On 28 February 2024, the Payment Systems Regulator (PSR)’s Managing Director, Chris Hemsley, delivered a speech at the Fraud Leader’s Summit in which he discussed the new requirements the PSR is bringing in later this year to tackle authorised push payment (APP) scams.

Mr Hemsley opened the speech by outlining how the ubiquity, speed and convenience of the Faster Payments System (FPS) has led to it becoming a prime target for fraudsters. He emphasised that the FPS was not designed with fraud prevention in mind, and that while the PSR has since taken steps to build in some measures to protect people, further action is needed. As such, tackling fraud – and in particular APP scams, which have become one of the most common types of fraud globally – has been a significant focus for the PSR, with the goal of preventing as much of this fraud as possible. This involves changing the PSR’s systems, use of data and rules with the aim of ‘designing out’ fraud.

Measures which have already been implemented include:

  • The delivery of the name checking service, ‘Confirmation of Payee’.
  • The creation of a voluntary industry code to give broad guidelines to signatory firms on how they should respond to victims.
  • Enhanced reporting, which has assisted the PSR in addressing the disparities between different payment firms and consumer experience.
  • The Financial Services and Markets Act 2023, introduced last year, which removed regulatory barriers that had previously prevented the PSR from taking further action. This allowed the PSR to make it a requirement that victims of fraud should be reimbursed by their payment firm – so, from 7 October 2024, individuals, smaller charities, and microbusinesses can expect, in most circumstances, payment service providers to reimburse them for losses they incur through APP scams.  

With regard to the impact of these changes, Mr Hemsley acknowledged that operationalising this policy in time for October will require a lot of effort, both from industry and from Pay.UK as the Scheme Operator.  He therefore urged firms to prioritise the delivery and implementation of these systems, and to engage with Pay.UK in the design and development of infrastructure which will help exchange information between payment firms.

Mr Hemsley then briefly outlined that whilst generative artificial intelligence (AI) has greatly expanded the scope for criminals to commit fraud, AI can also be used to help payment firms better identify fraudulent payments before they occur, and to identify fraudulent accounts before they are able to receive funds. He concluded that better data and better analytics are the best shield a payment firm can invest in to mitigate their exposure to APP scams, and confirmed that the PSR will continue its work on data transparency to identify which firms are succeeding and which need to improve to prevent APP scams from occurring.