.svg)
The UK’s Payment Systems Regulator (PSR) has published a statement on the proposed Authorised Push Payment (APP) fraud reimbursement cap, along with a cost-benefit analysis of the regulator’s new APP fraud rules, based on findings from an ongoing industry consultation.
The rules, which are now confirmed to come into effect on October 7, 2024, come as APP fraud continues to pose an escalating threat to consumers and payment service providers (PSPs) alike, with UK financial institutions facing substantial losses from increasingly sophisticated fraud tactics.
The recent statement is the latest in a series of PSR actions attempting to balance consumer protection with the financial sustainability of PSPs, which are shouldering significant costs in mitigating these fraud risks.
The initial £415,000 cap aimed to ensure robust consumer protection, but concerns have emerged about the risk of misuse and the potential financial burden on smaller firms, leading to the revised £85,000 cap, which is in line with the Financial Services Compensation Scheme (FSCS) limit.
The bigger picture
Overall, APP fraud continues to pose a problem for UK PSPs, with UK Finance’s latest figures finding that costs for UK institutions totalled an estimated £459.7m in 2023. According to PSR analysis, there were 250,000 cases of APP fraud in 2023, with 18 involving losses exceeding £415,000, and 411 involving losses of more than £85,000.
This data has stirred debate around the appropriate levels and scope for the PSR’s policy, given the complexity of the payments ecosystem, and the likely impacts on smaller payments institutions.
The Payments Association recently wrote to City Minister Tulip Siddiq, urging for the maximum reimbursement for victims of APP fraud to be reduced to £30,000, a level the association assesses would still cover 95 percent of fraud cases.
From another perspective, the UK Finance data also shows that PSPs are often footing the bill for fraudulent schemes that arise in sectors of the industry beyond their control.
The data indicates that more than three-quarters (76 percent) of APP fraud originates online, even though online fraud only accounts for just less than a third (30 percent) of APP-related losses. Instead, most of the APP-related losses tend to originate from cold calling.
For example, APP scams where the victim was contacted via telephone represent just 16 percent of cases but account for 43 percent of losses, according to UK Finance data.
Bryn Thompson, a spokesperson at anti-fraud software company Phonely, said: “While more scams may originate online, the substantial losses from phone fraud highlight the need for the telecom industry to prioritise robust security measures.”
Implications for Big Tech
Despite measures such as strong customer authentication (SCA) and Confirmation of Payee (CoP), gaps in identity verification processes still leave digital payments vulnerable to fraud arising from social media platforms.
Given the data on APP fraud and its origins on digital platforms, the industry is also calling for big tech companies to share the liability of fraud losses. UK Finance’s 2024 annual report finds that scams on social media and other popular communication platforms are present in each category of payment fraud analysed.
Banks say social media and technology companies should have the same financial incentives to control fraud as traditional financial institutions, but under current rules, big tech firms such as Instagram parent Meta Platforms are outside the PSR’s jurisdiction.
UK Finance sees the commitments outlined in the Online Fraud Charter as fundamental for implementing tangible actions across the technology sector. These efforts could help to establish global benchmarks and build on progress made at the UK’s fraud summit.
Big tech could address this by adopting integrated bank-verified digital identity solutions, which have proven effective in reducing fraud and enhancing transaction security.
Why should you care?
The consultation on the payment fraud reimbursement cap has generated significant attention from payments industry players. The industry faces a range of pressing considerations, such as the rising cost of monitoring and compliance. This includes personnel and technology solutions to help detect and mitigate a range of evolving risks in fraudulent schemes.
There is ongoing debate around the appropriate types of regulatory interventions required for addressing the origins of payment fraud.
This likely involves closer coordination by supervisory authorities and across industry coalitions to address the role of customer safeguards and monitoring among big tech platforms and telecoms firms around the origins of fraud schemes.
As calls grow louder for big tech to bear more responsibility, the regulatory landscape may evolve, with new frameworks potentially expanding beyond the current jurisdiction of the PSR to encompass technology giants. This would seek to shape the growing interdependence between payment systems and digital platforms in fraud prevention.
For now, the lowered cap will be beneficial for smaller payments firms, for which the capital requirements needed to ensure coverage for potential fraud cases at the higher levels would be onerous and hamper investment and innovation.
The PSR recognises that the lower fraud reimbursement cap is likely to have significant implications for banks’ relationships with consumers. One positive effect is that a lower cap may prompt consumers to be more cautious in verifying transactions and protecting themselves from fraud, knowing that not all losses might be fully reimbursed.
However, there are considerable risks to banks’ reputations. Falling victim to APP fraud can significantly affect confidence in digital banking, with Visa research showing that 19 percent of victims report decreased trust and 35 percent becoming more cautious when paying new payees. Additionally, nearly half (45 percent) of those affected feel at risk of future scams, emphasising the need for stronger fraud prevention measures across the industry.
These trust and loyalty concerns are especially relevant for PSPs working to retain high net worth individuals (HNWIs). More than 40 percent of HNWIs, according to the Saltus Wealth Index, have fallen victim to financial crime, with one in eight targeted in the previous six months. The most common scams were online shopping scams (24 percent), investment scams (20 percent) often involving cryptocurrency and pension scams (15 percent) involving unregulated or bogus schemes.
The PSR’s intervention has broad implications for the activities and strategies of PSPs across the UK payment ecosystem, but there will likely need to be further action from supervisors and cross-industry coalitions to tackle the roots of APP fraud more directly in future.
What’s next?
The consultation on the proposed lowering of the reimbursement cap closes at 1pm on September 18, 2024. Given the tight timeframe, firms can either email comments to appscams@psr.org.uk or email to request a meeting to discuss their views instead of submitting a written response.
The PSR plans to publish by close of business on September 26, 2024 a policy statement containing its decision on the implementation approach to the maximum level of reimbursement that will take effect from October 7, 2024.
As part of the evaluation, the PSR has also committed to undertake a review after the policy has been in place for at least 12 months, using further data and information available to assess whether to change the maximum level of reimbursement.
