Practical tips to adopt APP fraud reimbursement requirements
Authorised Push Payment (APP) fraud has been a significant concern for organisations, with over half reporting encounters with such scams last year according to our latest research.
Following a recent webinar with Jonathan Williams of the Payment Systems Regulator, Experian’s Charlie Connor helps shed light on the changes aimed at combating this growing issue.
Our latest research revealed that 69% of UK organisations surveyed report fraud losses are “significantly or somewhat” higher than last year, with over half citing APP fraud as a main area of concern. In order to help tackle this, the Payment Systems Regulator (PSR) is working to implement new requirements to protect consumers and reimburse fraud losses.
In our recent webinar with Jonathan Williams of the PSR, Jonathan addressed the challenges presented around the new regulation and discussed practical tips for organisations to navigate through the changes. Here are some of my key takeaways from the conversation.
Refining the reimbursement requirements
The PSR carefully considered all responses during the extensive consultation on proposed changes to the reimbursement model, which ran from September to December last year. Some changes were made based on the feedback. Initially, reimbursement within two days was proposed, but it is now agreed that five days is more reasonable, with the possibility to pause the clock in certain situations.
There was general agreement on the 50:50 liability split between payment service providers.
They continue to consult on the maximum reimbursement level and defining the customer standard of caution to protect against APP fraud.
The clear focus is on the transaction between the customer’s control and an external account, where the reimbursement should be targeted. These issues were thoroughly examined before finalising the policy statements, and they will be part of the reimbursement requirements going forward.
But unanswered questions still remain. For example, Payment Service Providers (PSPs) are most concerned about the scope of the requirements, particularly which transactions fall under the requirements and which ones do not. There is uncertainty about what may be considered APP scams or on the edges of APP scams, and further clarity is still needed.
Another area of concern is defining the customer standard of caution, previously known as “the grid”, to address payments made with gross negligence. Striking a balance between the interests of payment service users and providers will be a crucial aspect of the consultation.
What needs to be considered around foreign transactions, and types of scams such as romance or merchant scams?
The scope only applies to the Faster Payment system, and in fact if only applicable to domestic transactions, so foreign payments would not be within scope.
When it comes to the type of scam, it’s a good question as different types of scams have varying values and levels of engagement with fraudsters. Tailoring an approach to each individual scam is ideal, but currently, the industry currently lacks the necessary sophistication to implement this effectively.
The implementation of the APP reimbursement system will provide valuable data insights into the types of scams and their operations, leading to more informed and targeted policies. The current reimbursement system aims to prevent fraudsters from continuing their activities and protect victims as much as possible, but there is room for further improvement.
Tips for the pathway to adoption
For smooth adoption of the requirements in the coming months, organisations should prepare for the go-live date, which will be publicised later this year. Waiting for the timeline might not be an option due to its potential short duration. Things to be considered:
- Consider the existing handling of authorised push payment cases and see if any tweaks are needed rather than complete reengineering.
- Studying CRM compliance and observing what other banks have done can serve as a valuable learning model.
- Engaging with Pay.UK and thoroughly reviewing the policy statement, especially regarding timescales, is essential.
- UK will monitor compliance, so meeting timelines and metrics criteria for implementing the rules will be crucial for Payment Service Providers.
To find out more about the background of the regulation update, and how Experian can support your organisation, read our blog with Yaro Zozulya, Innovation Director at Experian.
Download our latest report
Our latest research delves into the scale of the challenge presented by APP fraud, and where consumers are most concerned.
You can find out more in our ‘Shining a spotlight on the Latest Fraud Trends’ report.
Access the latest insight
Our latest research reveals how challenges in identity and fraud are evolving and how businesses are keeping pace.
Download nowThis article is Experian’s summary of the webinar conversation and doesn’t intend to accurately specify any regulatory changes that may be introduced by PSR in the future.