APP scams

Our work to prevent Authorised Push Payment (APP) fraud

Last updated: November 2021

What are Authorised Push Payment scams?

Authorised Push Payment (APP) scams happen when a person or business is tricked into sending money to a fraudster posing as a genuine payee. These types of scams can have a devastating impact on the people who fall victim to them.

Every year thousands of individuals and businesses fall victim to Authorised Push Payment (APP) scams – where they are tricked into sending money to an account controlled by a fraudster. There are also a significant number of accidentally misdirected payments that are not recovered. The latest figures show that in the first half of 2021, £355 million was lost to APP scams, overtaking card fraud losses.

The PSR expects to see more action from financial institutions to stop these scams from happening and to better protect people if they do fall victim. In its latest consultation, the PSR sets out the next steps.  

There are eight types of APP scams which are either:

  • ‘malicious payee’, for example, tricking someone into purchasing goods which don’t exist or are never received.
  • ‘malicious redirection’, for example a fraudster impersonating bank staff to get someone to transfer funds out of their bank account and into that of a fraudster.

Our work on APP scams

Getting the right protections for everyone

In November 2021, we set out three measures we think would help tackle these devastating crimes. Our consultation on these proposals is open until January 2022.

Those proposals include: 

  • Publication of fraud data by banks: Banks and building societies in the 12 largest banking groups in Great Britain and two largest banks in Northern Ireland outside those banking groups must publish data on their performance in relation to APP scams, on reimbursement levels for victims, and which banks and building societies’ accounts are being used to receive the fraudulent funds; and 
  • Improve scam prevention: Industry will improve intelligence sharing to enhance detection and prevention of APP scams.  
  • Reimbursing victims: Developing how best to make reimbursement mandatory to victims of APP scams once legislative changes have been made. 

We intends to require the publication of fraud data and is keen to work with firms to identify the most appropriate ways this will be collected before the requirement comes into effect.   

In further steps announced by HM Treasury, legislative changes will be made by the Government to remove the regulatory barriers that currently prevent mandatory reimbursement for scam victims. Our consultation sets out further details about how that can be achieved when legislation is amended.  

The Contingent Reimbursement Model (CRM) Code

In 2018, we set up a steering group of industry and consumer representatives, led by an independent chair, to develop a voluntary, industry CRM Code. The final Code came into force in May 2019.

The CRM Code aims to reduce both the occurrence and impact of APP scams, and is designed to give people the confidence that, if they fall victim to an APP scam and have acted appropriately, they will be reimbursed. It sets out standards for signatory Payment Service Providers (PSPs) – a group including the largest banks in the UK – and for customers who are covered by the Code (consumers, micro-businesses and small charities). There are currently nine signatories to the Code.

The Lending Standards Board (LSB) oversees the Code and its members, while we continue to monitor the operation of the Code and the impact it has on the number of APP scams. The Financial Ombudsman Service adjudicates on disputes between banks and customers on decisions under the Code.

Confirmation of Payee

In August 2019, we gave members of the UK’s six largest banking groups a Specific Direction to implement CoP by the end of March 2020. The PSPs subject to the direction are involved in around 90% of FPS and CHAPS transactions. The direction was varied in February 2020 to allow an additional basis under which a directed PSP could apply for an exemption from an obligation under the direction.

In July 2020, we confirmed that the directed PSPs had achieved widespread implementation of CoP, with certain agreed exemptions. This marked a significant milestone in addressing APP scams, but we aren’t stopping there. We want to continue to expand the protection offered by CoP, so we’re encouraging all PSPs, big and small, to implement CoP if and when the rules and standards apply to their accounts.

With Confirmation of Payee (CoP), banks can check the name on a new payee’s account as well as the sort code and account number. Customers setting up a new payee (or changing details of an existing payee) will be able to confirm that the name they have entered matches the one on the account they intend to pay, helping to prevent payments going to the wrong account.

Alerts notify the payer whether there has been a match, a close match, or no match, meaning corrections can be made before the payment is sent. The service is designed to prevent misdirected payments as well as fraudulent ones.

