PSR’s plan to tackle Authorised Push Payment fraud is a start not the end

Roger Lester, global of SMEs at regtech company Featurespace and Andres Kitter, deputy CEO at LHV Bank talk to infinite Intelligence about the implications of PSR’s new Authorised Push Payment requirements The Payment Systems Regulator (PSR)’s new requirements for Authorised Push Payment fraud reimbursement are a step in the right direction and a platform to […]

Rajeeb Gurung
February 27, 2024
6 minutes

The Payment Systems Regulator (PSR)’s new requirements for Authorised Push Payment fraud reimbursement are a step in the right direction and a platform to further protect consumers. However, it cannot be the final stop in consumer protection against APP fraud.

On 7 June, the PSR confirmed new requirements related to APP fraud pitting the responsibility of reimbursement costs to both the sending and receiving firms.

While details of the requirements and process will be unveiled later this year, the move effectively requires the bank to be more vigilant of their customers’ payment behaviour.

Roger Lester, global head of SMEs at Featurespace, an anti-fraud and financial crime solutions technology company, explains, “Typically, banks have always monitored the outgoing payments, and there has not been much focus on when the payments made into the account in the first place. So, with this change, banks are now going to be just as focused on monitoring inbound payments as well as outbound.”

According to the latest figures from UK Finance, APP fraud losses reached £485.2 million in 2022. Although the number marked a 17% decrease from 2022, it still accounted for around 40% of £1.2 billion stolen that year.

Banks face added costs

The new measures seek to equally split the reimbursement burden to both sending and receiving firms. Nevertheless, banks will need to prepare for the shift.

Lester states that the implementation of the PSR’s new regime will mean more action and costs for the banks.

Andres Kitter, deputy CEO at LHV Bank, a newly licensed bank in the UK, agrees that the recent changes will add higher costs to the banks.

He says, “If we do this mandatory reimbursement and the fraud conditions meet the criteria of reimbursement, banks will have higher costs. Everything that is related to compensating consumer behavioural aspects like fraud means that somebody has to compensate. This means that practically speaking, there will be more cost associated with the payment processing which banks try to optimise.”

As most banks typically track outgoing payments, they will need to establish a new risk management framework which will monitor the incoming payments. The implementation of such risk management tools will add to the bank’s expenses.

Lack of standardised communication adds a wrinkle to the implementation

Beyond costs, Kitter highlights the lack of standardised communication between banks as a hurdle necessary for them to overcome.

In contrast to the card payment industry, which has in place a standardised process for chargebacks, financial institutions have not implemented APP fraud reimbursement flow.

“Certain aspects of the reimbursement are not delivered yet. For example, there is no proper and standardised technology to send fraud-related information between the banks. We need to implement better communication,” says Kitter.

He adds, “During this iteration of fighting fraud, the industry requires better technology and innovation so, banks could share them with each other in a more standardised manner, and quickly too. Because in most cases, the speed of sharing the information may avoid significant losses which happen with APP fraud.”

PSR’s new regulation will replace the existing APP voluntary code, which ten Payment Service Providers had signed up for.

The UK Finance report states that £248.6m out of £376.1m were reimbursed to fraud victims under the APP voluntary code in 2022.

The reimbursement volume marked an increase from the previous years, with the reimbursement rates exceeding 50% for the first time.

The new regulation is a welcome move

Despite the increasing impact, Kitter believes the innovation in the payment landscape, especially in relation to open banking, means that there is a need for a more comprehensive solution.

According to Kitter, when considering APP fraud in silos and ignoring account-to-account payments, the current reimbursement approach seems like a good solution because it overlooks the reasons behind the payment. Consequently, banks become liable to compensate customers if they have failed to take the proper precaution to prevent fraud. However, faster payments in combination with the open banking set-up replicates the same use case as a customer using a card on an e-commerce website.

He adds, “If you take fraudulent payments in combination with the open banking setup, then I think the reimbursement is not properly managed. Because then you need to look beyond the bank to know the actual beneficiary of the payment.”

Lester also agrees that the new regulation is a push towards the right direction as it adds another layer of protection and enables the banks to detect fraud quicker.

Lack of clarity adds uncertainty, requiring greater observation from the industry

The new reimbursement requirement will come into force in 2024. While the general objective of the new legislation is clear, it still lacks detail, which PSR plans to publish by the end of 2023.

As with any new regime, the absence of guidance adds complexity and lack of clarity for the implementing parties.

Kitter believes that without 100% clarity, there will be uncertainty about delivery targets.

He also suggests that banks may take different approaches when tackling data with fraud and the potential cost of reimbursement. This variation in approaches could lead to unfair and inequitable practices in the industry as larger banks may discriminate against the smaller players.

However, he warns that the concerns are not solely specific to individual banks’ implementations, but rather related to the industry’s future to ensure fairgrounds for operations.

Crucially, Kitter emphasises that banks must also factor in customer behavioural risk. He observes that the industry is in the dark about how new reimbursement requirements could influence the diligence of customers when approving payments.

The worry is that the shift in liability might inadvertently lead to less caution on the part of customers, thereby providing more opportunities for fraudulent activities. A further study and a more nuanced interpretation are therefore necessary.

As such, Kitter sees the need for the industry to observe further developments and is optimistic that the latest APP fraud reimbursement requirement is the first step to a better solution.