Article

A New Reimbursement Requirement for Authorised Push Payments

The Fraud Liability Shift

By Sandra Desautels

In 2019, the Payment Systems Regulator (PSR) introduced the voluntary Contingent Reimbursement Model Code (the CRM Code) for Authorised Push Payment (APP) scams to provide a framework for banks and payment service providers to reimburse victims of payment scams. The CRM was designed to strike a balance between protecting consumers from the financial impact of scams while also encouraging responsible behavior.1

The new reimbursement requirement for APPs is likely to come into force in October 2024 and it will shift the liability more from consumers to the payment firms and bring mandatory reimbursement requirements to payment firms to compensate victims of scams.

 

Highlights

APP scams occur when the consumer transfers funds to another person/entity assuming they are for legitimate purposes but are in fact fraudulent. APP has become one of the most significant types of fraud and it poses a significant threat across the globe. These scams can take various forms, such as fraudulent requests for payments, investments, or payments for goods and services that are never delivered. APP fraud losses reached £485.2 million in 2002; down 17% compared to 2021. Within this, 57% of all reported cases related to purchase fraud, with case volumes breaking 100,000 for the first time. Investment fraud continued to be one of the largest proportions of APP losses (24%). Overall, the amount of APP fraud losses reimbursed under the CRM Code increased by 5% in 2022, compared to the previous year.2

APP scams are not limited to specific groups. The PSR has been concerned about the rise of these scams and has taken steps to address this issue and protect consumers . PSR collaborates with financial institutions, consumer groups and law enforcement agencies to address APP scams and prevent payment fraud. The PSR’s new reimbursement requirement will require most APP scam victims to be reimbursed within five business days (provided they make a claim within 13 months of the fraudulent transaction), with sending and receiving firms splitting the costs of reimbursement 50:50 between sending and receiving firms.3 Whilst there is no minimum threshold for APP fraud claims, a maximum threshold value is currently being determined as part of the ongoing consultation.

 

Key Considerations

The PSR expects industry to start working now to implement the new reimbursement requirements. Payment firms and banks should review and assess their existing fraud prevention and due diligence policies and procedures, and reimbursement efforts to ensure they align with the new requirements. Payment firms should develop clearer communication strategies to educate customers about the risks of APP scams, which should align with the PSR’s Consumer Standards of Caution.4 Many banks have put in friction into the payment process by asking the consumer to check and confirm the payment is not fraud rather than offering a ‘one-click’ service. They are also checking for name matches on payment instructions prior to executing payments to reduce the fraud losses that they will become liable for.

In addition, payment firms and banks should conduct thorough risk assessments to identify vulnerabilities within their payment systems and ensure they have an appropriate fraud risk management framework in place.

Guidehouse can assist payment firms with the following services:

  • Conduct a fraud risk assessment to identify and help prioritise risk responses in the areas of highest exposure or impact;
  • Review fraud risk management programmes to assess their maturity and effectiveness; and
  • Evaluate transaction monitoring rules aligned with red flags to detect APP fraud, mule account identification and develop remedial measures.

1 “The Lending Standard Board’s Response to the House of Lords Committee on the Fraud Act 2006 and Digital Fraud – Call for Evidence.” UK Parliament, 2 Apr. 2022, committees.parliament.uk/writtenevidence/108066/html/. The CRM Code required sig-natory firms, including the largest banks in the UK, to put in place measures to detect and prevent APP scams and reimburse customers where they have fallen victim to an APP scam through no fault of their own.
2 UK Finance. “Over £1.2 Billion Stolen through Fraud in 2022, with Nearly 80 per Cent of APP Fraud Cases Starting Online.” UK Finance, 11 May 2023, www.ukfinance.org.uk/news-and-insight/press-release/over-ps12-billion-stolen-through-fraud-in-2022-nearly-80-cent-app.
3 “PS23/3: Fighting Authorised Push Payment Fraud: A New Reimbursement Requirement.” Payment Systems Regulator, 7 June 2023, www.psr.org.uk/publications/policy-statements/ps23-3-fighting-authorised-push-payment-fraud-a-new-reimbursement-requirement/.
4 The PSR APP Scams – The consumer standard of caution, August 2023 (CP23/7), in which there is a require-ment for consumers to have regard to such warnings. Consumers not having regard to specific direct warnings may be deemed to be acting with gross negligence and may therefore be exempt from claiming under the new reimbursement requirement.

insight_image

Sandra Desautels, Partner


Let Us Guide You

Guidehouse is a global consultancy providing advisory, digital, and managed services to the commercial and public sectors. Purpose-built to serve the national security, financial services, healthcare, energy, and infrastructure industries, the firm collaborates with leaders to outwit complexity and achieve transformational changes that meaningfully shape the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.