PSR Fraud Liability Shift Are You Ready?
The U.K. Payment Systems Regulator’s (PSR) notification of liability changes, on 7 June 2023, impacts all U.K. Financial Institutions (FIs) and Payment Service Providers (PSPs). The notification provided further guidance on the standards and policies on requirements for fraud reimbursement as consumers continue to be victimised by Authorised Push Payment (APP) scams.
The scope of the changes centers on Faster Payments transactions that were adopted in May 2008. Although the foundation of payment rails remains consistent, fraudsters’ preference for faster payment mechanisms is in line with an unfortunate reality: payment speed advances both the volume and success of APP scams. In parallel, the PSR expressed that FIs’ voluntary efforts to combat APP scams fell short. Consequently, the PSR responded to this growth in APP scams by extending the existing voluntary Contingent Reimbursement Model (CRM) Code that set the stage back in 2019: The proposed 50-50 shared liability between sending and receiving institutions is now an industry requirement, not voluntary. These changes reinforce a commitment to see victims of APP scams made whole, but also to encourage FIs to implement more effective safeguards.
Many FIs have adopted Confirmation of Payee (CoP), designed to reduce the risk of payments being sent to the wrong account by verifying that the account name matches the sort code (bank code) and account number provided. This provides another strategy to help consumers avoid becoming victims of APP scams, but it’s not a silver bullet solution.
While FIs and PSPs have been processing real-time payments for over 15 years and added compensating risk controls for unauthorised fraud, they must leverage modern multilayered solutions to identify, mitigate, and resolve these new, more complex APP scams.
This replication is a change in mindset (flip of the coin) to solve for APP and scam issues that were once not tackled or addressed with refined fraud strategies modeling.
FIs and PSPs must look at the issue holistically and enhance many internal controls. This will address unanticipated losses from liability shifts, but also help them conform and comply with PSR mandates on APP scams.