Authorised push payment (APP) fraud – where victims are tricked into sending money from their bank account to a criminal – can be both financially and emotionally devastating.
Bank customers lost a total of £485.2m to APP fraud in 2022, though many other incidents go unreported.
Which? has continually fought for fairer and more consistent redress for APP fraud victims, raising our 2016 super-complaint about the gap in protections, exposing the failings of the subsequent voluntary code of conduct and successfully campaigning for mandatory reimbursement.
The future of APP fraud redress
Although it should mean customers who fall victim to APP fraud are reimbursed in all but exceptional cases, the latest plans for redress risk watering down protections. Firstly, the scheme will be delayed by at least six months to October 2024, even though the PSR only announced the original implementation date of 2 April 2024 a few months ago.
The PSR has also proposed other troubling developments for a new consumer standard, a claims excess and a maximum reimbursement level, each of which would dilute the current protections.
Find out more:Customers to bear the burden of responsibility
Under the voluntary scheme, both banks and customers are expected to meet certain standards of care. For example, banks should provide ‘effective warnings’, tailored to the specific APP scam types identified (typically instructions or messages when you set up, change or make payments), while consumers should have a reasonable basis for believing that they are paying a legitimate person or business.
The PSR originally called for a ‘consumer caution exception – but one set at a high bar, higher than in the CRM Code’. However, its latest plans would mean victims are not reimbursed if they fail to meet any one of three elements to the newly proposed ‘consumer standard’:
Which? has noted that the PSR has so far made little mention of what will be expected of payment firms. As things stand, the burden appears to fall more heavily on consumers.
There appears to be no requirement on payment firms to provide evidence that their warnings are effective for different groups of consumers in different circumstances, or to show that this evidence is relevant to a specific scam case. We think this would mark a significant step away from the protections under the CRM Code.
Find out more:Victims could pay £250 towards claims
Under the voluntary CRM Code, fraud victims are not required to pay any excess when they make a claim for reimbursement, but the PSR has proposed introducing one to encourage people to be more cautious, suggesting options such as a fixed excess of £100 or £250 (although vulnerable customers would be exempt).
Back in September 2022, the regulator said that payment firms would be able to impose a fixed excess of ‘no more than £35’, mirroring the Payment Services Regulations (PSRs) which state that banks can charge victims of unauthorised fraud £35 if they were aware their card was lost or stolen at the time of the fraud (though most providers waive this).
Industry data shows that 32% of APP fraud falls below the value of £100, meaning an excess of £100 would exclude around a third of all APP claims, most of which are likely to be purchase scams.
Which? has recommended that plans for an excess are scrapped, as this is not justified by the evidence and risks disproportionately affecting lower-income groups. An excess would create a significant gap in efforts to collect data about fraud - since customers may be less likely to report fraud below the excess level if they know their banks aren’t obliged to reimburse them – and firms would not be incentivised to tackle scams below this threshold, putting customers at risk.
Find out more:PSR makes U-turn on maximum reimbursement
The regulator has also changed its position on the maximum level of reimbursement. It originally said it had no plans for a claims limit because it would expect firms ‘to have the strongest safeguards in place for the largest payments’.
Which? has pointed out that the FSCS protects temporary high balances of up to £1 million for six months (intended to protect customers who have a temporary high balance eg when selling property, receiving an inheritance or divorce settlement). We think customers deserve similar levels of protection from APP scams.
The PSR is set to publish its final position on the consumer standard, claims excess and maximum reimbursement level towards the end of the year.
source https://www.which.co.uk/news/article/bank-transfer-fraud-protections-risk-being-weakened-by-regulator-aMYSd9m99GJN