ao link
Business Reporter
Business Reporter
Business Reporter
Search Business Report
My Account
Remember Login
My Account
Remember Login

The burden of reimbursement for app fraud

Linked InTwitterFacebook

What do the new rules tell us about who should bear the responsibility app fraud? Rosie Wild and Iason Pafitis at Cooke, Young & Keidan LLP explore a form of fraud which is growing strongly

 

On 7 October 2024, new rules came into effect that require banks to reimburse victims of APP fraud, up to a limit of £85,000, within 5 business days, unless specific exceptions apply (the mandatory reimbursement requirement).

 

There is no question that these new rules have been well-documented since they were first announced in June 2023. You might even have noticed warnings pop up on your banking apps around the implementation date explaining the details of the new scheme.

 

Two important developments took place in September 2024, shortly before the new rules came into force. The first development concerned the scope of the new rules’ application (i.e. extending this to CHAPS payments as well as FPS payments), while the second related to a substantial reduction to the maximum reimbursement level per claim (from £415,000 to £85,000).

 

However, the question remains whether the new rules strike the right balance between protecting victims of fraud and placing the burden on others, such as the banks, to compensate such victims.

 

As regards the developments in the rules shortly before they came into force, the first concerned a somewhat logical extension of the protection afforded by the mandatory reimbursement requirement to CHAPS payments, which were initially excluded from the new scheme (payments via FPS already being included).

 

While a large proportion of day-to-day transactions are executed via FPS (which last year processed 4.5 billion transactions with a value of £3.7 trillion), it seemed arbitrary that payments by CHAPS were not included, especially given CHAPS is often used for larger payments that are not suitable for FPS (with CHAPS payments representing over 90% of total sterling payment values in the UK).

 

The PSR’s decision to harmonise the scheme to cover both payment systems is a welcome development for consumers; potentially less so for banks.  

 

The second (and very important and hotly debated) development concerned the maximum reimbursement level per claim. Until September 2024, this was set to be £415,000 across both FPS and CHAPS. This limit was severely criticised in the banking industry with many calling for the limit to be reduced.

 

Days before the new regime came into force, the PSR reduced the limit for reimbursement of FPS payments to £85,000, and the Bank of England, as the operator of CHAPS, also decided to adopt the lower level. This decision was made in response to a consultation published by the PSR in early September 2024, following continuing concerns (as alluded to above) from stakeholders, including banks’ concerns about the impact that the maximum level of reimbursement might have on their solvency and on their customers should these concerns materialise. 

 

The implications of the PSR’s somewhat controversial decision to reduce the maximum level by £330,000 per claim are not straightforward. There was a lot of input into the consultation by industry members, industry bodies, consumer organisations and other stakeholders with specific expertise (such as fraud consultants and academics), many of whom had different views on whether the limit should be reduced or not.

 

Ultimately, the PSR decided that the reduced (£85,000) maximum reimbursement level strikes the right balance between three main factors: the impact on the banks in terms of their liability, coverage of the majority of instances of APP fraud, and the incentives for banks to take anti-fraud measures. 

 

In terms of bank liability, despite the reduction, given the prevalence of APP fraud the rules will still have an impact on the banks, and no doubt will have incentivised banks to increase internal measures to try to prevent this type of fraud occurring. There have also been wider discussions and suggestions that entities in other sectors –in particular the tech sector– should share in the reimbursement burden of victims, and it is possible that there could be developments in that direction in the future. 

 

In terms of victim protection, the PSR is of the view that 99.8% of all FPS APP scams by volume, and 90% by value, would be fully reimbursed under the new rules (provided, of course, that they do not fall within the exceptions).

 

However, given that only 411 of the scams reported to the PSR last year (during the pre-implementation phase) were over £85,000, it seems likely that many frauds of this nature are not being reported to the PSR, and hence are not accounted for in the statistics. Therefore, our view is that there might be many more victims of APP fraud who would not be adequately compensated under the current rules than the PSR’s estimate suggests.

 

The question remains as to whether the current reimbursement rules strike the right balance between those who are defrauded and those who are (inadvertently) caught up in the fraud, such as the banks. According to the new rules, in most cases the banks must reimburse payments unless the customer concerned has acted with gross negligence.

 

As a result, banks are caught between a rock and a hard place. While the new scheme gives rise to strong incentives for banks to minimise costs arising out of their new obligation to reimburse payments, banks must also ensure that any anti-fraud measures they put into place do not undermine their ability to comply with their ordinary duty to carry out customers’ instructions.

 

This increased burden on banks has evidently been recognised. In response to this, not only was the maximum level of reimbursement reduced but also, on 30 October 2024, banks are set to acquire new powers to delay customer transactions by up to four business days if they reasonably suspect that a payment order is fraudulent.

 

Currently, banks must credit transactions by the end of the next business day after receiving the order. It remains to be seen how far these powers will go to enable banks to police fraud effectively and assist them to minimise the reimbursement burden in cases of APP fraud. It is not impossible to think of a new wave of claims against banks that could arise out of the potential (mis)use of such powers.

 

It will be interesting to see how the landscape of APP fraud develops over the next year and whether the new rules will stand the test of time. 

 


 

Rosie Wild is a partner and Iason Pafitis is a paralegal at disputes firm Cooke, Young & Keidan LLP

 

Main image courtesy of iStockPhoto and ArtMarie

Linked InTwitterFacebook
Business Reporter

Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543