Implementing Authorised Push Payment (APP) Fraud reimbursement: Key insights from the recent BeyondFS roundtable
As the 7th October 2024 deadline approaches for the new APP (Authorised Push Payment) Fraud Reimbursement rules, the Payments industry, responsible in practice for implementing the new regime, still faces uncertainty in many areas.
During a recent roundtable hosted by BeyondFS, industry practitioners discussed four critical areas of ambiguity: Gross Negligence, Vulnerability, Dispute Resolution, and the Application of Excess.
Let’s take a closer look at these issues and how payments firms are preparing to tackle them.
Pulse Check on Readiness
When asked to gauge their readiness for the new rules, responses varied from ‘just a few’ (but significant) concerns, through to ‘not ready at all’. This spectrum of assessments underscored the uncertainty and preparation gaps that firms are grappling with less than three months from the deadline.
Gross Negligence
Gross negligence remains a contentious area, with multiple issues complicating its application.
Payments firms are prioritising operational readiness for reimbursements and ensuring that robust controls are in place. They expect to evaluate gross negligence on an individual case-by-case basis, starting out with the assumption that customers have acted appropriately.
Firms highlighted the difficulty of defining and proving gross negligence, particularly as a payment receiving firm. There's an expectation that the sending firm will have to determine whether there has been gross negligence.
The discussions revealed a shared concern about the difficulties of establishing gross negligence and being able to prove gross negligence, given the high bar set by the PSR.
Worryingly, payments firms anticipate a significant increase in fraud collusion cases, potentially rising by 50-100%, as customers and criminals become aware of the new obligation to reimburse payments in full.
Vulnerability
Defining and managing vulnerability in the context of APP Fraud is another grey area.
Most current frameworks for assessing vulnerability are not sufficiently integrated with the payment process to allow a fully automated approach, so detection of vulnerability will rely heavily on customer service representatives.
Where AI is in scope to be used in assessing vulnerability, there is a strong belief that independent reviewers will still be needed to ensure accuracy and fairness. Arbitrary criteria, such as age, are insufficient.
Payments firms are focusing on educating staff to understand and identify true vulnerability within their customer base, avoiding broad categorisations based solely on factors such as Age. They stressed the importance under the new rules of distinguishing between general vulnerability and vulnerability specific to a particular scam.
领英推荐
Dispute Resolution
Preparing for dispute resolution is a critical concern as the new rules come into effect.
Some providers fear a chaotic initial phase post-October 7th, and expect that they will simply strive to manage as best they can under the circumstances. Industry engagement calls have been described as disorganised, with significant misalignment among stakeholders.
The proposed RCMS solution should contain an up-to-date directory of payments firms’ contacts to support dispute resolution, but it is not clear how this solution will be adopted in the first instance. Longer term, there is concern about how this information will be maintained.
More broadly, there is concern about lack of plans to support dispute resolution through the industry solutions.
Concerns were also raised about the potential mismatch of risk appetite between large firms and smaller firms, with smaller firms having limited ability to successfully challenge decisions taken by the larger players. For larger players, the disputed amounts are likely to be seen as less significant, enabling them to absorb the cost of reimbursement more easily than smaller firms.
Application of Excess
The decision of whether or not to apply an excess in reimbursement cases is still under consideration by many firms, with a general preference to apply either the full £100 excess or none at all.
Introducing an excess is not necessarily straightforward. It is likely to require a change in account terms and conditions, and there are also concerns about the reconciliation challenges that the application of an excess might introduce.
Some institutions may add the excess into their terms, but refrain from applying it until they see how others in the industry handle the issue. Many smaller players will take their lead from the large banks.
General Observations
There was a universal view that accurate and up-to-date customer data will be paramount for effective fraud detection and claims management. Firms are also considering new tools to delay payments, allowing more time to assess legitimacy and prevent fraud.
Finally, standardising business hours for handling fraud claims was felt to be necessary to ensure consistency across the industry.
Conclusion
As payments firms brace for the 7th October deadline, successful implementation of the new APP Fraud reimbursement rules will lie in robust preparation, and flexibility as the new regime takes shape and standard practices emerge. The rules present significant challenges, but with careful planning and industry collaboration, firms can mitigate the biggest risks.
BeyondFS stands ready to assist payments firms in this transition, with our extensive experience of balancing regulatory compliance with operational efficiency, whilst helping clients maintain a positive experience for their customers.
Contact us to find out more:? https://beyondfs.co.uk/contact