Reducing APP Fraud Risk: How Prommt Protects Businesses Amid PSR’s Latest Reimbursement Rules
We sat down with Stephen Culligan, Chief Product Officer at Prommt, to discuss the common types of Authorised Push Payment (APP) fraud, how to recognise them, and how Prommt helps its merchants stay protected.
Starting 7 October 2024, UK businesses will be required to reimburse victims of APP fraud for losses up to £85,000. This follows new rules from the Payment Systems Regulator (PSR) in response to a rise in APP fraud, which cost UK residents £433 million in 2023. APP fraud occurs when individuals are tricked into sending money to scammers posing as legitimate payees.
Key benefits for consumers include:
- Protection for all payments made between UK accounts via Faster Payments or CHAPS.
- Most claims will be reimbursed within five business days, with over 99% of cases covered.
- Standard reimbursement covers up to £85,000, though banks can go higher. Firms may apply a £100 excess, except for vulnerable customers.
- Consumers can escalate cases exceeding £85,000 to the Financial Ombudsman Service if they’re unhappy with their bank’s decision.
- These protections apply to payments made on or after 7 October 2024.
While these measures offer more protection, consumers should still stay vigilant. Claims may be denied if the individual is found complicit in the fraud or has acted with gross negligence – though the onus is on banks to prove this. Vulnerable consumers are exempt from this negligence clause.
1. What are the most common types of APP fraud, and what should businesses and their customers be particularly cautious about?
One of the most common types of APP fraud we encounter is Facebook Marketplace scams. Here’s how it typically unfolds: a fraudster lists an item for sale on Facebook Marketplace and obtains a legitimate payment link from a merchant. They receive the payment and then swoop in to collect the goods.
In this scenario, the merchant gets their money, but the real victim – the person hoping to buy the item – ends up empty-handed as the fraudster disappears with the goods. It’s a classic “man in the middle” situation.
To spot APP fraud, watch out for deals that seem too good to be true, like an item priced significantly lower than expected.
At Prommt, we strive to provide as much context around each payment as possible. Our goal is to ensure that both the payer and the merchant are well-informed, so they clearly understand what’s being purchased and who is receiving the payment.
2. With payment firms incentivised to take action by splitting reimbursement costs equally between sending and receiving banks, how will this affect merchants? Is it comparable to card chargebacks, where negligence could lead to fines, penalties, or damage to their reputation?
There’s no such thing as a chargeback in the open banking world. The PSR regulation is aiming to enhance consumer protection, which is a fantastic step forward. This should encourage wider adoption of Pay by Bank, as consumers will feel more confident using it as a payment method.
So, why is the 50:50 split important? Let’s return to that Facebook Marketplace scam example. In this case, the buyer believes they are purchasing from a reputable seller, only to discover they’ve been scammed and never receive their goods. Now, the buyer is understandably seeking a refund, but the merchant hasn’t done anything wrong—they sold an item to someone who paid and picked it up.
From the buyer’s perspective, they’ve lost £1000 with nothing to show for it, while the real culprit remains the fraudster.
Now, what happens next? There are two banks involved: the receiving institution (the merchant’s bank) and the sending institution (the buyer’s bank). Currently, the receiving institution bears no liability, allowing the merchant’s bank to simply shrug off the situation with, “This isn’t our problem; the buyer is out of pocket.”
However, with the new regulation in effect, that changes. Both the buyer’s bank and the merchant’s bank will now share responsibility equally. They will need to collaborate to find a fair resolution for both the merchant and the buyer. This approach fosters equity and fairness when addressing these situations.
3. What best practices can merchants implement to protect themselves against APP fraud? How can they educate and shield their customers from these risks?
This is where Prommt truly stands out from other remote payment platforms. From the start, we’ve prioritised enhancing the end-to-end customer and merchant experience, focusing on seamless connections even when they’re not physically in-store. Our approach ensures that all payment communications are clear and context-driven, which significantly reduces the risk of customers being misled into unwanted purchases.
How do we achieve this? It all starts with strong branding. Every payment link we send is branded and comes directly from the merchant’s domain, so customers know it’s from a legitimate source. Importantly, the link directs them straight to the merchant’s website – something many other platforms overlook. Receipts are also issued directly from the merchant, further building trust.
With the introduction of new PSR regulations, we’ve taken this a step further, especially since Prommt primarily handles high-value transactions. Now, at checkout, customers not only see the merchant’s name but also the specific staff member who sent the link. For example, if a customer was dealing with John at a car dealership, his name will appear during checkout, adding a personal touch and reinforcing confidence.
We also ensure customers receive key details like the payment initiation time, so they can verify it against their records. All additional purchase details provided by the merchant are clearly displayed, giving customers the opportunity to review and confirm everything before completing the payment.
While it’s impossible to eliminate fraud entirely, Prommt has made significant strides to create an experience that’s hard to replicate. We aim to give payers the confidence they need to proceed with their payments. If anything seems off, our checkout process gives them the cues to recognise discrepancies, allowing them to decline the payment if necessary.
4. What immediate steps should both the customer and merchant take if a customer falls victim to APP fraud?
If a customer falls victim to APP fraud, the first step is to immediately contact both the sending and receiving banks. This allows the merchant’s bank and the customer’s bank to collaborate, which is the main goal of the PSR regulation – ensuring both sides work together to resolve the issue.
While Prommt typically isn’t directly involved in the dispute resolution, we provide valuable support to merchants by supplying detailed transaction data. This includes information like when links were clicked, when sessions were initiated, and what payment details were entered. Since this data belongs to the merchant, we equip them with all the necessary information to better understand the transaction and assist in any investigation.
These insights help merchants strengthen their case, reducing the chances of being held liable for fraud. By arming merchants with all the relevant data, Prommt helps them navigate the situation and protect their business in the event of fraud.