As authorised push payment (APP) fraud continues to rise in the UK, regulatory measures are being implemented to protect consumers and shift the liability burden. In this article, we explore the background to APP fraud, the recent regulatory changes surrounding mandatory reimbursement and the prevailing typologies of APP scams, and we outline steps that firms can take to mitigate the risk and safeguard their customers.
Understanding the APP Fraud Landscape in the UK
APP fraud refers to scams where individuals are tricked into authorising payments to fraudsters. These scams have become growing concern, with devastating financial and emotional consequences for victims. There are many types of APP fraud, which can be divided into three common categories: purchase, impersonation, and investment scams. Within these categories, there are various typologies of APP fraud, such as romance scams, affinity scams, voice jacking, WhatsApp (“WA”) jacking, and impersonating relatives. All of these examples exploit trust and manipulate victims into transferring funds.
In the first half of 2022, APP fraud grew by over 30% compared to the same period in 2020, according to research from UK Finance[1]. As one of the major fraud trends to watch out for in 2023, statistics indicate that APP fraud will more than double by 2026[2].
Changes in Regulations and Mandatory Reimbursement
Recognising the need to protect consumers, the UK government and regulatory bodies have taken significant steps to address APP fraud. The Financial Services and Markets Bill[3], which received Royal Assent at the end of June 2023, aims to establish a mandatory reimbursement scheme for victims of APP fraud. The Payment Systems Regulator (PSR) has detailed the framework and guidelines for mandatory reimbursement, ensuring victims are adequately protected[4]. The PSR aims to ensure that consumers have these requirements in effect as soon as possible. The proposed date for the initial implementation is April 2nd, 2024[5].
Based on the analysis conducted by the UK Finance, out of the 59,000 analysed APP fraud cases, more than 75% of incidents started online, and 36% of losses are attributable to lower-value fraud like purchase fraud. Out of all online fraud cases, around 75% occur on a social media platform. Moreover, 18% of fraud cases begin with telecommunications; they are typically more costly cases, including impersonation fraud, and they account for 44% of losses[6]. The analysis could indicate that the responsibility should be shared more evenly across telecoms, tech companies, and financial institutions, as each party plays a role in enabling and preventing APP fraud. However, while telecoms and tech companies may facilitate the communication channels through which scams are perpetrated, it can be argued that it is the financial institutions that ultimately process the fraudulent transactions.
The UK's new fraud strategy reflects a recognition that financial institutions have a central role to play in preventing and combating APP fraud[7]. This new approach places the responsibility to deal with APP fraud cases primarily on financial institutions, rather than on telecoms or tech and social media companies.
The statistical results have started raising serious concerns in the financial services industry, which has long argued that social media and telecommunications companies should be held accountable for compensating the victims of financial fraud. Despite the controversy, the Financial Services and Markets Bill highlights the government's commitment to addressing APP fraud and protecting consumers from financial losses. It emphasises the importance of firms in implementing robust fraud prevention measures and ensuring the timely reimbursement of victims, thus fostering trust in the financial system, and enhancing consumer confidence.
Identifying Current APP Typologies
APP fraudsters continuously evolve their techniques to deceive unsuspecting victims. Understanding the prevailing typologies is crucial for firms to effectively combat APP fraud. There is an array of APP typologies, however, the key aspect behind all of them is tricking the account holder into believing they are sending funds to a legitimate account.
- Purchase scams often occur through online marketplaces or classified ad platforms, where fraudsters exploit the trust and eagerness of buyers.
- Investment scams lure victims with promises of high returns on investments or exclusive investment opportunities. However, the investments are typically non-existent or highly risky, resulting in significant financial losses for the victims.
- Impersonation scams involve fraudsters posing as trusted individuals, such as a bank representative, government official, or even a family member. Through various social engineering techniques, these scammers manipulate victims into authorising payments under false pretences.
- Romance scams, where fraudsters manipulate emotions to extort money, have become alarmingly prevalent.
