Customers reporting authorized push payment (APP) scams to their banks are being exposed to “inconsistent outcomes” in terms of reimbursement, the UK payments regulator has warned.
In a first-of-its-kind report, the Payment Systems Regulator (PSR) revealed the percentage of APP fraud cases that were fully and partially reimbursed by each of the UK’s largest 14 banking groups last year.
It found a considerable disparity between TSB – which refunded 91% of the total value of APP fraud losses – and AIB, which refunded just 10%.
Banks and other payment service providers (PSPs) are not bound by law to reimburse APP fraud. However, they do so under a voluntary code introduced in 2019: the Contingent Reimbursement Model (CRM).
APP fraud refers to any incident where a scammer posing as a trusted entity tricks the victim into transferring money to a bank account under their control – such as romance scams or investment fraud.
It accounted for nearly half (£239m) of total fraud losses in H1 2023, up 27% on the same period in 2020. Case volumes surged 22% year-on-year, according to UK Finance.
Chris Hemsley, managing director of the PSR, said the new report would bring much-needed transparency to the reimbursement process, and ultimately encourage PSPs to do more to tackle APP fraud.
“Our approach is working because we know there is a greater focus across many more firms on preventing fraud. Our commitment to transparency and the forthcoming mandatory rules are key to strengthening efforts to prevent these frauds from happening in the first place,” he said.
“Over the coming months, we will be bringing all payment firms into new reimbursement arrangements to give more consistent protection across the board. This is important because we can see from today’s report that this has not always been the case.”
However, the banking sector hit back, claiming that it already invests more than any other sector in countering fraud and is the only sector that reimburses victims, even though “the vast majority” of APP fraud originates on other platforms.
“Our data shows that 94% of authorized fraud starts online or over the phone, through social media, fake messages and more,” it argued in a statement.
“But the technology and telecommunications sectors bear no responsibility for reimbursing victims, which means there is little commercial incentive for them to truly tackle the enormous threat that continues to proliferate on their platforms and networks.”
The PSR report also revealed that “newer and smaller PSPs” recorded disproportionately higher rates of “receiving fraud” than their larger and more established peers. This means that scammers are using accounts with these firms more frequently to accept money defrauded from innocent consumers.
For example, Clear Junction received £10,355 obtained via APP fraud per £1m of transactions, versus just £696 per £1m for Metro Bank, the worst performing major banking group.
“This difference in performance suggests that there is significant potential for these firms to reduce fraud through enhancements to their systems and controls,” the PSR said of smaller PSPs.