Managing Director David Geale reflects on what we have seen since implementation of the world leading reimbursement requirements to protect users.
Our new authorised push payment (APP) scams reimbursement requirement went live on 7 October 2024. It gave stronger protections to victims of APP scams in a way no other country had done before.
We’re now just over seven months in and we’re looking back at how payment service providers (PSPs) implemented the policy, and the impact it’s had on people so far.
As with any new policy, implementation can be challenging as firms train staff and roll out the policy to consumers. We are pleased with what we’ve seen in the data and heard from stakeholders in the first few months, which demonstrates that the policy has been successfully implemented – and more consumers have been protected.
This is testament to the efforts of industry to deliver the best outcomes for victims of APP scams and work with us to resolve any issues.
Most importantly, the policy is having an impact and we’re seeing positive results. A high proportion of APP scam victims are being reimbursed consistently across a larger number of PSPs. And while it is too early to draw firm conclusions based on the period covered by this data, we have not seen evidence of spikes in claim volumes that some had feared would occur under the policy.
Additionally, now that both parties in the payment journey (the sending PSP and the receiving PSP) share the cost of reimbursing victims, there is a much stronger incentive for all PSPs to prevent APP scams from occurring in the first place. We are pleased to see PSPs starting to collaborate more in the effort to fight this fraud.
It is still early days – and we are continuing to refine the data we are receiving, but I wanted to share with you some key findings from data covering the first three months of the policy.
For transparency, some data notes at the end explain the data we have used. It’s important to note that this data covers only UK payments made over the Faster Payments system from the start of the reimbursement policy (7 October 2024) up until the end of 2024. Although we have referred to more recent industry data in other forums, the data we use here is official compliance data reported by the PSPs to Pay.UK.
We must never forget that this is about protecting real people from the emotional and financial consequences of having their money stolen – that must remain our strong focus and why we have included some of their stories in this blog. To keep victims anonymous, we have changed all identifiable characteristics in these case studies.
What we found
1. Reimbursement rates for victims are high, and vulnerable consumers are better protected
The data indicates that reimbursement rates for APP scams that are in scope of our policy are high. In the first three months, 86% of money lost to APP scams was returned to victims, totalling around £27m.
Although it’s not possible to make direct comparisons with data from before our policy due to methodology changes (particularly the definition of an APP scam), we note that reimbursement for consumers in 2023 was 68% (by value), as per UK Finance’s Annual Fraud Report 2024 data.
We have also seen the additional protections for the most vulnerable consumers working. Over that period, 14% of total APP scam claims were made by consumers with a vulnerability, equating to £7m.
2. Levelling the playing field
More payment firms are now reimbursing victims of APP scams than before.
Before our policy came into effect, whether an APP scam victim was reimbursed wasn’t consistent across firms. Customers of 10 firms that were signatories of the voluntary Contingent Reimbursement Model Code (CRM code) were much more likely to be reimbursed.
Now this protection applies to all firms, with 60 firms that received a claim in the first three months of the policy reimbursing victims of APP scams.
There’s also now a much more level playing field in who is responsible for the cost of reimbursing victims. This acts as a strong incentive for both the victim’s bank or payment firm and the fraudster’s bank or payment firm to prevent the fraud in the first place.
The sending and receiving firms must now work together and share information to identify the APP scam and reimburse victims.
Early data shows that this has started well, with most claims (86%) being reported by the sending firm to the receiving firm within two business hours of the consumer raising the claim.
It’s a positive start, and we have heard from banks that the new rules have spurred an improvement in communications between firms.
But we have heard from stakeholders that that the information shared is sometimes limited and improvements are needed to allow the two parties to collaborate effectively to prevent the fraud in the first place.
We’re also seeing this collaboration have positive outcomes for consumers: 84% of claims were closed within five business days, indicating that in most cases sending and receiving firms are working together to give the consumer a prompt response to their claim, helping build consumer trust during what can be a difficult time.