- Affinity scams exploit shared interests or affiliations, while voice jacking and WA jacking capitalise on social engineering tactics.
By educating themselves on these typologies and deep diving into implemented controls, firms can better protect their customers and themselves.
Minimising the Risk: Actions for Payments Firms
At Thistle Initiatives we are committed to helping payments firms fortify their defences against APP fraud. By implementing the following measures, firms can proactively mitigate risks and protect their customers:
- Training and Awareness: Conduct comprehensive training programs to educate customer-facing teams about the latest APP fraud typologies and red flags. Equipping employees with knowledge and situational awareness will enable them to detect and prevent fraudulent transactions.
- Customer Education: Develop targeted awareness campaigns for customers. Informative materials, online resources, and timely notifications can empower customers to recognise and report potential scams, enhancing their resilience.
- Enhanced Monitoring: Employ advanced fraud detection systems that monitor customer account activity for signs of abnormal behaviour. Unusual transaction patterns, mismatched names on receiving accounts, or sudden changes in payment behaviour should trigger further investigation to prevent fraudulent transfers.
- Secure Payment Controls: Implement robust payment authorisation controls, including pop-ups within mobile applications, reminding users to verify the legitimacy of payment recipients. Applying rule-based detection mechanisms can help identify known suspect accounts, reducing the risk of fraudulent transactions.
- Responsive Customer Care: Enable customer care teams to identify potential APP fraud cases through trained red flag indicators. Implement clear protocols for placing payments on hold while conducting the necessary verification, offering an additional layer of protection.
By complying with the new regulations and actively participating in the fight against APP fraud, firms can demonstrate their commitment to safeguarding their customers' interests and contribute to the overall objective of creating a more secure payments environment. For PSPs, as mandatory reimbursement for APP fraud victims comes into force, firms must proactively adapt to the evolving landscape and protect their customers from financial harm.
At Thistle Initiatives we are dedicated to helping firms navigate these changes by offering tailored solutions, comprehensive training, and robust risk mitigation strategies. By working together, we can fortify the payments ecosystem and create a safer environment for all stakeholders.
About Thistle Initiatives and how we can help
Thistle Initiatives has supported firms for over 10 years as a trusted compliance and regulatory advisor. In addition to assisting you as-and-when, our team of specialists can serve as your right hand in meeting and complying with the regulations. We understand the importance of staying up-to-date and compliant and are dedicated to providing the guidance and support needed to do so.
We are dedicated to helping firms navigate these changes highlighted above by offering tailored solutions, comprehensive training, and robust risk mitigation strategies. By working together, we can fortify the payments ecosystem and create a safer environment for all stakeholders.
Are you looking for help with your fraud programme? We can support with building your fraud controls at onboarding or ongoing monitoring, supporting with tool selection and implementation, assuring your fraud tools, and providing expert fraud advisory. Contact our specialist team now to schedule a free consultation. Get in touch with us by calling 0207 436 0630 or send an email to [email protected].
References
[1] "Annual Fraud Report 2023," UK Finance, May 16, 2023, https://shorturl.at/vzGO9.
[2] "Growth in APP Scams Expected to Double by 2026: Report by ACI Worldwide and" ACI Worldwide Investor Relations, May 16, 2023, https://shorturl.at/cdFHM.
[3] Parliament UK, "Financial Services and Markets Bill," July 07, 2023, https://shorturl.at/lFIO9.
[4] Parliament UK, "Payment Systems Regulator Consultation on Authorised Push Payment Scams Reimbursement," May 16, 2023, https://shorturl.at/chNS1.
[5] Payment Systems Regulator (PSR). (2023, July 10). PSR takes first step in implementing new app scam reimbursement requirements. Retrieved from https://shorturl.at/ryISU.
[6] "Annual Fraud Report 2023," UK Finance, May 16, 2023, https://shorturl.at/BMRX0.
[7] UK Government, "Fraud Strategy 2023,”, May 16, 2023, https://shorturl.at/deqBU.