New regulations regarding Authorised Push Payment (APP) fraud have come into force in the UK from the start of October. These new regulations will see a maximum compensation of £85,000 for this type of crime, and affected individuals can expect to be reimbursed within five business days of making their claim. Ellie Burns, Head of Product and Customer Marketing at IDnow, outlines the changes and what impact it will have on fraud prevention strategies.
The financial landscape in the UK is set for change, with new government regulations coming into force from the start of October. Under these new landmark rules, UK payment service providers (PSPs) – so all British banks, FinTechs and payment companies of all sizes – are mandated to reimburse victims of Authorised Push Payment (APP) fraud, due in no small part, to the increasing levels of APP fraud the UK is currently experiencing.
Indeed, figures from UK Finance’s 2023 Half Year Fraud Update reported £239.3 million losses in the first six months of 2023 as a direct result of APP scams.
With these major changes taking place, and with the impact of their introduction to be felt by both consumers and providers, identity verification technology will play a vital role in preventing fraud as well as ensuring compliance with the new regulatory requirements.
For the UK finance and payments sector, the new regulations will have two key outcomes:
- PSPs must reimburse consumers who are victims of APP fraud up to a maximum level of reimbursement of £85,000, unless the consumer acted with gross negligence or was themselves actively part of the scam
- The cost of reimbursement will be shared equally between the sending and receiving PSP, in the hope it will incentivise both parties to detect and prevent fraud
In short, the industry must improve its ability to fight fraud or face significant reimbursement fees.
Impact of regulations on fraud prevention strategies
The special difficulty in detecting APP fraud lies in the fact that the transactions are put through by a genuine person who has been socially engineered to do so.
And while there is no silver bullet for fighting fraud, organisations should implement an effective cybercrime and fraud prevention strategy. Implementing a multi-layered fraud prevention strategy increases identity assurance and trust at each step: starting with frictionless data checks, then moving to document verification, biometric verification and mitigating further risk with PEPs and sanctions checks. Each layer or additional solution builds additional protection, and additional trust between organisation and consumer. Such a multi-layered approach can thus enable organisations to mitigate the risks of APP fraud, and therefore, reduce the potential costs of reimbursement.
Other advantages of a robust fraud prevention strategy include offering reassurance to customers that the business is serious about protecting them from fraud; helping prevent the most vulnerable customers from being targeted; ensuring the right services and payments are sent and received by the right people; optimising operations and increasing transaction speeds and efficiencies.
Solid Know Your Customer (KYC) processes also play a crucial role in cybercrime prevention, reducing friction for genuine customers and detecting high-risk or unusual behaviour.
In KYC processes, there will always be a need for human-led interventions, where automated solutions cannot yet provide ample protection. Specially trained agents can provide additional layers of anti-cybercrime support – for example, people can be trained to spot signs of social engineering, such as distress and nervousness in customers. This human expertise paired with the latest AI-powered fraud detection mechanisms generally provides the best defence against social engineering fraud. These successes have been observed in mainland Europe, specifically in countries such as Germany, for around a decade. Hence, the UK may need to look towards those markets and deploy expert-led video identification to catch instances where a genuine person is being coerced.
The role the new Labour government will play
While the new APP fraud regulations were put forward by the old Conservative government, the plans remain largely unchanged. The Labour manifesto pledged to introduce a ‘new, expanded fraud strategy’, recognising the urgent need to tackle what has become the UK’s most common crime. Based on this, we can expect that fraud, as well as APP fraud, is high on the new government’s agenda.
Rather than seeing major pushback from the government, the new regulations are subject to many critical voices from within the payment industry. Over the past few months, individual stakeholders and associations have been speaking out, demanding delays to the regulations, clarification of details and overall changes to the requirements.
Key criticisms included:
- the October deadline, i.e. many financial providers will not be ready for the regulations
- a fear that the regulations may actually increase fraud levels because it prioritises reimbursement over crime prevention, potentially leading to more reckless consumer behaviour
- the reimbursement amount was too high, and could push some businesses into bankruptcy
- a failure of the new rules to require social media companies to help with refund costs, despite a lot of APP fraud originating on those channels
To the final point, Labour has drawn up plans to make tech companies responsible for compensating victims of online fraud. Under the proposal, which was put forward in June 2024, prior to the General Election, banks would still have to reimburse fraud victims but could later reclaim some money from tech companies.
Due to the major backlash within the industry, the PSR has amended the original reimbursement cap of £415,000 to £85,000.
While the new regulations continue to be scrutinised, we welcome the fact that fraud is, rightly, high on the UK government’s agenda. By stepping in to hold more parties accountable, we’re confident the regulator’s approach will help tackle what is a national fraud epidemic.