In 2022, the Payment Systems Regulator (PSR) reported losses of approximately £485 million in Authorised Push Payments (APP) fraud cases. It is estimated that about 97% of these losses are through the Faster Payment Systems (FPS).
To safeguard consumers and businesses from APP fraud, the PSR has introduced a new reimbursement requirement to fight APP fraud by reimbursing all APP scam losses, with all in-scope Payment Service Providers (PSPs) expected to comply by Q3 2024.
In its June ’23 policy document, the PSR outlined four target outcomes (referred to as ‘industry actions’) that PSPs should achieve to comply with the new reimbursement requirement. In essence, the target outcomes state that firms should:
a) Effectively communicate, share information on APP fraud claims and compensate each other for the cost of reimbursement.
b) Track app fraud cases to enable reimbursement and repatriation across PSPs
c) Initiate and engage with reimbursement requests (from sending and receiving PSPs)
d) Assess APP fraud claims and communicate outcomes to victims within defined SLAs
However, the PSR has left it to the discretion of the firms to decide what they should do to achieve these outcomes. In this article, we suggest measures that will help firms achieve these outcomes.
At their core, firms should seek to;
1. Increase employee & customer awareness
The first line of defence against APP fraud is a well-informed employee and customer base. Firms should consider investing in comprehensive training programmes to educate staff about fraud reimbursement policies and how to recognise and report suspicious activity. Additionally, customer awareness campaigns are crucial to ensure that end-users are vigilant and understand their role in preventing fraud by referencing the Consumer Standard of Caution.
2. Collaborate and improve information sharing
The regulation encourages better collaboration and information sharing among participating PSPs and the regulatory bodies. Engaging in industry forums and participating in discussions about emerging threats and best practices can provide valuable insights and help firms implement the required infrastructure to enable information sharing.
3. Implement a more robust reimbursement mechanism
The new reimbursement policy framework lays out guidelines on how PSPs should reimburse victims and share allocation costs with each other in the event of a true APP fraud claim. PSPs are expected to adopt fair and transparent reimbursement processes to compensate victims within 5 business days. In certain situations, the sending PSPs have the option to use the ‘stop the clock’ provision in proportion to the value and complexity of the claim.
4. Establish effective communication channels
Firms should establish clear and secure channels for reporting and investigating suspected fraud cases. This may include providing customers with accessible and user-friendly mechanisms to report incidents and receive timely updates on the status of their fraud claims along with the details of the reimbursement amount they will receive.
5. Establish continuous monitoring and reporting
The fight against APP fraud is a continuous endeavour and, the PSR emphasises the need for continuous monitoring of PSPs’ performance to meet the reimbursement requirement. Firms need to implement advanced monitoring systems that can analyse transaction patterns, identify anomalies, and trigger alerts for further investigation. Firms will also be required to establish clear reporting mechanisms to meet the reporting requirements established by the Pay.UK.
6. Regularly update policies & procedures
Given the constantly evolving regulatory guidance from the regulatory authorities, firms could have flexible policies and procedures that can adapt to these changes. Regularly reviewing and updating internal policies ensures that the organisation remains agile and responsive to the changing landscape of APP fraud.
Next steps
The PSR is yet to offer the final policy position on three key elements of the new reimbursement requirement which includes the maximum level of claim excess, the maximum level of reimbursement, and additional guidance on the consumer standard of caution. PSPs would do well by factoring in these missing elements in its end-to-end planning and develop contingency measures to handle operational, financial, and technical challenges that may result from this delay.
Achieving successful implementation of the new Authorised Push Payment fraud requirements requires a multi-faceted approach. Firms must prioritise investment in employee & customer awareness, collaboration & information sharing, reimbursement mechanisms, building effective communication channels, monitoring, & reporting and updating policies & procedures. By adopting these measures, PSPs will not only meet the reimbursement requirement but also fortify their defences against the constantly evolving APP fraud.
