New requirements to reimburse victims of bank transfer scams set out
People who have been tricked into transferring money to fraudsters will be able to receive up to £415,000 back per claim under new requirements coming into force next year, a regulator has confirmed.
The Payment Systems Regulator (PSR) outlined the new consumer protections against authorised push payment (APP) fraud, which will come into force from October 7 2024.
At present, many banks have signed up to a voluntary reimbursement code, but there have been concerns that this has been applied inconsistently – meaning the chances of getting a refund may, to an extent, depend on who someone banks with.
The regulator said its new reimbursement requirement will prompt a step-change in fraud prevention and see the vast majority of money lost to APP frauds reimbursed to victims.
Its policy statement confirms that the maximum level of reimbursement per claim will be set at £415,000. A claim excess of no more than £100 may be applied.
The £415,000 limit is in line with the maximum award the Financial Ombudsman Service (FOS) can make when considering complaints.
The PSR said this is an important decision for both consumers and industry and it involves difficult trade-offs. The regulator will monitor the incidence and impact of high-value APP scams before the reimbursement requirement start date.
Alongside the new requirement to reimburse victims, the PSR is significantly increasing the incentives on all payment firms to do more to detect and prevent APP fraud from happening in the first place.
This includes splitting the cost of reimbursement 50/50 between “sending” and “receiving” firms – putting incentives in at the receiving end of payments for the first time.
The PSR also confirmed that firms which have sent the payments can – but do not have to – apply a claim excess of up to £100 if they choose to. This does not include claims made by vulnerable consumers.
Rocio Concha, Which? director of policy and advocacy, said: “Which? has led the campaign for a mandatory system of scam reimbursement since launching a landmark super-complaint seven years ago. Consumers are in desperate need of stronger protections, so it is very positive that the Payment Systems Regulator is progressing with its plans for implementing mandatory reimbursement.”
She added: “However, an excess of £100 would mean almost a third of APP scams would not be eligible for reimbursement, unless the victim is vulnerable. The PSR must be prepared to change the level of the excess if, as a result of the decision, fraudsters start to focus their attention on lower-value fraud.”
The PSR said consumers still need to take care when making payments.
It set out the circumstances when a bank might reasonably consider a person has not been sufficiently careful.
For example, the regulator said consumers should:
– Have regard to warning messages from their bank;
– Promptly notify their bank of suspected fraud;
– Share information with their bank to help them assess a claim;
– Consent to fraud details being reported to the police.
However, the onus will still be on banks to prove that a customer has acted with gross negligence.
The PSR said this is a very high bar and it expects that only a small minority of cases will be subject to this exception. The exception does not apply to vulnerable consumers.
The industry must comply with the obligations from October 7 2024, the PSR said.
PSR managing director Chris Hemsley said: “The action we’re taking significantly increases the level of protection for people and puts the UK at the forefront of APP fraud protections globally.
“Our approach incentivises banks and other payment firms to prevent APP fraud from happening in the first place, while ensuring victims are protected in a consistent way.
“Payment firms are already getting ready by improving fraud controls and more people are getting their money back. We now expect the momentum to implement the full protections to increase.
“We’ll be working closely with Pay.UK and payment firms to make sure they’re fully prepared to implement the new requirement next year.”
The PSR has published legal instruments which require payments processor Pay.UK and all payment firms that use the Faster Payments Scheme (FPS) to implement the requirements of the reimbursement policy.
While the PSR cannot introduce a financial incentive on fraud origination, it said social media and telecoms firms can and should do much more to prevent APP fraud.
The regulator said it welcomes the publication of the UK’s Online Fraud Charter, saying this takes an important step towards raising standards of protection against fraud on social media and telecoms platforms.
A spokesman for Pay.UK said: “We welcome the publication of the PSR’s finalised legal instruments for the APP reimbursement regime which place requirements on payment service providers to reimburse victims of APP fraud.
“We are playing our part, as directed by the PSR, in implementing the regime next year. We will continue our engagement with industry, regulators, and other stakeholders, including sharing our latest implementation plans as soon as possible.”
Emma Lovell, chief executive of the Lending Standards Board, which oversees the Contingent Reimbursement Model (CRM) code that is currently in place, said: “While mandatory reimbursement for authorised push payment fraud is welcome, we cannot lose focus on the importance of fraud prevention – the only way to truly prevent customer harm from occurring.”
She said the existing code requires signatory firms to take steps to prevent APP fraud from happening in the first place, adding: “It is vital that progress made in these areas does not fall away after October 2024.”
Paul Davis, director of fraud prevention at TSB, which has its own fraud reimbursement guarantee, said: “Having long campaigned for a higher level of fraud protection for consumers, these new rules will make a huge difference to the many innocent scam victims of other banks, who currently face a lottery when trying to get their money back.
“However, it’s vital that both social media and telecoms companies introduce much-needed anti-fraud measures to stop fraud from happening in the first place.”