(what the hell is authorised push payment fraud anyway?)
the payment systems regulator said there are inconsistent outcomes for customers who report an app scam to their bank or building society.
authorised push payment (app) fraud is a scam where the victim is tricked into making large bank transfers to an account posing as a legitimate payee.
aci fraud management for banking turns bank fraud detection and prevention into a competitive differentiator with a seamless fraud analytics solution.
the high court considers for the first time whether and to what extent banks and other payment service providers (psps) are required to take steps to trace and retrieve funds following an authorised push payment (app) fraud.
paymentsystemsregulatorfinalisespolicypositionsonauthorisedpushpaymentfraud
uk banks will be given an extra 72 hours to stall payments if they suspect authorised push payment fraud.
no one will argue that authorised push payment fraud victims don't deserve justice, but which parties are liable for making it right? in the united kingdom, many cases have passed through the courts, setting precedents for handling such incidents, with ramifications for banks, third parties and victims at both ends of these transactions.
app fraud requires urgent action from uk regulated firms ahead of mandatory fraud reimbursement coming in 2024. learn how you can recover up to 80% of funds.
app fraud is where victims are tricked into sending funds from their bank account to a fake or fraudulent account.
thousands have lost their savings in recent years due to authorised push payment fraud
the code sets out consumer protection standards to detect, prevent and respond to authorised push payment scams, ensuring the best outcomes for customers.
authorised push payment (app) fraud has escalated in recent years, with the number of cases increasing year on year. what can companies do? what is app fraud? authorised push payments (app) are normal payments that companies make using online banking services. they have been correctly authorised and are “pushed” from their account to the beneficiary....
in order to benefit from all the features on your app please ensure the mobile number you have recorded within online banking matches the number you used
the payment systems regulator is implementing a new regulation which will include a reimbursement requirement for eligible victims of authorised push payment fraud on the faster payments system.
app (authorised push payment) fraud is a type of scam where a criminal tricks someone into willingly making a bank transfer to them. learn how to protect yourself.
authorised push payment (app) fraud in the uk is the largest type of payment fraud, both in number of scams and value of losses. it involves a fraudster convincing someone to send a...
get information about the latest fraud and scam threats to watch out for. helpful tips on how to spot potential fraudsters and how to protect your business.
authorised push payment scams happen when criminals persuade you to make bank transfer. reputable business or organisation, try to pressure into acting quickly.
cybercrime & cryptoassets in a world where increasingly many aspects of our lives are conducted online, the scope for criminals to exploit weaknesses and profit from technological vulnerabilities is huge. litigation expertise with the speed and frequency of online transactions comes greater risks ranging from where we log on to the internet to how we […]
the regulator is urging payments firms to adopt confirmation of payee (cop) to prevent app fraud. we look at how firms can protect their customers and reduce fraud.
what is authorized push payment fraud? types, & impact
customers can claim up to £415,000 from next october, says regulator
in december 2023, the payments systems regulator issued their final decision, setting out final details of a new policy - push payment scams
starting oct. 7, uk payment service providers must reimburse victims of app fraud after new regulations by the government's payment regulator.
learn how to avoid authorised push payment fraud (app) and see how rfb successfully recovered over 500,000 euros in an app fraud case.
the psr publishes policy statement creating a new mandatory reimbursement requirement for app fraud
what is authorised push payment fraud? authorised push payment (app) fraud occurs when an individual is manipulated into making a transaction to a fraudulent party posing as a genuine payee. methods for obtaining personal data to access funds may include: impersonation; phishing; recruitment scams; extortion scams; investment scams; romance scams; remote access scams; and advance […]
bank transfer scams happen when someone transfers money to a bank account belonging to a criminal from their own bank account. we explain what to do if you’re victim to this scam.
statement setting out how the government and payment systems regulator intend to improve reimbursement of app scam victims.
if you are unknowingly tricked into sending money to someone, it is known as an authorised push payment (app) scam. we may be able to help you reclaim money.