3. Rates of fraud reported
In the lead-up to our policy going live, some were concerned that there would be a sharp rise in the number of APP scam claims that firms would receive. We have seen no evidence of any increase to date.
The data suggests that the volume of APP scam claims submitted by consumers was lower relative to a similar period in 2023.
There were around 46,000 claims from consumers in the first three months. UK Finance reported 225,000 cases of APP scams in 2023, which equates to 56,000 cases across an average three-month period in 2023.
Although direct comparisons are not possible between these figures, it does imply that there was not a rise in claims in the first three months of the policy. This trend is consistent with the anecdotal feedback and data provided by industry that we have used previously.
This being said, volumes have steadily increased each month and we expect this to continue in the short to medium term as victims become more aware of the policy. Lower volumes at the start of the policy are expected as this data does not include claims where the scam occurred before 7 October 2024 and it takes time for consumers to report an APP scam.
We have heard from the Bank of England, as the operator of the high-value payments system CHAPS, that the number of APP scam claims on that system was low in the first few months of the policy.
We heard similar stories from the Financial Ombudsman Service and the FCA. Neither organisation saw a surge in the number of complaints relating to reimbursement under the new rules. However, we must consider that consumer complaints may take some time to come through and we will keep this under review.
4. Customer caution
Another concern raised with our policy was that it could lead to an increase in payments where customers had not been cautious enough – or even reckless – when making transactions because they were too confident they would be reimbursed if the payment turned out to be a scam. This is also known as moral hazard.
To counter this, we said firms could apply a £100 excess and consider whether the consumer standard of caution exception applied if the victim was grossly negligent when making the APP scam payment.
Just 2% of total claims were rejected because the consumer standard of caution has not been met. We also heard from industry stakeholders that they did not see a significant shift in customer behaviour as a result of the policy.
However, we are seeing differences in how frequently firms are applying the exemptions. This is backed up in the data we are seeing: only 23% of firms that received a claim in the period used this exception as a reason for rejecting reimbursement.
We’re working with firms and other stakeholders, including the Financial Ombudsman Service, and will keep under review whether more clarity is needed on when this exception should be applied.
We continue to urge consumers to exercise caution when making payments, to stay alert to warnings from their bank or payment provider and to remain vigilant, particularly when using social media, technology platforms and telecoms. We know from our 2024 Fraud Origination report that fraudsters often use these to target consumers – and the impact can be devastating.
Next steps
We have seen positive indications that our policy is having the outcomes we want for consumers, but know that this is still early days. We’ll continue to monitor progress alongside the FCA and share updates like this one.
In October 2025, an independent review on the effectiveness of the policy will begin – enabling us to take stock of where we are after the policy has been in place for a year. We will continue to engage with industry stakeholders and consumer representatives on their experiences of the policy and thank firms for all the constructive feedback we have received so far.
Through working together we can help ensure that we continue to protect victims from fraud and ensure strong incentives to prevent fraud in the first place.
1. An APP scam is when a consumer is deceived into sending a payment. For example:
-
the person receiving the funds may not be who they say they are, or
-
the funds may not be used for the purposes which the victim transferred the funds for.
2. The data considers FPS APP scams where the reported victim is a consumer. As per our Specific Direction 20 (SD20), this includes individuals, small businesses or charities with an annual income of less than £1 million.
3. The data used in this publication has been shared with us by Pay.UK, the operator of Faster Payments (FPS). Our SD20 requires directed payment firms to collect, retain and provide data and information to Pay.UK so that it can monitor compliance with the FPS reimbursement rules. This publication uses the data provided by sending firms as per reporting standard A in the Compliance Data Reporting Standard (CDRS).
4. All claims included in the data occurred on the Faster Payments system, in the UK. We note that some public reporting of, and research into, APP fraud is broader than faster payments – e.g. in relation to crypto scams.
5. The data only includes APP scam claims that were reported to firms and were closed within the period covering 7 October 2024 (the first day of the new APP reimbursement requirement) to 31 December 2024. As set out in PS25/3 Publication of 2024 APP scams data, we have our APP scams performance report coming out by the end of the year, covering the period in 2024 prior to our reimbursement policy, between 1 January and 6 October.
