.svg)
More than a year after the Payment Systems Regulator (PSR) introduced its authorised push payment (APP) fraud reimbursement framework, debate over its efficacy and fairness continues, and its future remains uncertain.
The reimbursement regime was introduced with the aim of promoting fairness ā large sending banks previously bore full liability, despite the role of receiving banks in facilitating fraudulent activity.
The regulator viewed APP fraud as a significant threat to both consumers and payment service providers (PSPs). Crimes such as romance scams can be devastating for victims, both financially and personally, while UK financial institutions also suffer substantial losses from increasingly sophisticated fraud tactics.
The PSR sought to share the responsibility for reimbursement and incentivise both sides of the transaction to scrutinise it for signs of fraud.
Speaking on a panel at the Payments Associationās Financial Crime 360 event in early November 2025, Mark Thynne, senior manager, enforcement and compliance monitoring at the PSR, said the policy has resulted in significant reimbursement for consumers.
This position is supported by data published by the PSR in September 2025, which showed that 88 percent of the money lost to APP scams within the scope of the policy, amounting to Ā£112m, was returned to victims.
Thynne noted that an independent review of the first year of the APP fraud reimbursement policy is underway, with the results due in spring 2026.
Response
A key way that UK PSPs have responded to the PSRās reimbursement rules has been to invest in technology solutions that seek to identify and prevent fraudulent activity.
These include tools that attempt to intervene early in the customer journey using behavioural biometrics, security technology that identifies and authenticates users based on their unique digital interaction patterns, including how they type, use a mouse or handle a mobile device.
In the context of fraud detection, these tools work by creating a profile of a consumerās normal behaviour and flagging deviations to detect fraud or secure accounts. They are intended to provide a non-intrusive layer of security that can work alongside traditional methods such as passwords.
In addition, sending PSPs have been scrutinising customersā activity and engaging in what the FCA calls ābreaking the spellā ā persuading them that they are being scammed.
This is a considerable challenge, given the power that fraudsters engaged in romance and other scams can exert over the individuals they target.
Organisations have trained staff to recognise red flags and critically assess customer explanations.
Ongoing challenge
Addressing the issue of APP fraud remains an ongoing challenge, and many financial institutions (FIs) believe they continue to bear a disproportionate share of the burden.
Speaking on the same panel at Financial Crime 360, Bernadette Smith, Starling Bankās chief compliance officer, noted the sense that the balance is skewed, with FIs bearing an unfair share of responsibility.
She highlighted that PSPs face the challenge that customers complain if fraud occurs, but also complain if organisations add friction to transactions with the aim of preventing scams.
Another panellist, Alison Kopra, financial crime director at Grant Thornton UK, observed that the impact of the reimbursement rules varies considerably depending on an organisationās role in the ecosystem.
She added that receiving PSPs and banking-as-a-service (BaaS) providers often have limited visibility of users and transactions, making it difficult to identify fraudulent activity or challenge sending PSPsā decisions to reimburse.
Kopra emphasised the need for PSPs to share good practice in areas such as real-time screening and enhanced due diligence.
She also stressed that BaaS providers must review their clientsā fraud prevention policies and enforce consequence management where necessary, including terminating relationships.
The wrong focus
Hugo Remi, CEO of Cardaq, an issuing and acquiring platform for banks and fintechs, told the panel he believes the PSRās reimbursement rules place undue pressure on smaller firms, and suggested that some may be considering withdrawing certain services.
He pointed out that making reimbursement and FIs the focus of the discussion diverts attention from the fraudsters themselves, who he believes should face harsher consequences.
One potential solution, he said, could be a blacklist for customers who commit fraud, easing the burden on PSPs by preventing them from onboarding individuals known to have defrauded other institutions.
Remi noted that major card schemes already operate systems to blacklist merchants involved in money laundering, suggesting that implementing a similar mechanism for fraudsters should be achievable.
However, as the PSRās Thynne pointed out, regulators are typically wary of approaches that risk denying individuals access to the financial system.
Nevertheless, as the payments sector continues to explore ways to address fraud, solutions that go beyond reimbursement may increasingly need to be considered.
What next?
Regulators and financial institutions in the UK and elsewhere will need to maintain a strong focus on tackling fraud. A crucial next step is for PSPs to improve information and best practice sharing.
Starlingās Smith observed that criminal networks are highly effective at sharing intelligence, with new fraud techniques spreading rapidly, and suggested that FIs should work more collaboratively, even overcoming data protection constraints, to combat fraud.
Another ongoing conversation is around the issue of accountability for social media platforms and telecoms firms.
Another ongoing debate concerns the accountability of social media platforms and telecoms providers. PSPs frustrated at having to bear the full cost of reimbursing fraud victims have long argued that the online platforms where much criminal activity originates should share the burden.
So far, the UKās main move in this direction is the Online Fraud Charter, established by the Home Office in 2023 as a voluntary agreement between the government and the technology sector to reduce fraud on digital platforms.
Other jurisdictions have gone further: Australiaās Scams Prevention Framework and Singaporeās Online Criminal Harms Act both bring telecoms providers and digital platform services within scope.
If the UK were to adopt a similar approach, it might help address the 85 percent of scams that originate on online platforms, including social media and dating websites.
The PSR and the Financial Conduct Authority (FCA) will continue to monitor progress, and have committed to engaging with industry stakeholders and consumer representatives on their experiences with the APP fraud reimbursement policy.
The next milestone is the publication of the independent review into the policyās first year, which may offer an indication of the direction of travel.
