App fraud refund rules: how payment service providers can prepare

The message is clear: payment service providers (PSPs) will soon be required to refund victims of authorised push payment (APP) fraud up to £85,000.

In this article, we’ll take a look at the upcoming changes, analyze how scammers’ behavior is evolving, describe what lenders need to do to comply with the new regulations, and discuss ways to protect vulnerable customers.

A Brief Overview of Changes to App Fraud Regulations

Over the past two years, the Payment Systems Regulator (PSR) has been establishing a stronger framework to combat APP fraud. Through a series of policy statements, they have introduced new requirements for monitoring and ensuring compliance with the Faster Payments (FPS) refund rules. They have also introduced a new FPS refund requirement to increase fraud prevention and focus businesses on protecting consumers.

The most significant change, announced by the PSR in July 2024 and due to come into effect in October, includes new liability rules for APP fraud. Under these new rules, beneficiary organisations must now implement effective measures to prevent APP fraud, rather than waiving liability for the fraudulent funds they receive.

The PSR intends that this change will encourage PSPs to take a more proactive role in preventing APP fraud, ultimately reducing the number of casualties. However, as the industry has noted, the practical effectiveness of this change in responsibility remains to be tested.

The latest on app refund scams

The latest figures published by the PSR highlight the inconsistent approach to refunds within the existing voluntary framework. In 2023, users reported 252,626 cases of APP fraud via Faster Payments, resulting in losses of almost £341m. While the overall refund rate improved from 61% in 2022 to 67% in 2023, the chances of a refund still depend largely on which bank a customer uses.

According to the PSR, this disparity indicates the need for a more unified approach to protect consumers at all levels.

APP Fraud Definition

Authorized push payment fraud (often called APP fraud) is a financial scam in which the victim is manipulated into sending money from their account to an account controlled by the fraudster. Unlike unauthorized fraud, where money is withdrawn without the knowledge or consent of the account holder, APP fraud involves the victim authorizing the payment themselves.

This can make it difficult for victims to recover their money since transactions are initially made with the consent of the account holder.

The sophistication of these scams, as well as the significant financial and emotional impact they pose on victims, make them a constant threat in the digital age.

Changes in Fraudster Behavior: Key Statistics

In response to PSP and regulator action to combat APP fraud, fraudsters are adapting their tactics. The recent UK Finance Annual Fraud Report reveals a shift towards higher volume, lower value attacks. While there has been a small decline in unauthorised losses and APP losses overall, purchase fraud is on the rise, even as impersonation and investment fraud have fallen.

As payment service providers (PSPs) and regulators work to combat APP fraud, fraudsters are adapting their strategies. Here’s a summary of the key trends:

Average losses:

Average loss from impersonation fraud: £7,448.
Average loss from shopping fraud: £549.

Dating scams:

In the case of marriage fraud, there are on average 10 payments per victim (compared to one payment for purchase fraud).
Total marriage fraud cases increase by 31% in 2023
200% increase in marriage fraud since 2020

Source of fraud:

Predominant fraud patterns in the UK:

Overall Impact of APP Fraud:

Average loss due to app fraud: £11,000 for businesses and £1,500 for the general public.
The maximum amount of mandatory reimbursement has been set at £85,000, raising concerns it could attract more fraudsters.

This trend towards high-volume, low-value fraud indicates that a more aggressive approach from payment service providers will be necessary to stem the rising tide of fraud in 2024 and 2025.

How changes to app fraud regulations will affect payment service providers

The new PSR rules could radically change the financial sector. While they have the potential to support the most vulnerable, the rules are likely to increase costs for all PSPs.

As regulators continue to prioritize strong customer outcomes, businesses should expect to see increased scrutiny on fraud prevention. Many areas for improvement are linked to customer experience—for example, providing easy ways to report fraud, quickly resolving issues at the first point of contact, supporting vulnerable customers, and recognizing the emotional distress caused by fraud.

PSPs need to think about their fraud risk not only from a financial perspective, but also through customer- and reputation-oriented metrics. A balance between fast payment processes and strong controls is essential.

PSR expects PSPs to continue their efforts to prevent and investigate all APP fraud cases, including those below £100 excess claim. Firms should implement innovative data-driven approaches to ensure compliance and effectively change customer behaviour.

Companies should consider implementing customer communication and education strategies, with a focus on behavioral economics techniques (for example, intervention at the point of transaction) to increase customer awareness of the risks of app fraud and methods to prevent it.

What should PSPs do now?

Despite resistance from the banking sector, the PSR is sticking to its new reimbursement model. All PSPs must assess their existing systems and processes to ensure compliance with the new regulations, regardless of their current methods.

Payment service providers should focus in particular on improving staff training, especially in the identification and protection of consumers at risk.

Payment service providers must also develop policies and procedures regarding customer care standards, with a particular emphasis on customer education.