3 Things to Know About the UK’s APP Fraud Reimbursement Rules

On October 7, 2024, the UK financial landscape changed. New Payment Systems Regulator (PSR) rules now demand that banks reimburse victims of authorised push payment (APP) fraud up to £85,000. With the power to delay payments for up to 72 hours and an obligation to repay victims within five days, these rules are designed to protect customers. But will they actually curb fraud, or just shift the burden elsewhere? 

Here are three key risks for financial services to consider.

Risk #1: New rules redistribute losses, not reduce fraud

The new £85,000 APP fraud reimbursement shifts responsibility, splitting the cost 50/50 between the sending and receiving banks. While these rules enhance consumer protection, they will do little to reduce fraud. Instead, they simply shift the financial burden onto banks, leaving fraud itself largely unchecked. 

The assumption that fraud screening systems can catch all fraudulent payments is simply wrong. While the latest technologies can significantly help improve detection (depending on the baseline) and stay ahead of fraud and scams, they cannot catch everything.  

A significant portion of APP fraud will always get through. The key challenge lies in the “authorised” nature of these scams, where victims willingly approve payments, having been manipulated into believing they are legitimate. Social engineering tactics make it nearly impossible to stop every instance, and even enhanced security measures like “blink twice” won’t fully prevent these scams. No system can entirely eliminate the risk of APP fraud. 

The risk lies in fraud system vendors selling banks more ‘sophisticated’ and more expensive solutions that don’t solve the core problem. Because this isn’t just a technology issue. 

Real fraud prevention requires proactive strategies that intervene before payments are made. 

Risk #2: New criminal models will emerge

As banks shoulder more of the financial burden, criminals will undoubtedly exploit the APP fraud reimbursement rules to boost their profits. In fact, fraud may even increase under this new model. Remember how criminals exploited the COVID benefit schemes? What’s stopping them from falsely claiming they’ve been scammed to pocket £85,000? 

Digital banks and smaller firms, whose business model relies on fast and remote account opening, will be particularly at risk.  

The market is starting to act. Revolut recently called out Meta, owner of Facebook and Instagram, to take greater accountability for the fraud that originates on its platforms. How these challenges are addressed remains to be seen. 

Risk #3: Payments could slow and costs may rise

A notable change that could easily be overlooked is that the new rules allow banks to hold payments for up to 72 hours if fraud is suspected. It sounds positive – but how will banks determine which payments are suspicious? 

In highly socially engineered scams – such as romance scams – victims are often coached by criminals and told to deny third-party involvement. It makes real-time detection almost impossible. Victims believe the person they are scammed by is genuine, and that they’re making worthwhile investments. 

Even with the 72-hour hold, banks are still largely powerless to stop fraud that appears legitimate. The victims use the same devices and authentication choices as they normally would, without changing location. How can a bank tell the difference between genuine and fraudulent payments? 

Faced with potential financial impacts and the difficulty of detecting authorised fraud, banks may end up holding all payments above a certain threshold just to protect themselves from liability. 

This creates a paradox: while global systems push for faster payments (see: the global push for instant payments and G20 goals), banks may slow transactions to mitigate fraud risks. Bearing the cost of handling non-straight-through processing (STP) payments presents an additional costly trade-off. 

Ultimately, it becomes a cost-benefit decision. Banks will have to compensate customers for any financial losses due to delays, but in reality, only a fraction of fraud, if any, will be stopped this way. Delaying payments might end up causing more harm than good – slowing the economy, driving up costs, and creating massive operational overheads. Ironically, APP fraud reimbursements might prove cheaper than slowing down transactions. 

This is likely one of the unintended consequences of these rules. It’s further proof that placing the burden solely on banks will not stop fraud. This isn’t a call to remove the 72-hour hold; it’s a call for a radical overhaul of how we respond to fraud altogether. 

If APP fraud reimbursement is not the answer – is there a solution?

The fight against fraud is far from over. While the new rules offer some relief for victims, they punish only one player in the fraud ecosystem – banks. The real issue remains. Criminals are getting away with the money. We can’t just redistribute financial losses and expect to win. Unless we recover stolen funds and stop the fraudsters we will continue to bleed out. Prevention is the only solution. 

By the time a payment is made, it’s already too late. The victim has been manipulated or coerced, and the bank is only seeing the final step in a much larger scheme. But what about the other enablers in this process? 

To stop APP fraud, we all must act as a united front against the criminals. It requires collective action from everyone – social media platforms, tech giants, telcos, regulators, educators, law enforcement, consumers, private sector, banks and their vendors. With 76% of fraud originating online, primarily through Meta-owned platforms like Facebook and Instagram, prevention efforts must begin where the scams do. These platforms must be held accountable, whether through penalties or by sharing the burden of APP fraud reimbursements. 

We need a whole-ecosystem approach like Australia’s proposed unified scam-prevention network. This isn’t just about reacting to fraud – it’s about preventing fraud by sharing the responsibility, using cutting-edge technology, raising awareness, and empowering consumers to be part of the solution. 

Fragmented efforts are no longer enough. Only by working together can we shift from reactive reimbursements to proactive prevention. 

The time to act is now. To win this war, we must fight as one – through collaboration, accountability, and prevention. Together, we can change the game.