On June 12, 2023 a new policy has been formalised by the U.K.’s Payment Systems Regulator (PSR) to reduce authorised push payment (APP) scams, which are a type of fraud that targets faster payment services.

What are APP scams?
APP scams are when fraudsters trick customers into sending money to them via a faster payment service, such as the U.K.’s Faster Payments Service. The fraudsters may pose as legitimate businesses, government agencies, friends or family members, and convince the customers that they need to make an urgent or important payment. Once the money is sent, it is very difficult to recover it.

What is the new policy by the PSR?
The PSR is the regulator of payment systems in the U.K. and its main objective is to promote the interests of the users of those systems. The PSR has been working on a policy to address APP scams since 2018 and has recently released its final policy statement. The policy aims to:

  • Increase customer protection by ensuring that customers who fall victim to APP scams are reimbursed by their banks, unless they acted with gross negligence or fraudulently;
  • Incentivize the payment industry to invest more in end-to-end fraud prevention measures by splitting the reimbursement cost between the sending and receiving banks, based on their level of compliance with a set of standards;
  • Improve data collection and reporting on APP scams by requiring banks to share information with each other and with the PSR;
  • Enhance industry collaboration and coordination on tackling APP scams by establishing a steering group that will oversee the implementation and review of the policy.

The policy applies to all payment service providers (PSPs) that offer faster payment services in the U.K., such as banks, building societies, e-money institutions and payment institutions. The policy covers all types of APP scams, such as purchase scams, invoice and mandate scams, impersonation scams and investment scams. The policy does not cover other types of fraud, such as card fraud, identity theft or phishing.

The PSR expects PSPs to implement the policy by Q1 2024. The PSR will monitor and enforce compliance with the policy and will review its effectiveness after two years.