APP scams

What we are doing and what happens next

Last updated: 25 August 2020

Authorised push payment (APP) scams happen when someone is tricked into sending money to a fraudster posing as a genuine payee.

These types of scams can have a devastating impact on the people who fall victim to them. It is the second biggest type of payment fraud, in terms of both the number of scams and the total value involved, according to industry body UK Finance.

This infographic details our work protecting people from APP scams.

Our work on APP scams

We began working with the payments industry to gather data and implement standards for how banks can work together to tackle APP scams and protect consumers following a super-complaint from the consumer group Which? in 2016. 

On 16 December 2016, we published our formal response to the super-complaint, setting out our main findings and next steps. 

Our key findings were that:

  • The way banks worked together to respond to scams needed to improve.
  • There was evidence to suggest more could be done to identify fraudulent incoming payments and prevent accounts from being under the influence of scammers.
  • The data available on the type and scale of scams was of poor quality.

In response to these findings, we developed a programme of work aimed at reducing fraudsters’ ability to perpetrate scams and, when they do occur, increasing the chance that the victim will be able to recover the funds. 

Our current work in this area has two main elements:

  • Supporting the development and implementation of an industry code so that victims of APP scams who have done everything they can to protect themselves should be able to recover their losses.
  • Requiring members of the largest banking groups to implement  Confirmation of Payee from 31 March 2020. This is an important tool designed to help prevent misdirected payments.

Industry code

The industry itself was best placed to design a code that protects consumers and refunds innocent victims of APP scams. That’s why we set up a steering group of industry and consumer representatives to develop the Contingent Reimbursement Model (CRM) Code, led by an independent Chair. 

We provided expertise as observers, along with the Financial Conduct Authority (FCA), the Treasury, the Home Office, the Financial Ombudsman Service (FOS) and representatives from law enforcement agencies.

Having given the steering group an ambitious timeframe to work to, it published the draft CRM Code in September 2018 for consultation. The final Code was agreed and published in February 2019, and came into force on 28 May 2019. 

The CRM Code aims to reduce both the occurrence and the impact of APP scams. It sets out standards for signatory Payment Service Providers (PSPs) – a group including the largest banks in the UK - and for their customers who are covered by the code (consumers, micro-businesses and small charities). 

On 30 March 2020 we held a meeting, via conference call, with representatives of the payments industry and colleagues from other authorities to discuss the progress being made on tackling APP scams.

The Lending Standards Board (LSB) oversees the Code and its members while we continue to monitor the implementation of the Code and the effect it has on the number APP scams. So far, the Code has nine signatories with the LSB continuing to work with banks who are interested in participating. 

Confirmation of Payee

Another important tool for protecting consumers against APP scams is Confirmation of Payee (CoP). 

CoP is the industry-agreed way of making sure that names of recipients are checked before payments are sent. It works by checking that the name entered by the payer matches with the name on the account they are sending money to.

Alerts notify the payer whether there has been a match, a close match or no match, meaning corrections can be made before the payment is sent. The service is designed to prevent misdirected payments as well as fraudulent ones.

The success of CoP depends on PSPs working together to prevent businesses and consumers from being defrauded. With this in mind, Pay.UK (the operator of the UK’s payment systems) designed rules and standards for PSPs to follow when launching the service. 

Following consultations in November 2018 and May 2019, we decided that regulatory intervention was needed to require PSPs to implement CoP at the same time. 

In August 2019, we gave the six largest banking groups a Specific Direction to implement CoP by the end of March 2020. As a result of our Direction, we expect the introduction of CoP to significantly reduce losses from APP scams and other misdirected payments.

The PSPs subject to the direction are involved in around 90% of FPS and CHAPS transactions. But we are not stopping there. We want every single payment to be protected by CoP, which means we are encouraging all PSPs, big and small, to implement it if the Pay.UK standards apply to their accounts. 

We are committed to getting the right result for everyone and our work tackling APP scams is already making a difference. The CRM Code provides greater consumer protection by helping to reimburse innocent victims of fraud while CoP will help stop misdirected payments before they happen.

scroll down