Coronavirus Read our latest advice

We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.

Reimbursement for authorised push payment fraud

Just over a year since the launch of the UK’s first set of standards detailing how to treat victims of authorised push payment (APP) – or bank transfer – fraud, we outline consumers’ experiences and make recommendations as to how to improve the system further.

Which?’s 2016 super-complaint highlighted the glaring gap in fraud protection and redress for fraud via authorised push payments compared to other forms of payment such as debit and credit cards. The voluntary Contingent Reimbursement Model (CRM) Code introduced in May 2019 is designed to give victims the chance of fairer and more consistent redress. Which? welcomed the Code as a significant step forward. 

We hope that this report will help inform the Lending Standards Board’s one-year review of the CRM Code. We outline the key issues affecting victims:

• An over-reliance on victims having ignored warnings

• Unreasonable expectations of how victims should have verified who they were paying

• A failure to properly assess vulnerability

• Poor communications with victims

Urgent action is needed to ensure firms adhere to the Code. We call on all firms that have signed up to the CRM Code to:

• Test warnings to see if they are ‘effective’

• Base their judgements of what is reasonable on evidence of actual customer behaviour

• Train all relevant staff in how to identify customers who could be or may have been vulnerable to APP fraud

• Provide victims with specific reasons to explain reimbursement decisions

We also call on the Payment Systems Regulator to evaluate the effectiveness of the voluntary industry code that it proposed. 

Which? believes that the evidence over the past year shows that the CRM Code should be made mandatory. Regulatory oversight of how firms treat victims with regards to reimbursement is much more likely to lead to fairer and more consistent outcomes than we have seen under a voluntary approach. It can also force all payment providers to reimburse victims, where appropriate. UK Finance and the Treasury Select Committee have both also called for the Code to be made mandatory.

The Payment Systems Regulator should have the powers and the appetite to act to make reimbursement mandatory. We want the government to clarify whether this is the case,and if necessary direct the action it expects the regulator to take.

Reimbursement for authorised push payment fraud 510 Kb | 11 Aug 2020