Last updated: 11 February 2021
What are Authorised Push Payment scams?
Authorised Push Payment (APP) scams happen when a person or business is tricked into sending money to a fraudster posing as a genuine payee. These types of scams can have a devastating impact on the people who fall victim to them. APP scams remain the second largest type of payment fraud, following card fraud, both in the volume of scams and value of losses.
According to UK Finance, there were 66,247 cases of APP fraud reporting in the first half (H1) of 2020 with losses of £207.8 million. There are eight types of APP scams which are either:
- ‘malicious payee’, for example, tricking someone into purchasing goods which don’t exist or are never received.
- ‘malicious redirection’, for example a fraudster impersonating bank staff to get someone to transfer funds out of their bank account and into that of a fraudster.
Our work on APP scams
The Contingent Reimbursement Model (CRM) Code
In 2018, we set up a steering group of industry and consumer representatives, led by an independent chair, to develop a voluntary, industry CRM Code. The final Code came into force in May 2019.
The CRM Code aims to reduce both the occurrence and impact of APP scams, and is designed to give people the confidence that, if they fall victim to an APP scam and have acted appropriately, they will be reimbursed. It sets out standards for signatory Payment Service Providers (PSPs) – a group including the largest banks in the UK – and for customers who are covered by the Code (consumers, micro-businesses and small charities). There are currently nine signatories to the Code.
The Lending Standards Board (LSB) oversees the Code and its members, while we continue to monitor the operation of the Code and the impact it has on the number of APP scams. The Financial Ombudsman Service adjudicates on disputes between banks and customers on decisions under the Code.
Confirmation of Payee
In August 2019, we gave members of the UK’s six largest banking groups a Specific Direction to implement CoP by the end of March 2020. The PSPs subject to the direction are involved in around 90% of FPS and CHAPS transactions. The direction was varied in February 2020 to allow an additional basis under which a directed PSP could apply for an exemption from an obligation under the direction.
In July 2020, we confirmed that the directed PSPs had achieved widespread implementation of CoP, with certain agreed exemptions. This marked a significant milestone in addressing APP scams, but we aren’t stopping there. We want to continue to expand the protection offered by CoP, so we’re encouraging all PSPs, big and small, to implement CoP if and when the rules and standards apply to their accounts.
With Confirmation of Payee (CoP), banks can check the name on a new payee’s account as well as the sort code and account number. Customers setting up a new payee (or changing details of an existing payee) will be able to confirm that the name they have entered matches the one on the account they intend to pay, helping to prevent payments going to the wrong account.
Alerts notify the payer whether there has been a match, a close match, or no match, meaning corrections can be made before the payment is sent. The service is designed to prevent misdirected payments as well as fraudulent ones.
The success of CoP depends on PSPs working together to prevent businesses and consumers from being defrauded. With that in mind, Pay.UK, the operator of the UK’s payment systems, designed rules and standards for PSPs to follow when launching the service.
A history of our work to prevent APP scams
We have carried out a significant amount of work to prevent APP scams since 2016. A history of this work, with links to our publications and documents, can be found in the document below.
History of our APP scams work
pdf | 156.561 KB
I’ve fallen victim to an APP scam, what should I do?
If you have fallen victim to an APP scam, you should contact your bank immediately to report it. It is important to do this as soon as possible, as your bank may still be able to stop the transaction or trace the money.
If your bank is a signatory to the Contingent Reimbursement Model (CRM) Code, it should begin the process to investigate your case and look at reimbursing you for your loss, as long as you acted appropriately. Your bank must assess your case under the Code and give you a decision on reimbursement; it should also provide you with its reasoning.
Even if your bank isn’t a signatory to the CRM Code, you should still report any fraud to your bank as soon as you discover it. Your bank may have other policies in place to assist you.
My bank has declined to reimburse the money I’ve lost to an APP scam – what should I do?
If you’re unhappy with your bank’s assessment of your case under the CRM Code, you can lodge a complaint with the Financial Ombudsman Service. The Ombudsman will then assess your complaint and make a decision.
Even if your bank isn’t a Code signatory, you can still lodge a complaint with the Ombudsman if you’re unhappy with how any of the banks involved in the scam have acted.
The Payment Systems Regulator does not consider complaints under the Code. We are the independent regulator of payment systems themselves, and adjudicating on the Code is not within our remit.
Who else can help me?
If you believe that any of the institutions involved have not conducted themselves appropriately according to their obligations under any relevant legislation, you may wish to contact the Financial Conduct Authority.
You can report the fraud to Action Fraud, who will provide you with a crime reference number and will send your report to the National Fraud Investigation Bureau (NCIB) for assessment. Please note, Police Scotland have not signed up to the Action Fraud process; if you are in Scotland you should follow the guidance provided on the Police Scotland website.
Victim Support can provide help after crime; it gives free and confidential support 24 hours a day, seven days a week, 365 days a year.
Citizens Advice can provide support and advice on what further steps to take if you have been a victim of fraud.
What is Confirmation of Payee?
The PSR directed members of the UK’s six largest banking groups to implement Confirmation of Payee to help prevent losses due to accidentally misdirected payments and certain types of APP fraud. In July 2020, we confirmed widespread implementation of CoP by those banks.
We have been monitoring compliance with our direction and the progress of directed banks implementing CoP on channels with temporary exemptions.
Customers should contact their banks with any questions on how CoP works or any issues with CoP when making a payment. If no resolution is offered by the bank, or there are significant issues impacting the CoP service, customers should contact Pay.UK who is responsible for maintaining the rules and standards for CoP. The PSR does not develop the rules, technical standards of operating guidance for CoP.
You can contact the PSR if you believe that the directed banks are not complying with their obligations under the direction to implement CoP.
A number of other financial institutions have also chosen to implement CoP, although there remains some that have yet to provide this service to their customers. We recommend contacting your provider to check if this service is offered.
How does Confirmation of Payee affect me? I’m making payments on my account but Confirmation of Payee hasn’t come up?
Confirmation of Payee checks whether the name matches the account details before you make a new Faster Payments or CHAPS payment.
If you’re paying someone who is already set up as a payee on your bank account (and you are not changing the payee details), you won’t see any difference. Confirmation of Payee is currently offered by members of the UK’s six largest banking groups, as directed by the PSR in 2019, and other institutions who have voluntarily put this system in place.
When setting up a new payee or amending an existing payee’s details, you will be asked to enter the sort code, account number and the name of the person you’re paying. Confirmation of Payee will then confirm whether there is:
- A match: details provided match the account, proceed with payment
- A close match: check the details again or contact the person you’re trying to pay
- No match: possible fraudulent transaction; check the details again or contact the payee before proceeding
There may be some circumstances when you are unable to do a Confirmation of Payee check, for instance because the payee’s account is not available through Confirmation of Payee, whether temporarily or otherwise. You’ll still be able to make the payment but should exercise more caution when sending money to a new payee.
How do you solve a problem like protections in interbank payments?
PS19/4 - Specific Direction 10 (Confirmation of Payee)
Important notice: We issued Specific Direction 10 in a varied form on 14 February 2020.
Which? super-complaint on payment scams
Getting the right outcomes for the victims of APP scams
by Genevieve Marjoribanks, Head of Policy An authorised push payment (APP) scam happens when someone is tricked into sending money to a fraudster.