In recent years, the financial landscape in the UK has evolved significantly, bringing with it new forms of financial crime. One of the most pressing concerns is Authorized Push Payment (APP) fraud, a scam that has garnered increasing attention from both consumers and regulatory bodies. In this blog, we will delve into what APP fraud entails, the diCerent types of scams, recent regulatory changes, the implications for businesses, and measures that can be taken to mitigate risk.

What is APP Fraud?

APP fraud occurs when a fraudster convinces a victim to authorize a payment to a fraudulent account, often using manipulative tactics that create a sense of urgency or trust. Unlike traditional forms of fraud, where the victim's account information is stolen, APP fraud relies on tricking the victim into willingly making the payment.

Latest figures by UK finance shows £459.7 Million was lost to APP scams in 2023. There are two primary types of APP scams:

1. Malicious Payee:This involves deceiving someone into purchasing goods or services that either do not exist or will never be delivered. A common scenario might involve a victim being lured by a seemingly legitimate online advertisement for a product, only to find out later that the seller was a fraudster.

2. Malicious Redirection:In this scenario, the fraudster impersonates bank staC or legitimate entities to persuade the victim to transfer funds into the fraudster's account. For example, a victim might receive a call from someone claiming to be from their bank, who then instructs them to make a payment to resolve an alleged issue with their account.

Recent Changes: New Reimbursement Responsibilities

As of October 7, 2024, significant changes will be enacted concerning APP fraud in the UK. Under the new regulations, all payments made via the Faster Payment Service (FPS) and the Clearing House Automated Payment System (CHAPS) will have specific reimbursement responsibilities.

1. All participating Payment service providers (PSPs) will be incentivised to take action, with both sending and receiving firms splitting the costs of reimbursement 50:50.
2. Customers will be more protected under consistent minimum standards, with most APP fraud victims being reimbursed within five business days and additional protections oCered for vulnerable customers.

This marks a pivotal shift in the landscape of payment processing, as it places greater responsibility on merchants to ensure the legitimacy of transactions. Payments made in GBP through FPS or CHAPS will fall under this regulation, which only applies to transactions occurring on or after the specified date.

Who is Affected?

The new regulation is inclusive in nature and will extend its coverage to various customer categories including:

1. Individuals:Customers making payments for personal use, not for trade or business.

2. Micro-enterprises:Businesses with fewer than 10 employees and an annual turnover or balance sheet total not exceeding £2 million.

3. Charities:Organizations with an annual income of less than £1 million.

However, it is to be noted that PSPs can deem a claim as out of scope whenthe following criteria apply:

1. The customer has acted fraudulently or dishonestly (also referred to as ‘first- party-fraud).
2. The customer has acted with gross negligence, that is, outside the consumer standard of caution.

3. Trade disputes (or civil disputes – language used by PSR);

   1. Civil dispute is a situation when a customer has paid a legitimate supplier for goods or services but has not received them, they are defective in some way, or the customer is otherwise dissatisfied with the supplier. Such disputes do not meet a definition of an APPfraud as the customer has not been deceived.
   2. However,when there is indication that a supplier of goods or services is not legitimate, and an account was set up to deceive consumers then such a claim is in scope of APP fraud regulation.
   3. A sending PSP should be able to determine whether a claim is a civil dispute through communication with the customer and the receiving PSP. Where the receiving PSP has evidence that the claim is a civil dispute, the receiving PSP should provide any relevant information to the sending PSP within the given time frame.

4. International payments – all types of cross-border transfers.

5. Payments which take place across other payment systems (i.e. not FPS or CHAPS).

6. Other payments - where payments are sent or received by credit unions, municipal banks and national savings banks

7. Unlawful purposes -payments made for such purposes are out of scope.

8. Payments made to an account the consumer controls, or payments that are not authorised by the consumer ('unauthorised payments')

Timeline for Claims and Evidence

Customer should raise the claim in no later than 13 months of learning or suspecting APP fraud. The claim must be resolved within 5 days of reporting by the customer. However, the sending PSP and receiving PSP has the right to extend the dispute resolution period (as referred to as “Stop the clock”) up to a maximum of 35 business days.

Mitigating Fraud: Best Practices for Merchants

Given that impersonation is often at the heart of APP fraud, businesses must adopt several mandatory practices to protect themselves and their customers:

1. Secure Handling of Account Details:Merchants should implement robust security measures to ensure that account details and credentials are not exposed to unauthorized individuals.

2. Document Customer Communication:It’s essential to maintain comprehensive records of all communications with customers regarding transactions. This documentation can serve as crucial evidence in disputing fraudulent claims.

3. Timely Delivery and Proof of Goods/Services:Merchants should ensure that goods or services are delivered promptly and that proof of delivery is documented. This not only aids in resolving disputes but also builds customer trust.

PayGlocal’s Commitment to Fraud Prevention

At PayGlocal, we recognize the importance of safeguarding customer against any potential APP fraud. We are committing significant resources to develop and maintain a robust anti-fraud framework. Here are some key measures we are implementing:

1. Enhanced Merchant Onboarding:Our merchant onboarding process includes rigorous checks to ensure that only legitimate businesses are permitted into the system.

2. Transaction Monitoring:We have established a dedicated transaction monitoring setup to flag any suspicious activity promptly.

3. State-of-the-Art Security:We utilize cutting-edge security technologies to protect merchant data from unauthorized access. This includes multi-factor authentication for our merchant portal, significantly reducing the risk of impersonation.

4. Confirmation of Payee:In collaboration with our partner banks, we have implemented the 'Confirmation of Payee' feature. This process allows customers to verify that the recipient of a payment is who they claim to be, reducing the likelihood of misdirected payments.

Conclusion

APP fraud presents a significant challenge for consumers and businesses alike in the UK. As the landscape continues to evolve, staying informed about the latest regulations and implementing robust fraud prevention measures will be crucial. By fostering a culture of security and vigilance, merchants can not only protect themselves but also contribute to a safer financial environment for everyone. The responsibility is shifting, and proactive engagement in safeguarding transactions will be vital in the coming years.

DISCLAIMER: The information provided in this blog post is intended for general informational purposes only and should not be construed as any advice or recommendation in any manner and is not reflective of any sponsorship of affiliation. While we strive to ensure the accuracy and reliability of the content, it may not reflect the latest developments or interpretations. Users are advised to exercise their own discretion and judgment before making any decisions or taking any actions based on the information provided.