily halt the countdown by up to 30 days.
Impact on Stakeholders
Small Businesses May Still Be At Risk
The Mandatory Reimbursement Scheme applies to individuals, charities, and businesses with fewer than ten employees and a turnover lower than 2 million Euros.
However, analysts point out that many instances of APP fraud in the UK will continue to go unreported. The amounts are often reasonably small, and the potential for gaining a reputation for carelessness is great. For many businesses, the cost of lost consumer confidence after reporting APP fraud could be higher than the cost of absorbing the loss.
The Scheme Fails to Tackle Fraud
Naturally, consumers are happy to know that they are protected from losses coming from APP fraud. However, the PSR warns them to be vigilant and lists the signs that may indicate an attempted APP fraud. For example, the payment is unusual and they are encouraged to pay immediately. Nevertheless, it’s widely felt that the PSR should do more to educate customers on safe payment practices.
PSPs Pay the Price: It Could Mean Fewer Competitive Payment Options
Financial service providers, particularly smaller organisations, are understandably concerned. It has been noted that instead of combatting APP fraud itself, the scheme reimburses customers at payment service providers’ expense.
If the cost should prove to be considerable, and it seems the administrative burden alone would be costly, it may become difficult for smaller PSPs to operate. If the Mandatory Reimbursement Scheme means that consumers have fewer payment service providers to choose from, the overall effect on the market could be negative.
Implementation Challenges
While the Mandatory Reimbursement Scheme is clear about refund practices, it fails to provide clear guidance on how PSPs can identify possible APP fraud. Instead, it is optimistic about the Scheme encouraging payment service providers to solve the problem themselves. It is feared that this may not result in satisfactory outcomes despite the additional impetus toward collaboration and information sharing.
It also requires new systems to be implemented on payment platforms. These may cause friction when customers want to make legitimate payments. There may be conflicting regulatory requirements too. For example, the Financial Conduct Authority (FCA) requires payment service providers to offer services with which customers are satisfied. This extends to rapid compliance with payment instructions.
By placing obstacles in the way of suspicious payments, PSPs may find themselves at odds with the FCA. Legal precedent is also being overturned. A 2023 Supreme Court ruling concluded that banks may take payment instructions from customers at face value.
Assuming that the APP fraud mandatory reimbursement scheme represents an altogether new look at payment service providers’ responsibility to their customers, there are still concerns on the horizon. For example, it’s possible that the Mandatory Reimbursement Scheme could stimulate fraud, this time, with payment service providers as the ultimate victims.
Implementing the Scheme will have direct costs other than reimbursements too. With higher admin costs and greater financial risks to face, there are fears that service providers may be forced to levy high transaction fees.
How to Combat APP Fraud: Best Practices for Consumers and Businesses
Even if you’re eligible for reimbursement, you will avoid considerable inconvenience by being alert to APP fraud and taking steps to avoid falling victim. In the longer term, improved awareness will save millions of pounds, averting a cost to payment providers that may ultimately be shared by consumers in the form of higher transaction costs.
There are two forms of APP fraud:
- Malicious payee APP fraud occurs when you are tricked into buying goods that don’t exist or are never received.
- Malicious redirection APP fraud occurs when a malicious actor impersonates a legitimate organisation and persuades people to transfer funds into a fraudster’s bank account.
Around 76 percent of APP fraud occurs online. 16 percent involves telephone calls, but these scams invariably net much larger amounts of money. In fact, analysts say that more than half the total amount of money misappropriated through APP fraud involves telephone calls.
AI has proved to be a boon for scammers who can use it to imitate the voices of business associates or family members. It allows them to claim that there is some kind of emergency and request fast payment. This can make it very difficult for victims to distinguish between a genuine call for help and a fraud.
Typical APP frauds involve:
- Impersonation. For example, impersonating HMRC agents.
- “Bargain” offers. In a recent scam, fraudsters sold bogus tickets to a Taylor Swift concert.
- Romance sams in which victims are often cultivated for lengthy periods before being asked to “lend” or give money to the scammer.
- Fake investments promising high returns. Instead, scammers filch victims’ life savings.
- So-called “loan fees” that victims are led to believe will qualify them for a line of credit.
- “Advance fees” to be paid by victims so that they will receive a much larger sum of money. The loan fee is taken and no windfall materialises.
- Intercepted invoices related to real transactions are sometimes used to persuade victims to pay amounts to scammers instead of the organisations they did business with.
- Lost pet scams have also been fairly common. Scammers persuade owners of missing pets that they have found their animals and demand money for their return.
Signs That Someone May be Trying to Defraud You
If you spot signs that someone may be trying to defraud you, do not go through with payment. If the request for payment is legitimate, the recipient will be willing to wait. Signs of a possible APP scam include:
- An offer that seems too good to be true. Ridiculously low prices or promises of huge rewards are red flags.
- Something seems a little “off.” Trust your instincts. For example, HMRC will not call taxpayers with demands for payment.
- You are being rushed. The payment is “urgent,” and you must act immediately. Scammers don’t want to give you time to think things through.
- The transaction is unusual. Perhaps you are being asked to send money to an unfamiliar account or a familiar-seeming person or organisation claims their banking details have changed.
- You are being asked to divulge sensitive information.
- Your payment service provider queries a transaction or alerts you to a risky transaction.
Read our finance leader’s guide to combatting Authorised Push Payment (APP) fraud for more information.
If you suspect that you may have fallen victim to an APP scam, contact your payment services provider immediately. If you act quickly, you can prevent the payment from being processed. If you have already become a victim, report the matter to your payment provider. They will guide you through the reimbursement process and can report the crime to the police on your behalf.
APP Fraud Reimbursement and APP Fraud Prevention
Thanks to the Mandatory Reimbursement Scheme, genuine victims of fraud are protected from financial loss when funds are transferred through Faster Payments or CHAPS within the UK. Your payment service provider will comply with reimbursement claims after investigating the matter.
However, fraudsters still stand to profit. The best solution is to be alert to APP fraud thereby preventing scammers from reaping any rewards from criminal activity.