The success of CoP depends on PSPs working together to prevent businesses and consumers from being defrauded. With that in mind, Pay.UK, the operator of the UK’s payment systems, designed rules and standards for PSPs to follow when launching the service.

A history of our work to prevent APP scams

We have carried out a significant amount of work to prevent APP scams since 2016. A history of this work, with links to our publications and documents, can be found in the document below.

Frequently asked questions (FAQs)

I’ve fallen victim to an APP scam, what should I do?

If you have fallen victim to an APP scam, you should contact your bank immediately to report it. It is important to do this as soon as possible, as your bank may still be able to stop the transaction or trace the money.

If your bank is a signatory to the Contingent Reimbursement Model (CRM) Code, it should begin the process to investigate your case and look at reimbursing you for your loss, as long as you acted appropriately. Your bank must assess your case under the Code and give you a decision on reimbursement; it should also provide you with its reasoning.

Even if your bank isn’t a signatory to the CRM Code, you should still report any fraud to your bank as soon as you discover it. Your bank may have other policies in place to assist you.

My bank has declined to reimburse the money I’ve lost to an APP scam – what should I do?

If you’re unhappy with your bank’s assessment of your case under the CRM Code, you can lodge a complaint with the Financial Ombudsman Service. The Ombudsman will then assess your complaint and make a decision.

Even if your bank isn’t a Code signatory, you can still lodge a complaint with the Ombudsman if you’re unhappy with how any of the banks involved in the scam have acted.

The Payment Systems Regulator does not consider complaints under the Code. We are the independent regulator of payment systems themselves, and adjudicating on the Code is not within our remit.

Who else can help me?

If you believe that any of the institutions involved have not conducted themselves appropriately according to their obligations under any relevant legislation, you may wish to contact the Financial Conduct Authority.

You can report the fraud to Action Fraud, who will provide you with a crime reference number and will send your report to the National Fraud Investigation Bureau (NCIB) for assessment. Please note, Police Scotland have not signed up to the Action Fraud process; if you are in Scotland you should follow the guidance provided on the Police Scotland website.

Victim Support can provide help after crime; it gives free and confidential support 24 hours a day, seven days a week, 365 days a year.

Citizens Advice can provide support and advice on what further steps to take if you have been a victim of fraud.

What is Confirmation of Payee?

The PSR directed members of the UK’s six largest banking groups to implement Confirmation of Payee to help prevent losses due to accidentally misdirected payments and certain types of APP fraud. In July 2020, we confirmed widespread implementation of CoP by those banks.

We have been monitoring compliance with our direction and the progress of directed banks implementing CoP on channels with temporary exemptions.

Customers should contact their banks with any questions on how CoP works or any issues with CoP when making a payment. If no resolution is offered by the bank, or there are significant issues impacting the CoP service, customers should contact Pay.UK who is responsible for maintaining the rules and standards for CoP. The PSR does not develop the rules, technical standards of operating guidance for CoP.

You can contact the PSR if you believe that the directed banks are not complying with their obligations under the direction to implement CoP.

A number of other financial institutions have also chosen to implement CoP, although there remains some that have yet to provide this service to their customers. We recommend contacting your provider to check if this service is offered.

How does Confirmation of Payee affect me? I’m making payments on my account but Confirmation of Payee hasn’t come up?

Confirmation of Payee checks whether the name matches the account details before you make a new Faster Payments or CHAPS payment.

If you’re paying someone who is already set up as a payee on your bank account (and you are not changing the payee details), you won’t see any difference. Confirmation of Payee is currently offered by members of the UK’s six largest banking groups, as directed by the PSR in 2019, and other institutions who have voluntarily put this system in place.

When setting up a new payee or amending an existing payee’s details, you will be asked to enter the sort code, account number and the name of the person you’re paying. Confirmation of Payee will then confirm whether there is:

  • A match: details provided match the account, proceed with payment
  • A close match: check the details again or contact the person you’re trying to pay
  • No match: possible fraudulent transaction; check the details again or contact the payee before proceeding

There may be some circumstances when you are unable to do a Confirmation of Payee check, for instance because the payee’s account is not available through Confirmation of Payee, whether temporarily or otherwise. You’ll still be able to make the payment but should exercise more caution when sending money to a new payee.