Fraud is an ever-present threat that can lead to significant losses for consumers and companies alike. As technology and security measures evolve, fraudsters seem to be finding more creative ways to deceive people into making payments.

One common type of fraud is Authorised Push Payment (APP) fraud. Unlike other fraud methods, which may involve theft or hacking, APP fraud relies on deception.

In this instance, victims are manipulated into making payments that they believe are legitimate. Common scenarios include:

Phishing scams: Fraudsters impersonate trusted entities (e.g., banks or government agencies) to trick victims into transferring money.

Impersonation scams: Victims receive phone calls or messages from fraudsters posing as legitimate representatives, convincing them to make payments for non-existent debts or services.

Investment scams: Promises of high returns lure victims into transferring funds to fraudulent investment schemes.

The rise of digital payments has seen the prevalence of this type of fraud accelerate. Consumers are becoming more reliant on online banking and payment applications, which means fraudsters have more opportunities to deceive their potential victims.

In 2023, UK Finance reported that nearly £1.2 billion pounds was stolen from customers, with APP fraud losses estimated to be £459.7million pounds¹.

In response to the significant increase in reported APP fraud cases, the UK’s financial sector has taken regulatory action.

APP fraud has three key features:

• Consumer Vulnerability: Victims often fall prey to emotionally charged scams that exploit trust and urgency.
• Digital Payment Growth: The shift towards online banking and payment apps has facilitated easier execution of APP fraud.
• Financial Impact: APP fraud has substantial financial repercussions for both consumers and financial institutions, with losses reaching hundreds of millions annually.

In response, the PSR's regulations on APP fraud aim to:

• Enhance consumer protection: Ensure consumers are safeguarded against fraudulent transactions and are aware of their rights.
• Promote accountability: Hold PSPs accountable for their role in preventing APP fraud and ensuring the safety of customer transactions.
• Increase transparency: Require clear communication regarding the risks of APP fraud and the procedures for reimbursement.

There are four key aspects of the legislation that will help achieve these objectives.

• Consumer reimbursement: PSPs are now mandated to reimburse customers who fall victim to APP fraud if the customers have acted in good faith and have taken reasonable steps to protect themselves.
• Fraud prevention measures: PSPs must implement effective systems to prevent APP fraud. This includes conducting risk assessments, employing fraud detection technology, and maintaining robust transaction monitoring measures.
• Reporting obligations: PSPs are required to report incidents of APP fraud to the PSR, ensuring that the regulator can analyse trends and develop appropriate responses.
• Customer information: Financial institutions must provide clear, accessible information regarding the risks associated with APP fraud and the necessary precautions customers should take.

Naturally, these shifts have implications for businesses, particularly fintechs.

Although it could be argued that any business that processes payments through digital platforms will be affected by the new legislation, there is clear guidance on those businesses that are in and out of scope of these changes.

The PSR's APP fraud regulation applies to a range of entities involved in payment processing. This includes:

• Payment Service Providers (PSPs): This category includes banks, building societies, electronic money institutions, and other financial entities that facilitate transactions.
• Digital Payment Platforms: Companies that provide online payment solutions, including fintech firms, are also subject to these regulations.

However, non-financial entities that do not engage in payment processing or act solely as intermediaries without handling transactions are exempt, as are small payment providers. These are smaller PSPs that may not meet specific PSR thresholds. While potentially exempt, they are encouraged to adopt best practices to protect their customers.

There are two broad categories that can help businesses comply with the PSR regulations.

While the principles of the new PSR regulations are core building trust within the market, the new expectations around reporting, clarity, and reimbursement have upped the ante significantly – particularly for fast-moving fintechs. Embedding tech solutions in organisations to identify and stop fraud will protect consumers and increase confidence in the financial system.