APP Fraud – New Mandatory Reimbursement Rules Published by PSR

The Payment Systems Regulator (PSR) has confirmed that the newly mandated reimbursement obligation for victims of authorised push payment (APP) fraud will take effect from 7 October 2024. While many payment service providers (PSP) already have systems in place to receive and handle APP fraud claims, all relevant firms should ensure they are ready for the upcoming regulatory changes.

Under the PSR mandatory reimbursement scheme which will be implemented from 7 October 2024, all UK payment organisations will be required to pay up to £415,000 in compensation to APP fraud victims. Payment organisations will have to reimburse customers who have reported falling victim to APP fraud within five working days of the report. The new reimbursement requirement will apply to Faster Payments sent and received by PSPs in the UK across the Faster Payments system. This includes direct and indirect Faster Payments participants, and payment initiation service (PIS) providers.

Change in Liability to Compensate Victims

Until now, sending PSPs have been picking up over 95% of the costs of APP fraud reimbursement. Under the new mandatory reimbursement scheme, the liability to compensate victims of APP fraud will be split 50:50 between the financial institution that sends the fraudulent payment, and the receiving institution. Sending PSPs will still have to reimburse the victim of an APP fraud, but will then seek a default 50% contribution for the costs of reimbursement from the receiving PSP. 

Non-directed PSPs are More at Risk

The data published in the PSR’s October 2023 Fraud Performance Report makes it clear that it is the smaller banks and payment firms (non-directed PSPs) in particular that are being targeted by the fraudsters to receive the proceeds of fraud. The data published by the PSR shows this by expressing, for every one million transactions received by a PSP, how many were APP fraud payments. For non-directed PSPs, the figures for the top ten ranged from 430 APP frauds per million transactions to over 187,000 APP frauds per million transactions.

PSPs Should Act Now to Comply

It’s crucial that all in-scope PSPs act now to ensure their ability to comply with the new mandatory requirements. Steps should include:

• Reviewing and enhancing fraud prevention and detection capabilities. In line with the Financial Conduct Authority’s Consumer Duty, the PSR will expect PSPs to have plans in place to communicate this new consumer protection to their customers. Assessing customer vulnerability will also need to be factored into fraud claim decisioning.
• Ensuring operational readiness for the live date including training people, and changes to processes and technology. 
• Considering any legal and compliance aspects, such as reviewing customer terms and conditions, contractual arrangements for any third-party providers, and reviewing and updating policies and procedures.

PSPs must now translate the stipulated requirements into practical operational standards. In this endeavour, AJC can assist companies by providing expertise and support in establishing systems and procedures that align with the new requirements, ensuring the effective handling of customer claims.

Please contact us on 020 7101 4861 if you think we can help.

Image accreditation: David Dvořáček (October 2019) from Unsplash.com. Last accessed on 16th February 2024. Available at: https://unsplash.com/photos/two-persons-hands-holding-turned-on-phones-QiPe0UpC0_U