APP Fraud Reimbursement Rules
On October 7th, the financial services and fraud landscape in the UK underwent a significant change with the implementation of the Authorised Push Payment (APP) Fraud Reimbursement Rules going live. This new regulation represented a long-awaited response to the alarming increase in financial scams that have affected both the country and the globe. At their core, these rules altered how Payment Service Providers (PSPs) handle fraud cases, placing a renewed emphasis on consumer protection. The Financial Conduct Authority's (FCA) approach aimed not only to improve consumer outcomes but also to encourage financial services firms to increase investment in their fraud detection strategies, incentivizing them to be proactive rather than reactive.
But what exactly is APP Fraud? It's currently the most common type of fraud in the UK, where fraudsters trick individuals and businesses into willingly sending them money. Let's look at a classic example: the impersonation scam.
Under the new regulations, the landscape has shifted in favour of consumers. Both the sending and receiving PSPs are now responsible for reimbursing victims of APP scams, with each party covering 50% of the consumer's loss.
Consumers seeking reimbursement must act within a specified timeframe, lodging their claim no later than 13 months after the final payment to the fraudster. The maximum reimbursement is capped at £85,000 per case. However, the rules offer additional safeguards for vulnerable customers. These individuals are exempt from both the reimbursement excess and the "standard of caution" typically required of non-vulnerable claimants, providing them with enhanced protection against financial loss.
What Companies Should Have Done
As the October deadline approached, businesses needed to prepare for the new rules. This went beyond simple compliance checks, requiring a thorough review of systems, processes, and fraud strategy.
With such significant structural changes to how organisations now need to manage fraud, a key priority was overhauling policies and processes. Businesses needed to create clear definitions of "vulnerable individuals" and "negligence," and streamline procedures for freezing and retrieving flagged fraudulent funds. These changes then needed to be effectively communicated to front-line staff. Implementation remains particularly challenging, as these employees often navigate complex, emotional customer interactions.
Leadership and commercial teams needed to realign their fraud strategies in light of the new 50% reimbursement requirement. Given the razor-thin (or non-existent) margins on transactions within PSPs, understanding the financial impact of these changes was critical. This necessitated a deep dive into historical fraud rates, breaking them down by inflows and destinations, and identifying transaction flows that could significantly affect the bottom line. After years of focusing on optimising the payment experience for minimal friction, it became apparent that certain flows might need enhanced security measures.
Historically, there has been a higher focus on preventing fraudulent outflows, as this was easier to protect with more device-level and transaction intent data. However, the new reimbursement split necessitated equal attention and innovation towards inbound payments. PSPs now needed to optimise their screening for incoming transactions and enhance detection capabilities at both the point of receipt and the next user interaction. This would allow them to identify high-risk transactions more effectively, enabling timely actions such as freezing accounts and holding funds when necessary (minimising losses).
Customer education required a fresh approach under the new regulations. PSPs needed to revisit their existing strategies, focusing on two key areas:
- Educating customers about their rights; and
- Optimising targeted messaging to warn of potential scams during high-risk payments.
Closing Gaps & Future Proofing
Now in full swing, PSPs are shifting gears from preparation to future-proofing. This transition demands a strategic roadmap with a multi-pronged approach. The first step is securing leadership buy-in and establishing regular reporting of key metrics to optimise decision-making. These metrics should, at a minimum include:
- Percentage of APP fraud losses refunded,
- Volume and value of APP fraud sent and received per million transactions,
- Value of suspected APP fraud frozen,
- Volume and value of inbound and outbound APP fraud by PSP.
By closely monitoring these figures, companies can gauge their fraud prevention effectiveness and make data-driven strategic decisions.
Frontline staff, being the first line of defence, need more training. This goes beyond procedural knowledge, it's about improving a negative experience for scammed customers with more empathy, as well as turning their information-gathering skills into a strategic asset to detect fraud, and ensuring accurate data capture to push back into fraud detection models.
Beyond training, we need to break down silos, improving collaboration between fraud policy and strategy teams, data scientists, engineers, and fraud operations. This is crucial to ensure all information and data is circular, feeding back to fine-tune our models and strategies in real time.
On the technical front, seamless communication between Financial Crime and Fraud Detection systems and personnel optimises both strategies while avoiding a misguided "FRAML" approach. Clean, detailed data covering everything from payment source to device helps identify scam patterns, while embedding the right fraud tech into every part of the customer journey. It's also crucial to monitor PSPs with heavy outflows and improve collaboration with counterparts in other organisations to strengthen mutual defences.
This collaborative approach should extend across all functions within the organisation. For instance, educating marketing teams to never send emails that ask users to click links and perform actions can significantly reduce phishing risks.
Future-proofing ultimately means embedding fraud prevention into the core of your organisation's strategy. It requires adaptability, continuous learning, and a proactive approach. By maintaining this ongoing commitment to improvement, you'll strengthen customer trust, ensure compliance, and reinforce the integrity of the financial ecosystem for your stakeholders.
If your organisation is facing challenges in navigating these changes, consider reaching out to Confide. Our gap analysis service can provide valuable insights to enhance your fraud strategy and help you stay ahead in this evolving landscape.