On 7th October 2024, new mandatory reimbursement rules introduced by the Payment Systems Regulator (PSR) are coming into effect. The new rules, which were announced earlier this year, obligate payment service providers (PSPs) that transact using the Faster Payments Scheme to reimburse customers who are victims of APP (Authorised Push Payment) Fraud.

What is APP Fraud?

According to the PSR, APP scams occur when someone is tricked into sending money to a fraudster who is posing as a genuine payee. Every year thousands of businesses and individuals fall victim to these scams. The latest figures show that in 2023, £459.7 million was lost to APP scams (according to UK Finance).

The PSR wants to see more action from financial institutions to try to prevent APP scams from taking place and also to protect businesses and individuals should they fall victim.

APP scams come in various guises. One type of scam is the ‘malicious payee’, when someone is tricked into purchasing goods which don’t exist or are never sent. ‘Malicious redirection’, is when a fraudster, claiming to be from that person’s bank, gets someone to transfer funds out of their bank account and into that of the fraudster.

Why are these rules coming into force now?

APP Fraud reimbursement rules are being implemented now due to the sharp rise in fraud cases, the digital transformation of payment systems, and the need to address gaps in existing consumer protections. The increasing sophistication of fraud schemes and the growing demand for corporate accountability have made stronger legal measures essential to protect consumers and foster trust in the financial system.

The push for APP Fraud legislation has been developing for around eight years – the catalyst being the 2016 Which? super-complaint - voluntary codes were then established, followed by growing calls for mandatory protections, and finally legislative action in 2022–2023 to create binding requirements.

How relevant are these new rules for EWG clients?

Whilst EWG does not operate in the consumer market, adopting measures that create a safer environment for clients by reducing the incidence of fraud through better education and awareness, the embedding of enhanced safeguards within the technology application and greater overall collaboration across the industry will ensure EWG plays its part in reducing the overall risk of fraud in the long term. Clients may be eligible for reimbursement should they fall victim to this type of fraud and their claim meets the criteria.

How does EWG protect its clients from fraud and what changes are you making in response to the new rules?

At EWG we already have measures in place to protect our clients from making payments to fraudsters, but we aren’t complacent and are introducing some further steps into our set up and payment processes that will help further mitigate the threat posed by APP Fraud. include posing extra questions when clients are setting up a new beneficiary or making a new payment. The questions aren’t designed to irritate, they are designed to help users on your account to think

through the actions they are undertaking and to double check the information being input is not erroneous or suspicious in any way and to consider the circumstances of the request – for example was the user asked to make the payment in a hurry? Or was supporting documentation provided that contains the beneficiary and account details on.

How can individuals and businesses help themselves avoid becoming victims of APP Fraud?

The enactment of these new rules should serve as a reminder to all that individuals, whether in relation to their own accounts or that of their organisation, need to take a more active role in preventing fraud and following best practices outlined by their banks. This includes:

• Being more vigilant and informed about potential scams.
• Adopting stricter verification processes.
• Reporting fraud promptly.
• Complying with banks' security measures and understanding their rights to reimbursement under the new laws.

By adapting to these requirements, clients can better protect themselves from fraud and ensure that they are eligible for reimbursement if they become victims.

Are there any particular complexities / risks to be aware of in relation to the new reimbursement rules?

While APP Fraud legislation offers important protections, there are still several complexities and risks to consider:

• Disputes over negligence, delays in reimbursement, and evolving fraud tactics are potential challenges.
• Cross-border transactions and inconsistent protections across financial institutions may complicate matters.
• Clients, both individual and business, must remain vigilant, comply with new security protocols, and document their actions carefully to benefit from the protections offered.

Ultimately, while the legislation improves overall protection, it is not a failsafe, and clients need to remain proactive in protecting themselves against fraud.

Are these new rules the answer to combatting APP Fraud?

The fight against APP Fraud must be multi-faceted. While legislation like the Contingent Reimbursement Model Code (CRM Code) is essential for protecting consumers, banks must also invest in better technology, and governments need to promote public awareness and international cooperation. While many countries have measures to combat fraud, the UK stands out for its comprehensive approach to APP Fraud. Other countries are increasingly focusing on strengthening consumer protections, but mandatory reimbursement for APP Fraud remains limited outside the UK. Ultimately, strong protections are a positive step, but prevention, education, and collaboration will be the most effective way to reduce the overall risk of fraud in the long term.

For more information pick up the phone to the EWG team or visit the PSR’s website: https://www.psr.org.uk/our-work/app-scams/

‍