The PSR establishes economic regulations in the UK for payment systems. With APP scams (Authorised Push Payment scams) on the rise, the PSR has introduced groundbreaking new protections to combat fraud and protect consumers. These latest PSR regulations include a significant refund limit of £85,000 for victims, making fraud prevention more necessary than ever for the institutions handling these payments.
The change, which started on 7 October 2024, has made the aim clear: to protect users during this time where scams are increasingly common. With this limit, it is hoped to cover more than 99% of cases.
APP scams (Authorised Push Payment scams) occur when a fraudster tricks someone into willingly transferring money to them under false pretenses. The victim is misled into believing they are making a legitimate payment to a trusted person or organization, such as a bank, business, or friend, but the money is actually sent to the scammer’s account. These scams are increasingly common, with the PSR reporting that the volume of APP scams is up 12% since 2022.
Imagine this: you transfer your money believing it is to pay for that new TV, It was all a scam, and now you are out of your money. Or worse, you get a call, someone who claims to be from your bank, and you unknowingly transfer funds to a scammer. That’s what we call App scams, and it’s the reason behind this refund limit. What is certain is that the PSR is making this landmark change, and the Bank of England has joined in on the same play for CHAPS, which is a system for bank transfers within the UK.
For financial institutions, the situation is changing with the issuing and receiving entities will share the burden of repayment 50/50, which is a massive shift in how they previously dealt with fraud prevention. PSR Reports have found that out of every million transactions, hundreds of these will be fraudulent transactions for many banks. One of the institutions studied by the PSR, Metro Bank, reported £266 in losses for every 1 million transactions.
All of this is happening as institutions prepare for the massive change that is coming. Because fraud doesn’t wait, and neither do criminals. In the meantime, the PSR published its roadmap, as a guide for institutions to be ready this month. But what really stands out here is the speed at which everything is moving. Banks have to improve their fraud prevention systems or face the consequences.
Compromised accounts play a major role in many APP fraud incidents. When scammers get access to a legitimate account—whether through phishing, weak passwords, or breaches—they can convincingly pose as trusted individuals or companies, which makes it harder for users to spot the fraud. In addition, scammers often will receive fraudulent payments in compromised accounts to make their actions harder to trace. This is where prevention becomes absolutely critical.
What ways can organizations prevent fraud in the first place? Because if one thing has become clear, it is that prevention is always better than cure, or in this case, refunding. Enzoic and its Credentials and Passwords APIs offer just what you need to avoid reaching the point where that £85,000 is necessary. Enzoic’s Credentials API protects user accounts by continuously monitoring whether login details—like usernames and passwords—have been compromised in data breaches. In real-time, it checks if any of those details are floating around on the Dark Web or other compromised sources. This means that before a hacker even has the chance to use stolen credentials to compromise accounts, Enzoic can flag the risk, prompting users to update their passwords before damage is done.
The PSR protections will help address the growing threat of APP scams, with the £85,000 refund limit giving relief for victims of scams and the responsibility being split between multiple financial institutions acting as a precursor for additional fraud protection measures with sending and receiving payments. However, the responsibility for preventing fraud doesn’t end with refunds. Financial institutions in the UK must prioritize proactive fraud prevention measures, such as improving account security by leveraging current threat data.