Understanding APP Fraud and the New Rules

Authorised Push Payment (APP) fraud occurs when a fraudster tricks someone into sending money to an account that they control. Unlike unauthorised transactions, the victim authorises the payment, making it challenging to recover the funds. According to the Payment Systems Regulator (PSR), in 2023 UK consumers lost £341 million to APP scams.

In June 2023, the PSR introduced new rules with two key changes to the previous regulations on APP:

1. Mandatory Reimbursement: Banks and financial institutions will be required to reimburse victims of APP fraud in most cases, with some exceptions for customer negligence, with the cap set at £85k, in line with the Financial Services Compensation Scheme. This means that funds above this value that are lost due to APP would not be covered. However, a final decision on this cap has not yet been announced, with its due date coming at the end of this month.

2. 50-50 Liability Split: The liability for fraud losses will be shared equally between the sending and receiving banks. This is a significant shift from the previous system where the sending bank bore most of the responsibility.

These changes aim to incentivise banks to improve their fraud detection and prevention measures while providing better protection for consumers.

The Impact on Open Banking

Typically, open banking providers and billers are not directly affected by these new APP fraud rules. However, if a Payment Initiation Service Provider (PISP) also offers accounts, they will need to comply with the new regulations.

Despite this, we anticipate some indirect effects on open banking payment speed and conversion:

• Adjusted Risk Settings: Banks may modify their fraud detection tools, potentially leading to more stringent checks. This may lead to increased payment friction, with more payments held for additional verification, therefore slowing down the process.
• Potential Reduction in Conversion Rates (the percentage of successful transactions out of the total attempted transactions): These changes could impact conversion rates for legitimate payments, particularly in scenarios which may trigger further investigation. An example of this would be one or a series of payments being made to a new beneficiary, where the purpose, size or frequency of the transaction/s is inconsistent with the payer’s normal spending patterns.

While these changes aim to enhance security, they may introduce challenges for seamless payment experiences that open banking strives to provide.

A Haphazard Implementation

While the Payment Systems Regulator’s (PSR) intention to combat fraud is commendable, the implementation of these rules appears somewhat disjointed. The new regulations are not integrated with other anti-fraud measures such as:

• Transaction Risk Indicators (TRIs)
• Enhanced Fraud Data (EFD) sharing
• Fraud overlay systems

Moreover, version 4 of the Open Banking standard, which includes enhanced payment statuses and error codes, remains optional. Had this been mandatory, it would have provided much-needed transparency about payment statuses.

Creating a More Effective Payments Experience

While the new APP fraud rules aim to enhance security, they also present challenges for maintaining a seamless payment experience. To address these challenges and create a more efficient payments ecosystem, several key changes are necessary:

1. Integrated Anti-Fraud Measures: There’s a pressing need to integrate the new APP fraud rules with existing anti-fraud measures such as Transaction Risk Indicators (TRIs), Enhanced Fraud Data (EFD) sharing, and fraud overlay systems. This integration would provide a more comprehensive and efficient approach to fraud prevention.
2. Adoption of Enhanced Payment Statuses: Yapily encourages all banks to implement the updated payment statuses and error codes laid out in Version 4 of the open banking standard. This would significantly improve transparency around payment statuses, allowing for better communication with users and more effective troubleshooting.
3. Improved Communication Channels: Establishing better communication channels between banks and PISPs could help manage expectations and reduce friction when additional checks are necessary. Banks should be required to notify PISPs when they have held payments for additional checks and give PISPs the option to cancel payment instructions.

At Yapily, we’re actively advocating for the above changes that will create a more secure yet efficient payment ecosystem. We will continue to work with regulators, banks, and other stakeholders to find solutions that offer users enhanced fraud protection without sacrificing the speed and convenience that open banking promises.

We’ll continue to monitor any changes in regulation and keep our customers updated on any developments in this space. If you have any questions or concerns about how these changes might affect your operations, please don’t hesitate to reach out to our team.