Steering Through Scams: How UK's New APP Regulation Affects Payment Processing

The United Kingdom, a global fintech hub, is becoming increasingly vulnerable to fraud. It is already known that fraudsters are using more advanced tactics with each passing year, and payment processing companies are in the crosshairs. Authorized Push Payment (APP) fraud, a sophisticated form of financial deceit where victims are manipulated into sending money to fraudsters, has seen a troubling rise. Recognizing the urgency of the situation, the United Kingdom government has introduced the Payment Services (Amendment) Regulations 2024, a decisive step towards fortifying the defenses of its payment infrastructure.

The rising tide of APP fraud

In recent years, the UK has witnessed a significant uptick in APP fraud incidents, impacting not only the financial well-being of individuals but also eroding trust in the payment systems at large. This form of fraud exploits the ease and speed of digital transactions, turning these advancements against users through deceit and manipulation. Victims, misled by fraudulent schemes, authorize payments to accounts controlled by criminals, often resulting in substantial financial loss and emotional distress.

Financial losses were noted across various financial sectors. Authorized push payment (APP) fraud losses reached £485.2 million (€565,6 million) in the UK alone. The United Kingdom isn’t the only region that’s affected by app fraud. According to recent reports, APP fraud losses are increasing and will continue to climb to $6.8 billion by 2027 across 6 leading real-time payment markets (this denotes the US, UK, India, Brazil, Australia, and Saudi Arabia). 

Historically, efforts to combat APP fraud have involved a mix of regulatory measures and industry initiatives aimed at enhancing the security of digital payments. Despite these efforts, the adaptability of fraudsters and the evolving landscape of digital transactions have presented ongoing challenges. This has necessitated a more robust regulatory response to address the complexities of APP fraud effectively.

The payment services (amendment) regulations 2024 unveiled

At the heart of the UK's strategic response is the Payment Services (Amendment) Regulations 2024. These regulations amend the existing Payment Services Regulations 2017, introducing measures specifically designed to delay the processing of payments when there is a reasonable suspicion of fraud. This legislative adjustment allows Payment Service Providers (PSPs) to take a more proactive stance in identifying and investigating potentially fraudulent transactions.

The new regulations underscore the government's commitment to a balanced approach that safeguards consumers and businesses from fraud while minimizing disruption to legitimate payment flows. By allowing PSPs the time to conduct due diligence on suspicious transactions, the regulations aim to strike a delicate balance between security and efficiency in the payment ecosystem.

A closer look at delayed payments processing

One of the cornerstone features of the Payment Services (Amendment) Regulations 2024 is the provision for delaying payment processing. Under specific conditions, PSPs are now permitted to extend the execution timeline of an outbound payment transaction by up to four business days, a significant departure from the previous mandate that required completion by the end of the next business day. This delay is contingent upon the presence of reasonable grounds to suspect that a payment order may be fraudulent.

The introduction of this measure reflects a nuanced understanding of the dynamics of APP fraud. By granting PSPs the discretion to delay transactions for further investigation, the regulations provide a critical window to verify the legitimacy of suspicious payments, potentially averting financial losses for both consumers and businesses. Furthermore, the regulations outline clear guidelines for PSPs regarding the notification of customers about any delays, ensuring transparency and accountability in the process.

Balancing risk and efficiency

The Payment Services (Amendment) Regulations 2024 bring to the fore a nuanced approach to managing payments, embedding a risk-based methodology that aims to strike a delicate balance between deterring fraud and maintaining the fluidity of legitimate transactions. This paradigm shift empowers Payment Service Providers (PSPs) to apply a more discerning lens when processing payments. Specifically, the regulations permit PSPs to delay the execution of payments under suspicion for up to four business days—a measure previously uncharted in legislation.

This provision serves as a dual-edged sword; on one hand, it grants PSPs the necessary temporal window to conduct thorough investigations into potentially fraudulent transactions, thereby minimizing the risk of financial losses for both consumers and businesses. On the other hand, it underscores the imperative to ensure that such scrutiny does not unduly impede the efficiency of bona fide payments, a cornerstone of the digital economy's integrity. The challenge lies in the PSPs' ability to judiciously discern between genuine and fraudulent transactions, a task that demands sophisticated risk assessment tools and robust internal protocols.

Stakeholders in the spotlight

The ramifications of the new APP regulation are far-reaching, touching various facets of the financial ecosystem. Primarily, PSPs find themselves at the heart of this regulatory evolution, tasked with the critical responsibility of implementing these changes. The directive compels PSPs to enhance their fraud detection capabilities, necessitating investments in advanced analytics and machine learning technologies to identify fraudulent patterns effectively.

Furthermore, businesses and consumers, the lifeblood of the payment processing landscape, stand to experience the direct impact of these regulations. While the overarching goal is to safeguard their financial assets from the claws of fraudsters, the potential delay in payment processing could introduce friction in their transactional experiences. Businesses, in particular, may need to recalibrate their cash flow management strategies to accommodate the possibility of delayed payments, an adjustment that underscores the need for transparent communication and collaboration between PSPs and their clientele.