6. A closed APP scam case means the payment firm has completed an investigation of the case and made a decision on whether to reimburse the customer or reject the claim for one of the specified reasons. These rejection reasons are set out in Metric 2.3 in Compliance Data Reporting Standard.
7. The data does not include ‘on us’ APP scam reimbursement. This is where both the sending and receiving accounts are within the same firm, and the transactions pass via an internal book transfer.
8. The data accuracy and completeness are subject to the information provided by sending firms. We do not have information from receiving firms to validate the information.
9. We are aware of a few inaccuracies and irregularities in how some claims have been reported. This is likely due to the period covering the first few months of firms implementing the policy, with many firms collecting, retaining and reporting this data for the first time increasing the likelihood of human error.
Data point details
For full details of the some of the data points included in the blog, please below.
Section
1. Reimbursement rates for victims are high, and vulnerable consumers are better protected
Text
"In the first three months, 86% of money lost to APP scams was returned to victims, totalling around £27m."
Explanation
Calculating the reimbursement rate: we have measured reimbursement as the amount of money returned to victims of APP scams where the claim is reimbursable1. Calculation: CDRS Metric 7.1.2 (Total value reimbursed to the consumer) divided by CDRS metric 2.1.2 (total value of FPS APP scam claims that are reimbursable).
Metric 2.1.2 includes the value of APP scam below the £100 excess, above the maximum cap (£85,000) and transactions within a claim that are rejected for reimbursement (‘non reimbursable’ due to one of the reasons listed at paragraph 6) when there is one or more transactions with the claim that are reimbursable. We are unable at this time to exclude the ‘non-reimbursable’ value from 2.1.2, which could increase actual reimbursement rates. In addition, metric 7.1.2 includes any value reimbursed above the maximum level of reimbursement. We have chosen to calculate reimbursement this way as we believe it provides the most accurate reflection of the money being returned to APP scam victims as per the reimbursement rules.
Text
"we note that reimbursement for consumers in 2023 was 68% (by value), as per UK Finance’s Annual Fraud Report 2024 data."
The data used for 2023 is from UK Finance’s Annual Fraud Report 2024 p.42. We have calculated this percentage using value data for ‘personal’ payments/cases only as we believe this to be more comparable to the consumer in SD20.
Explanation
Comparisons are indicative and the differences in the data sets must be considered. Differences include: the introduction of the reimbursement policy, a significant change in the definition of APP scams, calculation methods (e.g. for reimbursement rates), the number of firms in the data set. When calculating our reimbursement rate and claim numbers, we have not considered claims that have been rejected for the reasons listed in paragraph 6, as they are out of scope of the policy. However, UK Finance’s data looks at cases and likely uses a different definition of an APP scam so the same claims may not be excluded, making the value of total claims hard to compare. As an example, claims involving international payments or non-FPS payments may be included in UK Finance calculations but not in the PSR’s. The comparison also does not take into account the seasonal variation of APP scams.
Section
3. Rates of fraud reported
Text
“The data suggests that the volume of APP scam claims submitted by consumers was lower relative to a similar period in 2023.
There were around 46,000 claims from consumers in the first three months.”
Explanation
This figure is ‘total claims’ as per metric 1.1 of our compliance data reporting standard. It includes all claims that are submitted by a consumer as an FPS APP scam within the reporting timeframe even if it’s later determined by the firm not to be in scope of reimbursement.
Text
“UK Finance reported 225,000 cases of APP scams in 2023, which equates to 56,000 cases across an average three-month period in 2023.”
Explanation
Please note UK Finance reports cases rather than claims.
See row 2 above for more information on UK Finance figures and the differences that must be considered.
Section
4. Customer caution
Text
“only 23% of firms that received a claim in the period used this exception as a reason for rejecting reimbursement”
Explanation
This figure is an average across the three months’ data.