Authorised Push Payments Fraud

Reimbursement Requirements for Authorised Push Payment Fraud

New reimbursement requirements for Authorised Push Payment (APP) Fraud came into force on 7 October 2024. The Payment Systems Regulator (PSR) is responsible for regulating and preventing APP fraud across the UK, overseeing the industry’s responsibility for fraud prevention and reimbursement. The Financial Services and Markets Act 2023 has introduced a statutory obligation on the PSR to enforce mandatory reimbursement requirements for APP fraud payments processed via the Faster Payments Scheme (FPS).

What does this mean for you?

If you are a victim of APP fraud, you will now have added protections and may be eligible for reimbursement. However, it is important to note that reimbursement is subject to certain conditions, and you must report the fraud as soon as possible.

It is also important to take preventative measures to reduce the risk of becoming a victim of APP fraud. This includes being cautious of unexpected or suspicious messages, verifying the authenticity of requests for money transfers, and keeping your personal information secure.

What is an APP scam?

An APP scam occurs when a criminal deceives you into transferring money to them. This type of fraud is different from others where thieves gain access to accounts and withdraw funds without the account holder's awareness.

In APP scams, fraudsters frequently pressure you to act quickly, causing panic before you can consider it carefully.

Types of APP scams

Below are some common APP scams and their warning signs to watch out for:

Purchase scams

The victim pays for goods or services that are never delivered. Fraudsters may convince victims to bypass secure payment methods.

Examples: Fraudsters advertise fake products (e.g., holiday listings or goods on online marketplaces) and trick victims into paying through manual transfers.

Investment scams

Victims are promised high returns on investments that do not exist, often through cold calling or time-sensitive offers.

Examples: Fake investment schemes in shares, property, gold, or cryptocurrency, promoted through emails, SMS, or social media.

Romance scams

The victim is deceived into thinking they are in a relationship with the fraudster, often through online dating platforms or social media.

Examples: Fraudsters ask victims for money under the guise of a personal or emergency situation, leading to direct transfers to the fraudster’s account.

Advance fee scams

Victims are asked to pay an upfront fee to secure a larger prize, payment, or service, which is never delivered.

Examples: Lottery or prize-winning scams requiring upfront payments; fraudulent surveys or questionnaires that collect victim details to initiate further scams.

Invoice and mandate scams

Fraudsters impersonate suppliers and trick businesses into diverting payments to fraudulent accounts, posing as legitimate service providers.

Examples: Businesses receive fake emails claiming a supplier’s payment details have changed, prompting them to send funds to a new (fraudulent) account.

Impersonation scams – Police/Staff

Fraudsters pose as trusted authorities or employees, tricking victims into transferring funds to a supposedly safe account to prevent further fraud.

Examples: Victims receive calls or emails from fraudsters posing as bank staff or police, requesting urgent payments to “secure” their funds from further fraud.

Impersonation scams – Other

Fraudsters impersonate representatives of government agencies or utility companies, demanding payments for fake bills or overdue accounts.

Examples: Victims receive calls or emails from fraudsters posing as HMRC or utility providers, claiming overdue bills that need immediate payment.

CEO fraud

Fraudsters impersonate senior executives to convince employees to authorise large, urgent payments.

Examples: An email from a fraudster posing as a CEO directs a finance employee to urgently transfer funds to a specified account while the CEO is “unavailable.”

How to Stay Safe from APP Scams

Do’s

• Verify Requests: Always verify payment requests through official communication channels. Contact the recipient directly using known contact details.
• Be Cautious: Be sceptical of unsolicited messages or calls requesting urgent payments or personal information.
• Use Two-Factor Authentication: Enable two-factor authentication on your bank accounts and online services to add an extra layer of security.
• Educate Yourself: Stay informed about the latest scam tactics and how to recognise them.
• Report Suspicious Activity: Report any suspicious or fraudulent activity to your bank and relevant authorities immediately.

Don’ts

• Don’t Rush: Avoid making hasty financial decisions, especially when pressured by unsolicited requests.
• Don’t Share Sensitive Information: Never share personal or financial information with unknown or unverified contacts.
• Don’t Follow Links: Avoid clicking on links or downloading attachments from unknown sources.
• Don’t Ignore Red Flags: Trust your instincts. If something feels off, it probably is.

Eligibility Criteria for making a claim

In order to be able to claim under APP Reimbursement rules you need to meet the following criteria:

• Micro-enterprises (including sole traders): Defined as businesses with fewer than ten employees and an annual turnover or balance sheet total not exceeding €2 million. If your business meets these criteria, you are eligible for APP fraud reimbursement.
• Small Charities: Charitable organisations with an annual income of less than £1 million, as defined by the Charities Act 2011, Charities and Trustee Investment (Scotland) Act 2005, or Charities Act (Northern Ireland) 2008.

Time limits for making a claim

The requirement applies only to payments made on or after 7 October 2024. You must have raised your claim within 13 months of the final payment made to a fraudster as part of the same scam.

Maximum claim limit

The maximum claim limit applicable to an APP scam claim is £85,000.  In addition, we will levy an excess of £100 to investigate all claims.

How the rules apply to vulnerable consumers

Where you identify as vulnerable, the Consumer Standard of Caution and the excess do not apply. Assessment of vulnerability will also consider the financial impact of levying an excess on consumers with low financial resilience, and exempt consumers from the excess where its application will lead to financial stress. Please refer to our website for how we support our customers in vulnerable circumstances (viva.com).

Exclusions to the reimbursement requirement

Every claim will be assessed on a case-by-case basis, considering the evidence presented by the customer and any other information available (including any third parties such as the police). The potential reasons your claim may be excluded by viva.com include:

• First party fraud
• Gross negligence
• Time exclusions (claims made before 7 October 2024 and APP claims submitted more than 13 months after the final payment to the fraudster)
• International payments
• Payments which take place across other payment systems
• Scam payments made using cheques and cash
• Payments made to an account the consumer controls, or payments that are not authorised by you (‘unauthorised payments’)
• Civil disputes
• Where payments are sent or received by credit unions, municipal banks and national savings banks

What we would expect from you

There are certain basic requirements we would expect you to take when dealing with your claim (called the ‘Consumer Standard of Caution’). These include:

• to promptly report the scam to us upon learning or suspecting that you have fallen victim to a scam
• to comply with appropriate information requests from us to support the assessment of the claim
• to consent to us sharing relevant information with the relevant Payment Service Providers, where needed, potentially including personal information about you such as your name and account information
• to report to the police or allow us to do so on your behalf, if required

What to do if you suspect you have been the victim of an APP scam

Take Five to Stop Fraud helps you to confidently challenge any requests for your personal or financial information or to transfer money to a criminal’s account. It focuses on financial frauds and scams directly targeting you.

To help everyone stay safe from fraud and scams, Take Five to Stop Fraud urges you to follow campaign advice:

STOP: Take a moment to stop and think before parting with your money or information. It could keep you safe.

CHALLENGE: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.

PROTECT: Report it to  Action Fraud at actionfraud.police.uk or on 0300 123 2040.

Report it to Viva.com directly on our website viva.com either via call on +44 20 37347770 or online chat.

Please note that for the purposes of assessing APP reimbursement claims, our Viva.com specialised team will be operating during normal business working hours i.e. Monday-Friday from 9am-5pm. We aim to process all claims within 5 business days (and 35 business days in exceptional circumstances).

In any situation where you are unsatisfied with the outcome of our claim investigation, you can use our existing complaints process and escalate disputes to the Financial Ombudsman Service (FOS).