APP Scams Steering Group Agrees Voluntary Code

The Authorised Push Payment (APP) Scams Steering Group is today announcing that it has agreed a voluntary Code of good practice which aims to better protect customers and reduce the occurrence of APP fraud.

Authorised push payments (APPs) are made when people request their bank or building society (also known as a payment services provider or PSP) makes a payment from their account to another account. Scams involving APPs occur when consumers are tricked into authorising a payment to an account that they believe belongs to a legitimate payee – but is in fact controlled by a scammer. Payments related to APP scams can be made over the phone, online, or in person, and most are completed instantly.

APP scams are a crime that can have a devastating effect on the victims. Statistics released by UK Finance in September 2018 showed that, in the first half of 2018, consumers lost £92.9 million due to authorised push payment scams.

Today, the Steering Group, which is made up of industry and consumer group representatives, is publishing the text of the voluntary Code and its detailed response to the feedback received on its consultation on the draft Code, which was issued last year. The Code will become effective on 28 May 2019 and customers of those payment service providers that are signatories will be protected under the Code from this date.

The Code sets out the agreed principles for greater protection of consumers and the circumstances in which they will be reimbursed – marking a significant step in delivering improved protections for customers.

Under the Code any customer of a bank or PSP signed up to the Code who falls victim to an APP scam will be reimbursed if their bank failed to meet the standards set out in the Code, providing the customer did everything expected of them under the Code.

Payment service providers that sign up to the Code will commit to:

  • protecting their customers, including procedures to detect, prevent and respond to APP fraud, with a greater level of protection for customers considered to be vulnerable to this type of fraud; and
  • preventing accounts from being used to launder the proceeds of APP fraud, including procedures to prevent, detect and respond to the receipt of funds from this type of fraud.

The Steering Group has concluded that in the minority of cases where both the consumer and PSPs involved in a transaction have met their expected level of care (the so-called ‘no blame’ scenario), the consumer will be reimbursed. The precise long-term funding arrangements are in the process of being agreed. The PSPs, supported by the PSR, have committed to work together to introduce a longer-term funding mechanism for January 2020. In the period from implementation until 31 December 2019 a number of PSPs have committed to fund an initial contribution in order for customers in the ‘no blame’ scenario to be reimbursed from the time the Code becomes effective until the end of 2019.

Prior to the commencement of the Code in May 2019, PSPs who are not members of the Steering Group will be invited to become signatories. The Steering Group’s aim is for as large a proportion of the PSP market as possible to be covered by the Code upon its implementation. The first group of signatory payment service providers will be announced on 28 May 2019.

From 1 July 2019, the ongoing operation and governance of the voluntary Code will be carried out by the Lending Standards Board (LSB). In the meantime, the Steering Group will work with the LSB to design the future governance and review arrangements.

Ruth Evans, independent chair of the Steering Group, said:

“Authorised push payment fraud is a crime that can have a devastating impact on victims and this voluntary Code is a major milestone in protecting customers. With payment service providers and consumer groups working together to create a lasting and fair solution for all, the Code will also help to stop these scams occurring in the first place.

“For the first time under the Code any customer of a signatory payment service provider will be fully reimbursed if they are the victim of an APP scam, met the standards expected of them and their provider did not meet the standards expected of them under the Code.

“We now want to encourage as many payment service providers as possible to sign up to the Code before it comes into effect. And we need everyone involved in tackling this crime – banks, consumer groups, technology firms, regulators and government – to redouble their efforts in making this work to protect all consumers.”

Ends

Notes to Editor:

  1. The Authorised Push Payment Scams Voluntary Code, including the standards expected of firms and customers, is available here.
  • The APP Scams Steering Group consultation response is available here.
  • The Authorised Push Payment Scams Steering Group is led by an independent chair appointed by, and directly accountable to, the Payment Systems Regulator. Members of the steering group are appointed by the Chair and include an equal number of representatives of payment service providers and consumers – those key stakeholder groups that will be impacted by the introduction of the code. Further details are available here.
  • Statistics released by UK Finance in September 2018 showed that, in the first half of 2018, consumers lost £92.9 million due to authorised push payment scams.