the payment systems regulator (psr) and the bank of england are introducing a mandatory reimbursement scheme for victims of authorised push payment fraud (app fraud). app fraud is when a consumer is persuaded or tricked into authorising a payment to a fraudster. this can happen because they are misled about who is the receiving the money or why they are sending it. the new reimbursement scheme is intended to come into force on 7 october 2024 and will apply to payments made after that date. firms may decide to reimburse consumers earlier than this date, on a voluntary basis. the scheme will be implemented through the psr giving directions to pay.uk, the independent operator of the faster payments scheme. the bank of england is also developing similar rules for uk retail chaps payments. the psr will also increase transparency by publishing app fraud data and tasking industry with developing a data and intelligence sharing tool. it is hoped that the new scheme will further encourage and incentivise payment service providers (psps) to develop better systems for identifying fraud and effective interventions to change consumer behaviour. summary of new scheme: mandatory reimbursement within five working days. cost to be split 50/50 between sending and receiving psps. coming into force on 7 october 2024. no minimum, maximum £415,000. voluntary excess of £100. faster payments and retail chaps payments are within scope. special requirements for vulnerable consumers. background uk finance stated in its 2023 annual fraud report that in 2022 there were over 200,000 reported app fraud cases on personal accounts, and losses totalled over £485m. previous efforts to address the problem of app fraud, which can result in consumers losing significant amounts of money with little prospect of redress, have included strong customer authentication requirements and the lending standards board’s contingent reimbursement code. in 2022 the psr expanded confirmation of payee to 400 new psps, some of which had to comply by 31 october 2023 (group 1) and the rest by 31 october 2024. however, the government’s concern is that these measures do not go far enough, and as part of its wider fraud strategy has legislated to allow a requirement for mandatory reimbursement (via the financial services and markets act 2023). among other things, the government amended the payment services regulations (psrs 2017) to clarify that regulation 90, under which a psp is not liable for the defective execution of a payment which is executed in accordance with a unique identifier, does not affect the liability of a psp where the psr has exercised its regulatory powers in relation to app scams. in june 2023, the psr published a policy statement on enhancing consumer protection from app fraud in faster payments. this followed previous consultations and a call for input in 2021 and 2022. the bank of england separately confirmed that similar rules will apply to retail chaps. these changes will be implemented via directions from the psr to chaps participants (due for consultation in q1 2024) and changes to the chaps scheme rule book. the reimbursement requirement the reimbursement requirement is underpinned by 10 key policies, as follows: sending psps must reimburse all customers who fall victim to app fraud, the receiving psp must pay the sending psp 50 per cent of the reimbursement, within a time period to be set by pay.uk, there will be two exceptions: where the customer has acted fraudulently, or where the customer has acted with gross negligence, that is, outside the consumer standard of caution: see below for more details. customers must be reimbursed within five business days, there will be a claim excess, which was finalised at £100 (see below for more details), there is no minimum threshold for claims, there will be a maximum level of reimbursement of £415,000 (see below for more details), there will be a time limit for making claims of 13 months after the last payment, the customer standard of caution and claim excess will not apply to vulnerable consumers, and "multi-step" fraud cases that involve more than one payment will also be covered. the reimbursement requirement will apply to an account controlled by a person other than the customer, where the customer has been deceived into granting that authorisation as part of an app fraud case. who is in scope? the reimbursement requirement applies to payments made by consumers, microenterprises and charities. psps that operate the sending or receiving payment account for a qualifying transaction are in scope, including direct and indirect faster payments participants. it is expected that this will be similar for chaps participants, taking into account its unique characteristics. the psr is unable to mandate reimbursement for a payment made to a recipient hosted by the same psp, as it is not made via a payment system. however, it expects psps to reimburse such victims of app fraud anyway. the consumer standard of caution the psr has proposed two exceptions to the reimbursement requirement: the first being if the consumer has acted fraudulently, and the second being if the consumer has acted with gross negligence. we refer to the latter as "the consumer standard of caution". the psr has proposed that customers should be subject to an express standard of care in relation to authorised push payments and has published guidance on this. the guidance notes that the standard of care includes four elements: the requirement to have regard to specific, directed interventions made either by the sending psp or by a competent national authority. the guidance notes that any intervention for the purpose of this exception should be bespoke. they must be consumer, scam and transaction specific and should not consist of "boilerplate" written warnings. where a consumer chooses to proceed with a transaction after an intervention by the psp, they should not automatically be deemed to be grossly negligent. rather, the psp should conduct an assessment of the degree of negligence including, for example, the complexity of the scam to which the consumer has become victim. the prompt notification requirement (as soon as possible, and no later than 13 months after the last payment was authorised). the information sharing requirement. consumers will be required to respond to any reasonable and proportionate requests for information made by their psp, which should allow providers to assess reimbursement claims and whether the consumer is vulnerable. firms will need to consider carefully what is reasonable and proportionate, and appropriate action if a consumer does not respond. the police reporting requirement: consumers should, after making a reimbursement claim, consent to the psp sharing their details with a competent national authority. the burden of proof will fall on the psp to show that the consumer has acted with gross negligence. this is a higher standard than the general standard of negligence under