APP fraud and its insurability
Authorised push payment (APP) fraud is a rising threat where scammers trick individuals or businesses into transferring money by impersonating trusted entities. Since victims willingly authorise the payment, recovering the funds is exceptionally difficult.
In 2023, the UK lost around £459.7 million to APP fraud, a cost that was mostly absorbed by customers. Outside of financial losses, APP fraud can also lead to compromised personal information and a decline in trust in the digital services provided.
As technology advances, so do fraudsters' techniques, making detection and prevention more challenging — and this growing issue underscores the need for increased vigilance, stronger safeguards. Hence the introduction of the mandatory reimbursement scheme by the Payments Service Regulator (PSR), built to protect customers. As a fintech, what do you need to know?
What is the mandatory APP fraud reimbursement scheme?
The new APP fraud regulations — due to come into force from 7 October this year — will require banks and other payment service providers (PSPs) on the faster payments network to reimburse victims of APP fraud up to £85,000 per claim.
The principal aim of the scheme is to reduce the overall harm caused by APP fraud through enhancing consumer protection and ensuring fair victim compensation.
Alongside this reimbursement requirement, the PSR is also introducing further incentives to help payment firms detect and prevent APP fraud, including:
- Reimbursement splitting. The sending and receiving PSPs will split the cost of reimbursement cost 50:50.
- Claim excesses. The sending PSP will be able to apply an excess of up to £100 per claim (this doesn’t apply to vulnerable customers).
- Consumer Standard of Caution. If a customer is found to be grossly negligent, reimbursement can be refused by the PSPs.
What does this mean for consumers?
The new APP fraud regulations are being introduced for consumers’ benefit and protection. There are, however, necessary steps consumers need to take, in line with the Consumer Standard of Caution (CSC), to be eligible for reimbursement.
As well as verifying payment requests, consumers must take reasonable steps to protect themselves against APP fraud. These measures and the expected level of care for sending authorised push payments are outlined by the CSC.
The four outlined consumer requirements are:
- Having regard to interventions, including warnings from their PSP
- Reporting suspected APP scams within 13 months
- Cooperating with reasonable information requests
- Consenting to, or reporting, the scam to the police as needed
Meeting these standards increases the likelihood of reimbursement if fraud occurs, and encourages consumer vigilance while ensuring fair protection.
What does this mean for PSPs?
The new rules for PSPs create further incentives for (and obligations on) increased vigilance and stronger systems to help prevent APP fraud.
PSPs will need to strengthen their APP fraud detection systems, design appropriate systems to provide warnings to customers and assess compliance with the CSC, while also developing clear policies for handling reimbursement claims and addressing the needs of vulnerable customers.
The four requirements under the CSC represent the full standard of care PSPs can expect from consumers, except those identified as vulnerable. PSPs cannot impose additional standards or terms that alter these requirements.
If a consumer, not classified as vulnerable, fails to meet these standards due to gross negligence, the PSP is not obligated to reimburse them. The burden of proving gross negligence, however, rests solely on the PSP and each reimbursement claim must be individually assessed to determine eligibility.
In addition to ensuring compliance with the new APP fraud regulations, PSPs should take extra measures to be fully prepared for the upcoming changes in October, including reviewing their current insurance policies.
Although fraud is one of the greatest risks for fintech companies, many fintech insurance policies still lack affirmative coverage for the theft of third-party funds by PSPs. It’s crucial to reach out to your broker immediately to check if you’re covered under your existing policy.
How can Superscript help?
At Superscript, our team of fintech specialists is dedicated to providing comprehensive support to our fintech customers, ensuring they have the appropriate type and level of bespoke cover.
We recognise that our PSP clients may need more support as October approaches, but rest assured that we're here to assist at any point in the policy period. So what would we suggest?
Even if you are not currently a Superscript customer, we can conduct a free contract review and make sure you are suitably protected in time for the October changes.
We’re taking a proactive approach to the upcoming new APP fraud regulations, currently working with fintech insurers and policy wordings specialists — like CFC — to ensure the best solution for both existing and future customers.
Steve Bowers, Fintech Development Manager at innovative insurance specialist CFC said:
At CFC, we recognise the impact the new APP Fraud Reimbursement Scheme will have on fintech firms, especially those on the Faster Payments network. We are constantly reviewing our offering so the cover we’re providing is appropriate and relevant. That’s why we are working on a solution to extend cover under our fintech product to ensure firms are suitably protected when the changes come into force on 7 October.
Superscript will continue to work together with specialist fintech insurers to find the best solution for customers, and our PSP clients will be the first to receive updates in the coming months.
If you have any questions, or need advice from our fintech specialists, please feel free to reach out to one of the team and we’d be more than happy to assist you.
This content has been created for general information purposes and should not be taken as formal advice. Read our full disclaimer.