Authorised push payment (APP) scams involve a scammer tricking someone into sending a payment to an account outside of their control. This means millions of pounds are lost each year, and the scams have a damaging impact on victims.
The Payment Systems Regulator (PSR) has published a policy statement (PS24/3) on compliance and monitoring under the planned Faster Payments System (FPS) reimbursement requirement to fight authorised push payment (APP) scams.
The statement comes against the background of the Labour government promising in its manifesto to do more to combat online fraud more generally, and there has also been media speculation that it would be requiring tech companies to compensate consumers for APP scams, although the recent King’s Speech did not contain any proposed bills about online fraud.
In 2023 the PSR published various policy statements and legal instruments for the Faster Payments Scheme (FPS) authorised push payment (APP) scams reimbursement requirement. The reimbursement requirement policy aims to:
- provide incentives to the payment industry to invest further in end-to-end fraud prevention by requiring every payment service provider (PSP) in scope of the policy to meet the cost of reimbursement;
- increase customer protections so that most victims of APP fraud are reimbursed quickly, boosting confidence in the UK payment ecosystem; and
- support the PSR to pursue its long-term ambition for Pay.UK to take on a broader role, including to actively improve the rules governing Faster Payments to tackle fraud in its role as the payment system operator.
So what does the PSR’s statement say?
Following a consultation in April, the PSR has now confirmed the arrangements PSPs which come in scope of its reimbursement requirement policy to report data and information to Pay.UK, so Pay.UK can effectively monitor and manage compliance with the FPS reimbursement rules.
The key points are:
- the requirement for directed PSPs to register with Pay.UK by 20 August 2024. This is one way that PSPs will identify themselves as in-scope of the policy to Pay.UK and will help facilitate a shared directory – the FPS Reimbursement Directory. This directory will enable PSPs to find one another’s contact details so that they can meet the requirements in the FPS reimbursement rules and the policy, and communicate in respect of FPS APP scam claims received;
- the data under reporting standard A that sending PSPs in-scope of the policy are required to retain and report to Pay.UK monthly regarding transactions they have sent, to enable it to effectively monitor compliance with the FPS reimbursement rules;
- the reasonable limits placed on Pay.UK for using and disclosing the compliance data it receives; and
- its approach to requiring PSPs to inform consumers of their rights under the policy.
The PSR will make these changes by amending its Faster Payments APP scams legal instruments, that is, Specific Directions 19 and 20 (including the compliance data reporting standard and Specific Requirement.
The PSR has also followed up on its May consultation about guidance for PSPs on publishing APP scams data and published the final version of that guidance.
The start date for the reimbursement policy is 7 October 2024.
Pay.UK will also provide the reimbursement claim management system and will be requiring all members of Faster Payments (that is, those who are direct participants) to use it by 1 May 2025. This aims to make sure that PSPs can effectively manage FPS APP scam claims, communicate about claims and easily comply with data reporting requirements. The PSR will also be consulting further on the reimbursement claim management system before it starts.
Therefore, there are three key dates for PSPs – they need to register by 20 August, implement the new requirements by 7 October and be ready for the reimbursement claim management system by 1 May 2025.
According to the Financial Times, the UK Treasury has questioned whether pushing ahead with the planned introduction of the new scheme is sensible, as industry participants are concerned about it and in particular that it could cause other types of fraud or be abused. Watch this space for updates.