common law and the consumer needs to have shown a very significant degree of carelessness to fall within the exception. psps should not place additional standards on consumers. for example, the guidance notes that psps cannot impose any terms and conditions on their consumers that shift the burden of proof to the customer or require consumers to disprove that they were grossly negligent. vulnerable consumers are excepted from this standard. firms should note that when considering whether a consumer is vulnerable, they should take into account the consumer’s circumstances when making the transaction, in addition to personal characteristics of vulnerability. they should have regard to the fca’s guidance on vulnerable customers and be mindful of their obligations under the consumer duty. claim excess and maximum reimbursement level for faster payments and chaps the claim excess: £100 in policy statement 23/4 the psr set the claim excess at £100. the claim excess amount is designed to balance encouraging consumer caution while maintaining appropriate incentives on firms to prevent app fraud. consumers will be encouraged to report lower-level frauds to psps, which should still investigate and attempt to repatriate funds. psps will be free to levy the full excess, a partial excess, or no excess at all. if psps reimburse in full and do not levy an excess, they will not be able to claim back any of the excess from the receiving psp. the cap the cap has been set at £415,000, which matches the current cap for compensation from the financial ombudsman service and under which the vast majority of app frauds fall. the psr has decided not to raise the cap every year in line with inflation. the maximum reimbursement level is intended to allow firms to understand and manage their potential liability to app fraud. the psr encourages psps to take steps to mitigate the risks of reimbursement liabilities and to do this prior to its policy coming into effect. these include considering appropriate transaction limits, improving "know your customer" controls, strengthening transaction-monitoring systems and stopping or freezing payments that psps consider to be suspicious for further investigation. vulnerable consumers vulnerable consumers will not be subject to the excess, but they will be subject to the cap. data and intelligence sharing the psr has tasked industry to develop a data and intelligence sharing tool to facilitate improved risk detection and fraud prevention, for example by stopping or delaying high-risk payments. pay.uk has consulted on the first iteration of data standards to support this information sharing and is working towards building an application programming interface (api) solution through which standardised customer data will be sent. the psr expect psps to start implementing aspects of the system at the earliest opportunity. the rules the psr will direct pay.uk, as the payments system operator, to amend its rules to implement the reimbursement policy, as this will allow the rules to be amended more quickly than regulatory instruments. the reimbursement requirement is being implemented via the following legal instruments: specific requirement 1 to pay.uk to insert the reimbursement policies into the faster payment scheme rules (including separate instruments mandating the value of the maximum level of reimbursement, the maximum excess and the consumer standard of caution). specific direction 19 which imposes responsibilities on pay.uk to monitor compliance with the reimbursement rules, to take steps to improve psps’ compliance and to gather data and report to the psr. specific direction 20 which directs psps to reimburse app scam payments and comply with the faster payments rules. the psr will give a similar direction to direct and indirect chaps participants. amended faster payments scheme rules (only published in draft). amended chaps scheme rules (not yet published). amendments to the psrs as part of the earlier consultation, hm treasury also sought views on whether there were benefits in allowing receiving banks to delay crediting an account, if it suspected a payment was fraudulent, before following procedures under the proceeds of crime act. subsequent to this, on 12 march 2024, the treasury published the payment services (amendment) regulations 2024 and accompanying policy note, which allows a payment service provider to delay crediting a transaction to a payee’s payment service provider’s account where: the payment service provider has established that there are reasonable grounds to suspect a payment order from a payer has been placed subsequent to fraud or dishonesty perpetrated by a person other than the payer, and such grounds are established no later than the end of the business day following the time of receipt of the payment order. the delay must not be any longer than necessary to achieve the purpose required and cannot be longer than the end of the fourth business day after the time of receipt of the payment order. unless it is unlawful to do so, payment service providers are required to inform the payer of the fact of the delay, the reasons for the delay and any information or action required by the payer to enable the payment service provider to decide whether to execute the order. these changes will come into force on the same day as the app rules. next steps pay.uk will publish the final faster payments scheme rules, further to its october consultation. the psr is expected to consult on a direction on chaps participants in q1 2024, including amendments to the chaps scheme rules. the psr has committed to publish a post-implementation review in 2026. this publication is a general summary of the law. it should not replace legal advice tailored to your specific circumstances. © farrer & co llp, january 2024
how we help protect you from authorised push payment scams.
our-codes
push payment fraud (also called app fraud) happens when cybercriminals deceive individuals into sending them money. because the victim believes the fraudster to be genuine, they authorise the handover of...
understand what authorised push payment fraud is, including examples, impact, and how to tackle it. plus, learn about the new 2024 app fraud requirement.
tommaso scarpa, head of financial crime at currencycloud, explores whether fis are fully prepared for new regulations surrounding app fraud.
push payment fraud is a common type of bank transfer scam, but there are ways to protect your account. find out how it works with our guide.
find out what authorized push payment fraud is, what methods fraudsters use, and how it can be prevented and detected. learn more today.
one of the many challenges in our post-covid world has been a steep rise in financial fraud, and one of the most common types of fraud facing consumers is authorised push payment fraud. in this blog, we
with app fraud, victims are tricked into sending money to scammers. here’s what you need to know about this common type of scam