- 5 MIN
- Article
- Support
- Regulations
Understanding APP Fraud Regulation in the UK
The Payment Systems Regulator (PSR) has implemented regulations to enhance consumer protection and set clear responsibilities for Payment Service Providers (PSPs) to curb Authorised Push Payment (APP) fraud. What do these mean for UK fintechs?
Key takeaways
- The increase in reported cases of APP fraud has prompted the Payment Systems Regulator (PSR) to take regulatory action.
- Payment Service Providers (PSPs) and Digital Payment Platforms are expected to take action to protect consumers, ensure accountability and increase transparency.
- Fintechs need to be aware of these regulations to ensure they meet the required regulatory reporting expectations.
Fraud is an ever-present threat that can lead to significant losses for consumers and companies alike. As technology and security measures evolve, fraudsters seem to be finding more creative ways to deceive people into making payments.
One common type of fraud is Authorised Push Payment (APP) fraud. Unlike other fraud methods, which may involve theft or hacking, APP fraud relies on deception.
In this instance, victims are manipulated into making payments that they believe are legitimate. Common scenarios include:
- Phishing Scams: Fraudsters impersonate trusted entities (e.g., banks or government agencies) to trick victims into transferring money.
- Impersonation Scams: Victims receive phone calls or messages from fraudsters posing as legitimate representatives, convincing them to make payments for non-existent debts or services.
- Investment Scams: Promises of high returns lure victims into transferring funds to fraudulent investment schemes.
The rise of digital payments has seen the prevalence of this type of fraud accelerate. Consumers are becoming more reliant on online banking and payment applications, which means fraudsters have more opportunities to deceive their potential victims.
In 2023, UK Finance reported that nearly £1.2 billion pounds was stolen from customers, with APP fraud losses estimated to be £459.7million pounds1.
In response to the significant increase in reported APP fraud cases, the UK’s financial sector has taken regulatory action.
Understanding the new legislation
APP fraud has three key features:
- Consumer Vulnerability: Victims often fall prey to emotionally charged scams that exploit trust and urgency.
- Digital Payment Growth: The shift towards online banking and payment apps has facilitated easier execution of APP fraud.
- Financial Impact: APP fraud has substantial financial repercussions for both consumers and financial institutions, with losses reaching hundreds of millions annually.
Protecting consumers and institutions from the distress caused by criminals is well documented and understood. Time series, behavioural monitoring is recognised as one of the best lines of defence. High performing technology coupled with the motivation of the industry to collaborate will benefit us all.
|
In response, the PSR's regulations on APP fraud aim to:
- Enhance Consumer Protection: Ensure consumers are safeguarded against fraudulent transactions and are aware of their rights.
- Promote Accountability: Hold PSPs accountable for their role in preventing APP fraud and ensuring the safety of customer transactions.
- Increase Transparency: Require clear communication regarding the risks of APP fraud and the procedures for reimbursement.
There are four key aspects of the legislation that will help achieve these objectives.
- Consumer Reimbursement: PSPs are now mandated to reimburse customers who fall victim to APP fraud if the customers have acted in good faith and have taken reasonable steps to protect themselves.
- Fraud Prevention Measures: PSPs must implement effective systems to prevent APP fraud. This includes conducting risk assessments, employing fraud detection technology, and maintaining robust transaction monitoring measures.
- Reporting Obligations: PSPs are required to report incidents of APP fraud to the PSR, ensuring that the regulator can analyse trends and develop appropriate responses.
- Customer Information: Financial institutions must provide clear, accessible information regarding the risks associated with APP fraud and the necessary precautions customers should take.
Naturally, these shifts have implications for businesses, particularly fintechs.
Who is impacted by these changes?
Although it could be argued that any business that processes payments through digital platforms will be affected by the new legislation, there is clear guidance on those businesses that are in and out of scope of these changes.
The PSR's APP fraud regulation applies to a range of entities involved in payment processing. This includes:
- Payment Service Providers (PSPs): This category includes banks, building societies, electronic money institutions, and other financial entities that facilitate transactions.
- Digital Payment Platforms: Companies that provide online payment solutions, including fintech firms, are also subject to these regulations.
However, non-financial entities that do not engage in payment processing or act solely as intermediaries without handling transactions are exempt, as are small payment providers. These are smaller PSPs that may not meet specific PSR thresholds. While potentially exempt, they are encouraged to adopt best practices to protect their customers.
APP fraud is devastating for victims and insidiously challenging to solve. But banks in the UK are on the right track as they place more emphasis on scam detection and prevention and not just claims remediation. As the UK led the world with real-time payment (RTP) adoption, so too can we lead the world in setting a benchmark for how RTP can be more secure for all
|
So, what do those practices look like?
Suggested compliance controls
There are two broad categories that can help businesses comply with the PSR regulations.
Category | Activity | Suggested action |
|---|---|---|
Robust fraud detection systems | Transaction monitoring | Employ advanced analytics and machine learning tools to monitor transactions for suspicious activities. This includes identifying unusual transaction patterns that may indicate fraud. |
Alert mechanisms | Establish systems that automatically flag transactions that deviate from established customer behaviour for further investigation. | |
Customer education and awareness | Awareness campaigns | Launch comprehensive campaigns to educate customers about the risks of APP fraud and effective strategies for prevention. This can include webinars, informational brochures, and targeted emails. |
Clear communications | Provide straightforward information regarding the warning signs of APP fraud. |
Conclusion: Fintechs on the frontline
Criminals are employing more and more sophisticated tactics…but so are we!
|
While the principles of the new PSR regulations are core building trust within the market, the new expectations around reporting, clarity, and reimbursement have upped the ante significantly – particularly for fast-moving fintechs. Embedding tech solutions in organisations to identify and stop fraud will protect consumers and increase confidence in the financial system.
