Skip to main content Skip to footer

Authorised push payment scams – PSR led work

Published 07 11 2017

This paper explains the work the PSR, the Financial Conduct Authority (FCA) and the payments industry have been doing in the past year to reduce the harm to consumers from authorised push payment (APP) scams – where people are tricked into sending money to a fraudster.

APP scams are a crime which can have a devastating effect on the victims. New statistics published by UK Finance show that in the first six months of 2017 there were 19,000 victims of APP scams involving a total amount of over £100 million.

We believe our work should make a positive difference, leading to better protection from scams and better support for victims.

Background

In September 2016 we received a super-complaint from Which?, who argued that victims of APP scams do not receive sufficient protection from fraudsters in comparison to the fraud protections in place for other types of payments (such as card payments and direct debits).

APPs are made when consumers tell their bank to take a payment from their account to another account. Scams involving APPs occur when consumers are tricked into authorising a transfer of money to an account that they believe belongs to a legitimate payee but is in fact controlled by a scammer.

We responded to the super-complaint in December 2016 and since then, together with the banking industry and the FCA, we have worked hard to make a positive difference.

Why are we publishing this document?

Our December 2016 response found that APP scams are a growing issue that causes significant harm to victims and that more needs to be done to address the problem. We set out a programme of work that ourselves, the FCA, and the payments industry would undertake. We said we would publish an update on this work in the second half of 2017.

What work has been done over the last year?

Good progress is being made across all areas.

We’ve worked with the payments industry to develop a range of initiatives that should help prevent scams and better respond to them when they happen.

We’ve also continued to explore solutions that mean victims are less likely to be out of pocket. We think that a ‘contingent reimbursement model’ should be introduced to compensate victims in certain circumstances, and are now consulting to gather views on this. We provide more information below.

There is still no single solution, or ‘silver bullet’, that can prevent all APP scams.  However, we believe that the initiatives underway and the introduction of a reimbursement model should go a long way to help better protect consumers.

The industry’s progress

Here’s an overview of what we said needed to happen in our December publication, matched against the progress that has been made over the last year:

Initiative

What we said

What's been done

Statistics

We said that the data available on the scale and type of APP scams was poor.

 

Industry has published the first set of robust statistics on APP scams, and from 2018 it will collect and publish more detailed data.

Best practice standards

We said that payment service providers (PSPs), which include banks), could do more to assist people reporting APP scams by being more joined up.

The industry has now developed best practice standards that PSPs will follow when a victim reports an APP scam. This should improve victims’ experience and PSPs’ response times

Data 

We said the industry needed to develop a common understanding of the information that could be shared under existing law and any restrictions to sharing further relevant information.

Industry has developed a common understanding of what information PSPs can share under current law when responding to APP scam claims.  Industry will be seeking to ensure that PSPs can continue to share this information under future legislation and will assist in work to facilitate the recovery of victim’s funds. 

There are also a number of further relevant industry initiatives underway, such as Confirmation of Payee, sharing financial crime data and information, and transaction data analytics. Taken together, these will do more to prevent scams in the first instance, assist with responding faster when they do happen, and help in recovering the victim’s money. 

The FCA has reviewed the way PSPs handle APP scams. It found PSPs’ procedures were inconsistent, their existing fraud detection systems could not easily detect APP scams, and they didn’t collect enough data. The FCA considers the industry initiatives underway will help to tackle these issues.

We’ve created an infographic that explains how the forthcoming initiatives aimed at prevention scams will help.

The payment system operators’ role

In December 2016, we committed to considering whether the operators of FPS and CHAPS could play an expanded role in addressing APP scams. We gained insight by looking into the practices of other payment systems in the UK and other countries as well as other sectors.

We found that the industry initiatives underway in the UK will bring practices into line with those we saw elsewhere, with one exception: reimbursement. Other UK payment systems (such as card systems) and sectors have formal arrangements for reimbursement, to make sure PSPs act in customers’ best interests – and reimburse them if they don’t. Operators played varied roles in these reimbursement models.    

Reimbursing victims of APP Scams

When we published our December 2016 report, we recognised that there were concerns around the lack of reimbursement for victims of APP scams.

We listened and kept working on this issue, and we are now exploring a potential model that sets out the circumstances when APP scam victims would get their money back, and where it would come from. We think that industry is best placed to lead the development of the model and that it should be implemented by end of September 2018 – we propose to actively monitor this work. We provide further detail on this model in our document. 

Next steps

We welcome your views on whether and how the industry should introduce a contingent reimbursement model. We are also asking for your views on the high-level principles we have set out and other key characteristics that a potential model should have.

We also want your views on the likely effectiveness of the best practice standards for responding to APP scams that industry has developed.

A full list of the consultation questions can be found in the Annexes.

Please send your comments by 12 January 2018 in electronic word or PDF format to app-scam-pso-project@psr.org.uk

Or in writing to:

Payment Systems Regulator

APP scams project team

25 The North Colonnade

Canary Wharf

London E14 5HS

Further information

Annexes

Lipis report - Fraud prevention and resolution in push payment systems

Factsheet on PSR-led work for APP Scams