It may well seem contradictory to have both the words “authorised” and “fraud” appearing in the same phrase as in the title above. But, on the one hand, fraud may occur when someone steals your bank card and uses it to make unauthorised payments and, on the other hand, fraud may occur when someone tricks you into authorising a payment from your bank account to a fraudster’s account.
Such “authorised push payment” fraud has been on the rise for some years and so many will welcome the Payment Services Regulator’s new statutory compensation scheme for victims of such fraud which came into force last month.
Back in December 2023 the Payment Systems Regulator issued a policy statement on “Fighting authorised push payment scams: final decision”. The Executive summary opened with the sentence: “we are taking bold action against authorised push payment (APP) scams.” This note says a little about:
(1) the Payment Systems Regulator;
(2) what “push payments” and APP fraud are; and
(3) what the “bold action” referred to in the Regulator’s Policy Statement is.
(1) The Payment Systems Regulator
Every time anyone uses a cash machine, transfers money, uses contactless, or gets paid, they use a payment system. The call for a regulator to oversee the payment systems industry began in 2000 and provision was made for a regulator (under Part 5 of the Financial Services (Banking Reform) Act 2013) and the regulator’s functions became fully operational in April 2015: see www.psr.org.uk/
(2) “Push payments” and APP fraud
Push payments are transactions where the payer initiates the payment and “pushes” the funds to the payee’s account. Whoever is making the payment has full control over when the money is sent, the amount that is sent, who the money is sent to. Examples of push payments are bank transfers and bill payments.
“Push” payments are however to be contrasted with ”pull” payments which are where the payee (e.g. a business) initiates the transaction and “pulls” the money from the payer’s account. A common example of a “pull” payment is a direct debit.
The Money Helper website www.moneyhelper.org.uk lists an alarming number – 18 in all – of different types of scams of which “authorised push payment” (“APP”) fraud is one. It outlines APP fraud as follows:
“The goal of this scam is to get you to voluntarily send, or authorise, a payment to the scammers. They do this by posing as a legitimate business, often by intercepting or hacking your email account. It’s also the tactic used by scammers posing as your bank.
This scam often occurs when you’re in the process of buying a house, having building work done on your home or booking a holiday. The scammer intercepts a company’s email and sends you a message asking for payment. Because you’re expecting to have to pay a bill, it can be difficult to spot that this is a scam.
There’s a new common scam where you might get a text or WhatsApp from a new number, telling you that they’re a friend or relative that needs money. The messages can be worryingly convincing. If in doubt, call or message the person they’re pretending to be on their old number to double check.
You might think you are making a legitimate investment through your bank but the fraudsters are taking your money. You might be encouraged to buy crypto currency, open up a new bank account with a digital bank which has no history of previous transactions. These are common warning signs.”
(3) The “bold action” referred to in the Payment Systems Regulator’s policy statement
The Regulator’s “bold action” is indeed quite bold. It is to make reimbursement of victims of APP fraud mandatory so as to ensure consumers get consistent levels of protection if they fall victim to this type of fraud.
All types of APP fraud are covered by the new measures which might include e.g. impersonation or “romance” scams. The new measures apply to payments made on or after 7 October 2024.
In particular:
-
The protections apply to individuals, microenterprises and charities.
-
All types of payment firms, including bigger high street banks but also smaller payment firms are brought into the new reimbursement arrangements. The idea is that the mandatory nature of reimbursement will incentivise firms to stop fraud from happening in the first place – including, for the first time, those firms on the receiving end that bank the fraudsters.
-
The measures apply to UK bank transfers – so when money is moved from one UK bank account to another over the Faster Payments system or CHAPS. Other payment types, including card, cash, and cheque have their own protections in place.
-
In particular, as mentioned at the start of this note, APP fraud is different to unauthorised fraud, when e.g. someone steals your bank card to make payments. That type of fraud has different protections.
-
The maximum reimbursement is £85,000.
-
Unsurprisingly, you won’t get your money back if you’re found to have been complicit in the fraud. And nor if you have been “grossly negligent” but “gross negligence” is a high bar and this exception does not apply to vulnerable consumers.
Note: This material is for information purposes only and does not constitute any form of advice or recommendation by us. You should not rely upon it in making any decisions or taking or refraining from taking any action. If you would like us to advise you on any of the matters covered in this material, please contact Paul Neilly: email Paul@mitchells-roberton.co.uk