The World Watches On As UK Tackles APP Scams

The PSR proposal, which is set to go into effect October 2024, applies to UK financial institutions and payment service providers (PSPs). Unlike the current reimbursement model that usually puts the onus on the sending organization (victim’s bank) to make the scammed customer whole, the PSR proposal splits reimbursement liability for APP scams fifty/fifty between the sending and receiving organizations. Once a customer reports the scam, their bank and PSP (the sending organization) will have just five days to issue a reimbursement.

By making both sides of a payment responsible for reimbursements – and not just the sending bank – it is hoped that the PSR proposal will encourage collaboration between all players to detect fraudulent behavior, interrupt mule account activities, and work harder to prevent APP scams.

The PSR changes are also aimed at providing greater transparency. Payments companies will be expected to report the number of claims, rejected claims, time taken to reimburse victims, and other data. The insight gained from this collective data will help to raise red flags earlier and reduce scam losses.

Why Now? 

APP scams are when a person is tricked into authorizing payment from their account to a fraudster’s account. Because it is the genuine customer authorizing the payment, the scam is difficult to detect with traditional fraud management solutions and even more difficult to mitigate. Typically, by the time the customer realizes they have been duped, the money is gone. With double digit growth expected in instant payments⁴, the primary transfer channel, and the ever-increasing sophistication of scams, mitigation is crucial.
The UK’s real-time Faster Payments system was targeted for the new PSR proposal because of its existing model for reimbursing APP scams and because that is where most of the country’s fraud currently occurs⁵. Although the reimbursement rate for victims of APP scams in the UK was an impressive 64% in the first half of 2023⁶, the PSR model further increases protection for the customer.  

But customers are not the only ones to suffer loss from payment fraud and need protection. Financial organizations pay the price as well – via reimbursements and fines, but also via brand reputation. In fact, 36% of organizations experience reputation damage from fraud and 28% report a negative impact on customer loyalty⁷.  

Risks of APP Fraud Reimbursement 

The UK’s PSR proposal is already having a ripple effect around the world. Australia is considering mandatory reimbursement but will likely wait to adopt a split liability model. Singapore has proposed shared liability between consumers and banks. And while the Netherlands rarely reimburses for scams, Sweden is leading the Nordic bloc by considering reimbursing customers that were victims of APP scams. Only time will tell which economies will fully follow the UK’s lead. 

Waiting to see how the UK’s mandated reimbursement plays out may be a smart move. However, there are concerns – and potential risks. 

Will consumers engage in reckless behavior, knowing they can be reimbursed?  Will payments firms increase friction to prevent fraud, thereby dissuading customers from using Faster Payments? Will additional monitoring costs as a result of the shared liability requirement limit competition and prevent new players from entering the market?

The PSR is addressing these concerns as it sets policies and procedures. It recently agreed to cap mandatory reimbursement at £415,000⁸ and is establishing other guardrails to prevent reimbursing customers that “acted fraudulently or with gross negligence.” 

There is also concern that the new reimbursement model could reduce competition. Smaller PSPs or start-up financial services providers may find it too costly to enter the market, while existing providers may go out of business or leave the UK entirely due to the additional monitoring costs. 

In spite of these concerns, the PSR expects that shifting the cost of reimbursement to a shared model will “create consistent financial incentives for the whole Faster Payments industry to invest in more effective prevention of APP fraud.”⁹  In other words, the goal of the shared liability model is to encourage more collaboration between sending and receiving banks to help prevent these scams. 

Tackle APP Scams with Technology

Although the October 2024 timetable for implementation may change, forward-thinking UK banks and payments companies are beginning preparations now so as not to get caught off guard. 

While not yet having to comply with similar regulation, financial institutions throughout the rest of the world might also consider starting early given the increase and complexity involved in APP scams and the real-time nature of transactions. The lack of visibility and control on the full chain – from onboarding to outbound payments – can leave the door open for mule accounts and facilitate scam schemes. 

Outbound payments reflect the final decision point and require intelligent monitoring to identify potential fraud. However, monitoring outbound payments alone is not enough as it leaves all previous context of the transaction behind. 

Tightening onboarding controls can prevent mules from entering the system while monitoring inbound payments for fraud can be the trigger event to confirm mule activity. Upon receipt of a suspicious inbound payment, a bank can freeze the account pending further investigation, hold funds, or monitor the account for future suspicious outbound transactions. Sharing beneficiary intelligence, such as accounts flagged as fraud by other institutions, provides a stronger defense to detect and stop criminal activities. Organizations will need to invest in innovative systems with a layered approach that can encourage this sharing of data and insights for real-time assessment.

How LexisNexis® Risk Solutions can help

To help the UK financial services industry protect customer payments and comply with the PSR’s proposal, LexisNexis® ThreatMetrix® Payment Defense provides a real-time risk score of customer payments by combining shared intelligence from the UK's largest financial institutions with a proprietary network of digital identity data. Its smart machine learning enables instant analysis of 150 features related to risk, such as number of payments made and received, average transaction values, and the risk associated with the holding bank. 
 
Rob Woods, Director of Market Planning, EMEA, said, ‘The strength of network data enables our customers to quickly respond to new market challenges. Furthermore, additional ThreatMetrix® features can be leveraged to detect specific types of fraud, making downstream decisions significantly more efficient. We’re seeing very positive results from pilot customers.’ 
 
ThreatMetrix is already offering organizations around the globe a layered approach to combatting fraud, combining intelligence from over three billion digital identities and ninety-six billion transactions with behavioral biometrics for more assured scam detection and smarter risk-appropriate decisions. Active call detection also increases the chances of identifying coaching. 

Shut the door on fraud. Protect customer payments and stay ahead of PSR with enhanced real-time payment risk assessment from ThreatMetrix® Payment Defense.

1. Authorized transfer scams (ATS) in the United States
2. https://investor.aciworldwide.com/news-releases/news-release-details/aci-worldwide-scamscope-report-finds-app-scam-losses-expected
3. https://www.ukfinance.org.uk/news-and-insight/press-release/criminals-steal-over-half-billion-pounds-and-nearly-80-cent-app
4. https://www.ukfinance.org.uk/system/files/2023-09/UK%20Finance%20Payment%20Markets%20Report%202023%20Summary.pdf
5. https://www.psr.org.uk/media/rxtlt2k4/ps23-3-app-fraud-reimbursement-policy-statement-june-2023.pdf
6. https://www.ukfinance.org.uk/news-and-insight/press-release/criminals-steal-over-half-billion-pounds-and-nearly-80-cent-app
7. https://www.pwc.com/gx/en/services/forensics/economic-crime-survey.html
8. https://www.psr.org.uk/media/kwlgyzti/ps23-4-app-scams-policy-statement-dec-2023.pdf 
9. https://www.engage.hoganlovells.com/knowledgeservices/news/app-fraud-uk-psr-confirms-introduction-of-world-first-reimbursement-requirement/