APP Scams Steering Group publishes draft voluntary code to better protect consumers from authorised push payment (APP) scams

  • draft voluntary code designed to help prevent authorised push payment (APP) scams has been published for consultation
  • The draft code is designed to help stop these scams from happening and protect consumers when they do
  • The draft code is now open for full consultation until 15 November 2018 with the intention of agreeing a final voluntary code to be implemented in early 2019.

Authorised Push Payment (APP) scams can have a devastating impact on victims. Statistics released by UK Finance this week show that, in the first half of 2018, consumers lost £92.9 million because of this type of fraud. In an APP scam, the account holder is tricked by a fraudster into authorising a payment to be made to another account.

The APP Scams Steering Group, made up of industry and consumer group representatives, has today published a draft voluntary code to better protect consumers.

The draft voluntary code aims to make it harder for criminals to commit this type of fraud, sets out how consumers can be vigilant and take reasonable steps to protect themselves whilst giving them greater levels of protection and support from their banks. Importantly, the code proposes the principle that where a consumer has met their requisite level of care, they should be  reimbursed. It has been developed and proposed with the principles of fairness, simplicity and transparency at its core.

Under the draft code, each bank and other payment service providers (PSPs) would take measures to tackle APP scams, such as:

  • Detecting APP scams through measures such as analytics and employee training
  • Preventing APP scams from taking place by taking steps to provide customers with effective warnings that they are at risk
  • Responding to APP scams, for instance by delaying a payment while an investigation is conducted and if necessary, carrying out timely reimbursement

The draft code is now available for full consultation until 15 November 2018. The Steering Group is inviting feedback, discussion and representations on the draft code and on the outstanding issues that need to be resolved. The intention is that the code will be finalised in early 2019.

This is an important step forward towards better and more consistent protection for consumers and standards for industry.

Ruth Evans, independent chair of the steering group said:

“This is a unique initiative bringing together the industry and consumer groups to set out how best we can tackle this issue – and really help those people who’ve become victims of these devastating crimes. Importantly, the code asks banks to hold themselves to account and for consumers to take steps to protect themselves.

“Over the last six months, we’ve worked hard to develop a draft voluntary code that can give consumers better protection from APP scams. We are committed to getting a final code in place in early 2019, but first we need to hear from others.

“This publication marks an important step towards greater and more consistent protection for consumers and stronger standards for how banks and other payment service providers will prevent this type of fraud happening in the first place. This consultation is now the ideal opportunity to give feedback about how the code develops in the final stages”


For any media enquiries about the Authorised Push Payments Scams Steering Group please contact 0207 554 1751. Please note, the Steering Group is not able to investigate individual cases or provide customer advice.

Notes to editors

The Authorised Push Payment Scams Steering Group is led by an independent chair appointed by, and directly accountable to, the Payment Systems Regulator. Members of the steering group are appointed by the Chair and include an equal number of representatives of payment service providers and consumers – those key stakeholder groups that will be impacted by the  introduction of the code.

The PSR, for administration reasons, will collect consultation responses on behalf of the APP Scams Steering Group.

Effect of the draft voluntary code 

Until a final code is agreed and published, the draft code is not ‘in force’. From today, however, retail banks represented on the steering group have individually committed to start work towards implementing the standards of the draft code during the consultation period.

Future work on reimbursement principles 

The Steering Group has proposed that where a consumer has met their requisite level of care the consumer should be reimbursed. However, the Steering Group has identified that there may be instances where a victim of an APP scam has met their requisite level of care, and so should be reimbursed, but no bank or other Payment Service Provider involved in the payment journey has breached their own level of care. The Steering Group has not been able, so far, to resolve the question of who should meet the cost of reimbursements in these circumstances.

The Steering Group will continue to work hard during the consultation period to consider and identify a sustainable funding mechanism through which to reimburse consumers in such a scenario. In addition, the Steering Group will continue work to consider the evidential approach that underpins the code, agree a mechanism for how disputes between banks and other payment service providers can be resolved, and agree the governance of the code once it is finalised.

The code is now available for full consultation on the Steering Group’s dedicated website with responses required by 15 November 2018.

All media inquiries:
Charlie Reith: +44 7597 575 664
Nick Hargrave: +44 7496 841 375

Please note that the Payment Systems Regulator will collect responses to the consultation on behalf of the Steering Group (see paragraph 1.18 of the consultation document). The PSR will then pass the response to the Steering Group’s Chair, the independent adviser and the independent consultancy that is assisting the Chair and adviser. Before doing so, the PSR will remove any information the PSR considers to be personal data. The PSR will retain the consultation response (including any personal data) securely until it is no longer needed. This is so that respondents can be contacted, for example to clarify the contents of the response or to obtain further details about matters described. It will then be erased by the PSR from its storage system. A person sending a response may request that the response is erased by the PSR at any time.