Authorised Push Payment (APP) scams occur when payments are made to a malicious third party masquerading as someone legitimate. Examples might be someone pretending to be your child requesting money for a new phone or a fraudster impersonating the builder that did work on your house, demanding urgent payment.
The Payment Systems Regulator (PSR) is implementing a new regulation which will include a reimbursement requirement for eligible victims of APP fraud on the Faster Payments system (the transfer system where most APP fraud is committed). The date for implementation of this new regulation is now set at 7 October 2024. Once the requirement comes into force, Payment Service Providers (PSPs) will have to reimburse eligible victims of APP fraud.
The Faster Payments system is a banking transfer system (such as BACS or CHAPS) designed to reduce transfer times to a few seconds. It was developed in 2008 as an alternative to the Bankers Automated Clearing System, founded in 1968, which averages three working days for transfers. The Faster Payments system is usually used for smaller transactions but can be used for transfers up to £1 million. The system sees heavy traffic and was used by 39% of businesses for money transfers in 2021.
Until relatively recently, as these scams involved properly authorised payments, albeit to fraudsters, victims were rarely reimbursed by their bank for their lost money. As a result of a super-complaint to the PSR in 2016 by Which?, serious investigation into how to protect consumers from these scams began to be carried out.
As a result, the Lending Standards Board governed Contingent Reimbursement Model Code (CRM) was implemented on 28 May 2019. This introduced a system where PSPs who were signatories to the agreement would reimburse their customers who fell victim to APP fraud and acted appropriately. Nearly half of reported APP scam losses have been reimbursed to victims under the CRM between early 2020 to late 2022.
Whilst this system has improved the protection for consumers, it is a voluntary code and requires financial institutions to sign up to it. Whilst the largest UK banks are signatories, few smaller institutions (such as building societies) are party to it.
The main difference is that this new requirement will be mandatory for all PSPs using the Faster Payment system.
There is a similarity with the CRM as the requirement means that the sending PSP will reimburse the victim of the APP fraud. However, the sending PSP will then be able to seek 50% of the cost from the receiving PSP. Where stolen funds are recovered by the receiving PSP, 50% of these must be returned to the sending PSP.
The logic with this regulation is that putting a mandatory reimbursement burden on PSPs means that it will incentivise the development of methods to deter and prevent this type of fraud. The PSR is also in discussions with the Bank of England (who run the CHAPS service) to implement similar controls on their transfer system.
Whereas the Lending Standard Board was the regulatory body for the CRM, the PSR intends to give Pay.UK the enforcement authority over this new requirement. Pay.UK are the operator of BACS, Faster Payments and the Image Clearing System (used for digital cheque exchange).
All APP fraud victims who executed their payment over the Faster Payments system are covered by it. This will cover the majority of transfers between UK banks for sums under £1 million. However, whilst the CHAPS system will likely implement similar provisions, transfers made on systems other than Faster Payments will not be covered by this new regulation.
There are also restrictions on who will be mandatorily reimbursed and how much they can receive. Only consumers not acting in the course of business, smaller charities (under £1 million annual income) and businesses with fewer than 10 people and turnover under £2 million are eligible. There will also be a maximum reimbursement level for each claim of £415,000, which will apply to all in-scope victims (to match the upper limit of the Financial Ombudsman Service complaints compensation). This limit is not set to increase automatically with inflation and is not exempted for vulnerable victims.
PSPs are also able to implement certain restrictions on claims (but will be subject to limitations by the PSR). For instance, PSPs will be able to set time limits on claims (no less than 13 months), and set a claims excess (as in insurance policies) of no more than £100. However, any excess provision will also not apply where the victim is deemed vulnerable.
The reimbursement requirement will also not apply where the victim has committed fraud themselves or where they have acted with exceptional carelessness (this latter negligence requirement will also not apply if the victim is deemed vulnerable). The PSR has recently indicated what may be considered as insufficiently careful, this might be:
However, the burden will be on the bank to prove that the victim acted with gross negligence, setting a high threshold for them to overcome. It will therefore not be appropriate to dismiss a claim if there is evidence that only one of the above conditions was satisfied.
It appears that the regulation also does not propose to work retroactively. Therefore, reimbursements will not be available under the regulation to those who fell victim to an APP scam before the regulation’s implementation date (set at 7 October 2024).
Have you fallen victim to APP fraud and qualify under the above criteria? Towards the end of this year, it will be more straightforward and easier than ever to be reimbursed for your losses.
Should you need any advice on seeking reimbursement or whether you are eligible, please don’t hesitate to contact Claire Boucher.