Fraud prevention - new minimum standards for preventing and responding to scams

The Payment Systems Regulator (PSR) will be introducing minimum standards for payment firms to reimburse victims of APP fraud, with additional protections for vulnerable customers. The standards will replace the voluntary Contingent Reimbursement Model (CRM) Code and become mandatory for all payment firms in October 2024.

The new requirements will prompt a step change in the culture of payments to improve fraud prevention and focus all firms on protecting people. The key changes are as follows:

• All payment firms will be incentivised to take action to improve their preventative controls, with both sending and receiving firms splitting the costs of reimbursement 50:50

• Customers will be more protected under consistent minimum standards, with most APP fraud victims being reimbursed within five business days and additional protections offered for vulnerable customers

• Industry will have clearer guidance to follow, including around the ability for sending parties to apply a claim excess of £100, and applying a maximum reimbursement value of £415,000.

These changes introduce a huge financial and reputational risk for payment firms, especially those which have limited existing controls to prevent customers being scammed, or mechanisms to refund customers and other payment firms.

Firms need to act now to ensure they are ready to meet these new requirements by the deadline of 7th October 2024. We can help your organisation identify gaps and focus effort in advance of the October deadline- please contact us for further information.