New voluntary Code on authorised push payment scams launches today

  • The Code gives customers increased protections against authorised push payment (APP) scams and assures full reimbursement for victims of APP scams who have met certain requirements
  • Eight payment service providers (PSPs), representing 17 consumer brands and over 85 per cent of authorised push payments, have signed up from today, with more PSPs working towards implementation

From today, consumers will benefit from significantly increased protections against authorised push payment scams as an industry voluntary Code developed by the APP Scams Steering Group comes into effect.

Authorised push payment (APP) scams are when customers are tricked into authorising a payment to an account that they believe belongs to a legitimate payee – but is in fact controlled by a scammer.

APPs are made at the request of the customer and can be carried out over the phone, online, or in person. Consumers lost £228.4 million due to APP scams in 2018, according to statistics from UK Finance.

The new voluntary Code sets out increased consumer protection standards which will help reduce the occurrence of APP scams. To help protect customers, payment service providers that have signed up to the Code commit to:

  • protect their customers with procedures to detect, prevent and respond to APP scams, providing a greater level of protection for customers considered to be vulnerable to this type of fraud; and
  • greater prevention of accounts being used to launder the proceeds of APP scams, including procedures to prevent, detect and respond to the receipt of funds from this type of fraud.

Importantly, any customer of a bank or payment service provider (PSP) which is signed up to the Code will be fully reimbursed if they fall victim to an APP scam, provided they did everything expected of them under the Code.

Eight payment service providers, representing 17 consumer brands (listed below), have committed to implementing the Code from today, with more working towards implementation in the coming months.

Ruth Evans, independent chair of the APP Scams Steering Group, said:

“Today marks a watershed in delivering increased protections for consumers from authorised push payment scams. For the first time, any victim who is a customer of a signatory firm will be fully refunded, as long as they meet the standards expected of them.

“For far too long these scams have caused havoc to consumers’ lives. They can have a devastating impact, causing hardship and distress to victims that can lose anything from a few pounds, to the whole of their life’s savings.

“From today, the majority of consumers will be covered by the Code and it is great to see that many more banks and PSPs are working towards joining the scheme. It remains vital that every sector – banks, consumer groups, technology and telecom firms, regulators and government – does all it can to tackle this devastating crime and prevent money getting into the hands of criminals.”

The Code will apply to APP scams occurring from today (Tuesday 28 May). Customers of signatory PSPs who fall victim to an APP scam from today should address their claim to their PSP. PSPs then have 15 business days to make a decision, apart from in exceptional circumstances.

Customers who have fallen victim to an APP scam before today, or those who are customers of non-signatory PSPs, should speak to their provider in the first instance. All customers can also take a complaint to the Financial Ombudsman Service. 

The voluntary Code was developed by a Steering Group established by the Payment Systems Regulator. The Steering Group is comprised of an equal number of representatives from consumer groups and industry brought together to ensure a fair and sustainable solution for all.

From 1 July 2019, the ongoing operation and governance of the voluntary Code will be carried out by the Lending Standards Board (LSB).

Dave Pickering, Chief Executive of the Lending Standards Board, said:

“The LSB is delighted to be playing a key role in the governance and oversight of the new Code. Authorised push payment scams have a devastating impact on victims and the LSB is committed to ensuring that the Code works effectively and that signatories fulfil their obligations under it.

“The LSB has a strong track record in overseeing industry codes, and, through our work, improving standards within firms, developing industry good practice, with the customer being the ultimate beneficiary.

“We look forward to working with payment service providers, wider industry and consumer groups to make a positive difference to victims of scams and reducing the success rates of these crimes.”

In the minority of cases where both the consumer and PSPs involved in a transaction have met their expected level of care (the so-called ‘no blame’ scenario), the consumer will be reimbursed if the sending PSP is a signatory to the Code. The precise long-term funding arrangements are in the process of being agreed. The PSPs, supported by the PSR, have committed to work together to introduce a longer-term funding mechanism for January 2020. As an interim arrangement, in the period from implementation until a new long-term funding arrangement is in place no later than the end of this year, a number of PSPs have established a fund in order for customers in the ‘no blame’ scenario to be reimbursed from today.

In a situation in which a signatory PSP has failed to provide the protections set out in the Code and the customer has also not done what was expected of them, then the customer will be reimbursed some, but not all, of their money.

Customers of PSPs who fall victim to an APP scam can still take a complaint to the Financial Ombudsman Service, whether or not their PSP has signed up to the Code

1. The following PSPs have committed to implementing the Code from today:

Payment Service ProviderBrands
BarclaysBarclays
HSBCHSBC
First Direct
M&S Bank
Lloyds Banking GroupLloyds Bank
Halifax
Bank of Scotland
Intelligent Finance
Metro BankMetro Bank
NationwideNationwide
RBSRoyal Bank of Scotland
Natwest
Ulster Bank
SantanderSantander
Cahoot
Cater Allen
Starling BankStarling Bank

2. The following PSPs have established a fund in order for customers in the ‘no blame’ scenario to be reimbursed from today:

Barclays
HSBC
Lloyds Banking Group
Metro Bank
Nationwide
RBS
Santander

– ENDS –

1. The Authorised Push Payment Scams Voluntary Code, including the standards expected of PSPs and customers, is available here. A guide for consumers is available here.

2. A customer can be either a consumer, micro-enterprise or charity, as defined in the Authorised Push Payment Scams Voluntary Code (p4).

3. Under the Code, customers are expected to:

  • extra messages when they set up, change or make payments. It’s very important that they pay attention to these and follow any instructions.
  • Have a reasonable basis for believing that:
    • The person they pay was the person they were expecting to pay
    • That the payment is for genuine goods or services
    • The person or business they are paying is legitimate
  • Take care – if they have been extremely careless then they shouldn’t expect to get their money back.

4. The Authorised Push Payment Scams Steering Group is led by an independent chair appointed by, and directly accountable to, the Payment Systems Regulator. Members of the steering group are appointed by the Chair and include an equal number of representatives of payment service providers and consumers – those key stakeholder groups that will be impacted by the introduction of the Code. Further details are available here.

5. Statistics released by UK Finance in March 2019 showed that in 2018 consumers lost £228.4 million due to authorised push payment scams.