Authorised Push Payment Fraud

What is APP Fraud?

Authorised Push Payment fraud occurs when money is voluntarily sent to a scammer under false pretences, such as in exchange for goods/services or to protect against a non-existent threat.

APP fraud puts payment service providers in the spotlight, as consumers inevitably want redress.

Current Rules

A voluntary code, the Contingent Reimbursement Model (CRM), was introduced in May 2009. It does not require payment service providers to reimburse victims of APP fraud. Instead, the CRM merely encourages providers to identify high-risk payments, warn customers, and promote education.

There is, therefore, currently no legal protection for victims of APP fraud. Instead, if they want to pursue their bank, victims of APP must rely on identifying failures in the current duties that banks owe to their customers; namely, they should act with due care and skill and alert customers to potential fraud when the bank is ‘on notice’.

The New Rules

On 7 June 2023 the Payment Services Regulator announced new regulations that will come into force on 7 October 2024. Although the exact wording has not yet been published, it’s likely that the new rules will institute a new obligation on payment service providers to reimburse victims of APP fraud. The sending and receiving payment providers are expected, generally, to split the reimbursement cost 50/50. Like the CRM, the new rules will not apply to businesses with over ten employees or whose turnover exceeds £2 million.

Effects

The new rules should provide small businesses with greater protection from inadvertently sending cash to a scammer. Larger businesses will still need to rely on training, due diligence and pursuing a bank if they believe it has breached its duty of care.