The introduction of these regulations also prompts a broader discourse among regulatory bodies, financial institutions, technology providers, and consumer advocacy groups. Each stakeholder brings a unique perspective to the table, collectively contributing to the formulation of a resilient, fraud-resistant payment ecosystem. As the landscape continues to evolve, the dialogue between these entities will be instrumental in refining the regulations, ensuring they remain adaptive to the emerging trends and threats in the realm of digital payments.

Implementation and compliance

As the Payment Services (Amendment) Regulations 2024 edge closer to becoming a pivotal part of the UK’s financial landscape, the spotlight turns to the practicalities of implementation and the overarching theme of compliance. Scheduled to lay before Parliament in the summer 2024, with an anticipated enforcement date aligning with the Payment Systems Regulator's mandatory reimbursement rules for APP fraud, the gears of change are in motion. This section of the timeline is critical, as it allows Payment Service Providers (PSPs) and other stakeholders to gear up for the regulatory adjustments, ensuring systems, processes, and training are aligned with the new requirements.

The Financial Conduct Authority (FCA) is set to play a crucial role in overseeing the implementation phase, tasked with ensuring that PSPs adhere to the new rules and guidelines. In this context, compliance extends beyond mere adherence to delaying payment processes; it encompasses a broader commitment to enhancing the security and integrity of the payment ecosystem. PSPs are expected to not only implement the necessary technical adjustments but also foster a culture of vigilance and customer communication, ensuring that consumers are adequately informed about any delays and the reasons behind them.

The global pace of payment innovation

In tandem with the UK’s strides towards securing payment processes, the international landscape of payment systems is witnessing significant innovations, particularly in real-time payment infrastructures. The adoption of instant payment systems globally underscores a shift towards achieving not only speed but also enhanced security in transactions. A landmark development in this arena is the European Council’s new mandate for instant fund transfers, necessitating that such transfers in the European Union (EU) and European Economic Area (EEA) be completed within a remarkable timeframe of 10 seconds, regardless of the time or day.

This regulation represents a significant leap towards facilitating seamless financial transactions across borders, ensuring that funds transferred in euros reach their destination swiftly, with allowances made for currency conversions. While the exact date for this mandate to take effect is still pending, its implications for payment processing standards are profound, setting a new benchmark for efficiency and security.

The UK's Payment Services (Amendment) Regulations 2024, although primarily aimed at combating APP fraud, finds its spirit aligned with these global trends towards faster and more secure payments. The initiative to allow delayed processing for fraud investigation resonates with a broader, international effort to balance the need for speed with the imperative of security. As such, the UK's regulatory evolution can be seen as part of a global dialogue on how best to navigate the complexities of modern financial transactions, ensuring they are both swift and secure.

Payment services regulation: what lies ahead

The Payment Services (Amendment) Regulations 2024 mark a pivotal moment in the UK's approach to combating APP fraud. Yet, this legislation is a chapter in the ongoing narrative of payment services regulation. As technology advances and fraudsters become increasingly sophisticated, the regulatory framework must evolve correspondingly. The dialogue between regulators, PSPs, businesses, and consumers will be crucial in shaping a regulatory environment that not only counters fraud but also fosters innovation and efficiency in payment processing.

In terms of the next steps, the UK Government has invited technical comments on the draft via email by April 12, 2024. Subject to Parliamentary timing, the UK Government intends to lay this legislation before Parliament in Summer 2024. This move has arrived following the UK Payment Services Regulator announced rules that would enforce an upper claim limit of £415,000 for APP fraud compensation, matching the upper limit of the Financial Ombudsman Service.

Moreover, the UK's regulatory strategies will need to be informed by global trends and best practices, ensuring that the nation remains at the forefront of financial services innovation while safeguarding the interests of its consumers and businesses. The journey towards a more secure, efficient, and inclusive payment ecosystem is ongoing, and the Payment Services (Amendment) Regulations 2024 represent a significant step forward in this journey.

How to reduce app fraud?

The Payment Services (Amendment) Regulations 2024 stand as a testament to the UK's resolve to tackle APP fraud head-on. By empowering PSPs with the authority to delay transactions under suspicion of fraud, the regulations aim to create a safer financial environment for all stakeholders. Additionally, you can learn more about the intricacies of Authorized Push Payment fraud right here.

Payment processing continues to evolve, both domestically and globally, and the journey towards perfecting payment services regulation remains a dynamic and continuous challenge.

The success of these regulations will ultimately be measured by their impact on reducing APP fraud, enhancing the security of payment systems, and maintaining the UK's competitive edge in the global financial services market.

There are several steps Payment Service Providers can take to tackle known fraud patterns. Many companies are relying on a proven method that helps them streamline the customer onboarding process through effective risk intelligence. This unlocks the ability to verify identities, assess risks, and ensure compliance with regulations.

In addition, PSPs can utilize phone number intelligence and email address analytics to formulate custom digital scores - thus unlocking risky vital data including name extraction, employment information, data breach history, social media profiles, phone status, porting history, connected accounts, profile picture analysis, age approximation, etc.

Reach out to our team of fraud and risk experts to explore a wide range of fraud prevention strategies.