A question of liabilities – four sides to APP fraud reimbursement
The Regulator
The Payment Systems Regulator (PSR) has announced that the mandatory Authorised Push Payment (APP) fraud reimbursement value is now under consultation to be reduced from £415k to £85k, ahead of the scheme coming into effect on October 7th.
The PSR confirmed that out of over 250,000 cases there were 411 instances in 2023 of people being scammed for more than £85,000 (less than 0.16%). Reducing the top threshold to £85k will therefore still cover the vast majority of fraud cases and bring the amount in line with the Financial Services Compensation Scheme (FSCS) reimbursement limit.
However, Rocia Concha, director of Which? Policy and advocacy, stated in the Financial Times that the reimbursement reduction “significantly reduces crucial financial incentives for payments firms to put in place effective fraud security measures”. For this reason, the regulator must focus on ensuring PSPs keep adequate controls in place, and encourage data sharing in relation to APP frauds between firms.
The Industry
This proposed reduction follows months of lobbying and pressure from FinTechs and smaller firms, concerned that they cannot absorb the same losses that large banks can afford. Mandating a small payment firm to reimburse even a 50% split of a £415k claim that cannot be recovered could cause issues with cash flow and capital requirements. Even at the reduced proposed level these are still significant amounts to potentially have to cover.
Sending and receiving Payment Service Providers (PSPs) must split the reimbursement 50/50 between them. The initial limit of £415k was described by treasury insiders as “a disaster waiting to happen” according to the Financial Times, potentially putting the smaller firms out of business.
Big Tech and Social Media platforms
The missing element from the reimbursement scheme is the inclusion of the major tech, mobile and social media platforms. The origins of scams and frauds are multifaceted but a significant portion are now originating through scam calls and use of social media marketplaces to sell non-existent goods, amongst other frauds. Fraudsters will either pressure or deceive customers into initiating their own payments and falling victim to APP fraud.
Crucially, these platforms hold a huge amount of data that would be extremely useful if fed into a centralised fraud data sharing network. Bringing some accountability in these sectors as part of a concentrated effort to combat fraud would be of great benefit to the underlying issue of fraudsters exploiting customers.
The Customers
Let us not forget the purpose of the reimbursement scheme; to try to protect customers from being defrauded. Scams and fraud make up a huge amount of the total fraud costs to the country, and almost everyone has either experienced a scam or knows someone that has fallen victim to one. There is no doubt that there needs to be a level of protection for genuinely defrauded customers, and the scheme puts those mechanisms in place.
Conversely, it also presents opportunities to customers who may not be so genuine, with the level of first party fraud expected to rocket when this scheme comes in. Another argument is that it brings a level of complacency to customer behaviour, as they know that almost no matter what they will be compensated.
What Next?
If the October 7th deadline goes ahead, which is highly likely, the next few months will determine how successful the reimbursement scheme will be in the eyes of the regulators, the industry and the customers.
For PSPs they must ensure that the quality of their fraud controls are kept to a high standard. Although an unexpected payout of £85k payout is less likely to bankrupt a business than £415k is, it is still a large amount, especially if PSPs find themselves targeted with multiple frauds. Consumers can make claims up to 13 months after the transaction takes place, meaning that a wave of unexpected payouts may occur at almost any time.
To avoid this, APP fraud controls must be effective and embedded as part of a holistic approach to fraud prevention, detection and remediation:
- Undertake a Fraud Risk Assessment, considering the operational impact of APP fraud reimbursement requirements
- Ensure you have adequate systems, tools and resources to deal with the full life cycle of reimbursements, from alerts through data gathering and sharing, to the recovery of losses
- Put in place clear MI, data and information sharing channels internally and with other PSPs
- Train employees appropriately, from internal analysts looking at alerts and claims, and any customer facing employees who will be talking to victims, or maybe even perpetrators
For support in these areas, please contact James Dodsworth, Senior Financial Crime Manager at Thistle Initiatives: james.dodsworth@thistleinitiatives.co.uk.