What is APP Fraud?
Authorised Push Payment (APP) fraud or scams happens when someone is tricked into sending money to a fraudster posing as a genuine payee.
Fraudsters will use techniques like phishing or spoofing to convince people to send money to an account they think belongs to a legitimate payee but is actually controlled by the fraudster.
Some common ways in which APP fraud occurs include:
- Email, text message, or phone calls: a fraudster pretends to be from a trusted provider such as a bank, utility provider, or other reputable or legitimate organisations who then ask you to make a payment or move money to a specified account.
- Investment: a fraudster will contact someone offering an investment opportunity that is usually too good to be true and often involves professional looking websites and persuasive sales pitches convincing people to invest. The investments are either non-existent or worthless and the money transferred disappears.
- Online shopping: a fraudster sells products that is fake, or does not exist.
- Romance scams: some fraudsters go to great lengths and create elaborate schemes to gain people’s trust and convince them they are in a genuine relationship, and then dupe them into sending money to them.
Where a customer has been victim to an APP fraud or scam, subject to certain criteria, they may be eligible to be reimbursed for their losses by their Payment Service Provider (PSP).
APP fraud reimbursement eligibility criteria
The UK’s Payment Systems Regulator (PSR) has provided criteria that clearly describes when a fraud claim is in scope of reimbursement.
Payment type
- An “Authorised Push Payment” means a payment initiated by a Payment Service Provider (PSP) in accordance with an authorisation given by its customer.
- The payment must be in pounds, and sent via the Faster Payments Service (FPS), or via CHAPS.
- The recipient of the payment is either not who the customer intended to pay, or the payment is not for the purpose the customer believed or intended, or the customer does not receive the goods or investment returns that it had been led to believe it would; and the customer does not have access to the recipient account.
- For it to be considered an APP Fraud (or scam), the fraudster must have used a fraudulent or dishonest act or course of conduct with the intention to manipulate, deceive, or persuade the customer into transferring funds to the recipient.
Customer type
Eligible customers include:
- Individuals who made a payment for purposes other than a trade, business or profession i.e. consumers.
- Micro-enterprises defined as businesses that employ fewer than 10 people and whose annual turnover and/or annual balance sheet total does not exceed £2m.
- Charities that are defined in the relevant legislation and with annual income of less than £1m.
Time limits
Claims must be notified promptly and no later than 13 months of the transaction date. In addition, only payments made on or after 7 October 2024 are in scope. Any previous claims or transactions are not eligible for reimbursement.
Claim limits
There is no claim minimum. The current maximum claim limit applicable to an APP fraud claim is set to £85,000 for each fraud or scam claim. Note, the PSP may apply an excess of up to £100 at their discretion.
Exclusions
Reimbursement is not available where a fraud relates to:
- Civil disputes (such as a customer being unhappy with a product or service)
- Payments which take place across payment systems other than FPS and CHAPS
- International payments
- Payments made for unlawful purpose
- Where the customer has acted fraudulently or dishonestly
- Where customer gross negligence can be evidenced
- Payments are sent or received by Credit Unions, municipal banks and national savings banks
Time exclusions (e.g., claims for transactions made before 7 October 2024 are not in scope and claims submitted more than 13 months after the final payment to the fraudster will not be eligible.
Vulnerable customers:
Vulnerable customers are especially susceptible to APP fraud due to their personal circumstances. Where the customer is vulnerable, and the vulnerability has a material impact on their ability to protect themselves from the scam, the consumer standard of caution and the excess do not apply. PSP’s will make an assessment of customer vulnerability when considering a claim and will also consider the financial impact of levying an excess on customers with low financial resilience. PSP’s may exempt customers from the excess where its application will lead to financial stress.
What to expect when making a claim
Making a claim: Every claim will be assessed on a case-by-case basis considering the evidence presented by the customer, and any information available from the receiving PSP or where relevant, a third party such as the police. Claims will be submitted to the receiving PSP who will have 3 days to validate and respond with information regarding the claim.
Claim Reimbursement: Reimbursement will normally be completed within 5 days. The cost of reimbursement is split 50:50 across both sending and receiving firms (minus any excess).
Stop the clock: Where a claim is complex or further information is required to support investigation of the claim, PSP’s may opt to ‘stop the clock’, allowing for up to 35 days to complete the investigation wand approve or decline the reimbursement.
Protect yourself from fraud and scams
How to protect yourself
- Be aware: Are you expecting an email or text from the company or organisation? Be cautious of unsolicited emails or messages asking for personal information or claiming to be your bank or some other trusted organisation.
- Be cautious with personal information: Avoid sharing sensitive personal details such as your address, social security number, or financial information with someone you’ve only met online.
- Don’t send money: Never send money, gift cards, or cryptocurrency to someone you haven’t met in person, no matter how convincing their story might be.
- Trust your instincts: If something feels off or too good to be true, it probably is. Listen to your gut feeling and proceed with caution.
- Verify: Always check the sender’s email address and look for signs of phishing (e.g. misspellings, urgent language).
- Double check: When paying large invoices, confirm the recipient’s bank details independently, and be suspicious of last-minute account detail changes.
- Use multi-factor authentication: If possible, enable multi-factor authentication for your accounts.
Reporting fraud and scams
If you believe you have been the victim of fraud, it is important that you take steps to protect yourself and others as soon as possible. Report APP fraud to us immediately by emailing: APPFraudReporting@currencycloud.com and support@nook.io
- If the fraud, scam or cybercrime affected more than your account with us and you need general fraud support, you can also contact Action Fraud. Call 0300 123 2040 or visit www.actionfraud.police.uk.
- Forward suspicious emails to the National Cyber Security Centre at report@phishing.gov.uk.
- Report suspicious or unwanted messages to your mobile provider by forwarding them to 7726 for free.
Please visit the following link below for more information about reporting fraud to us: https://support.currencycloud.com/hc/en-gb/articles/4429208309010-Fraudulent-Activity
Complaints
Fraud claims are assessed on a case-by-case basis by considering the evidence provided by the customer, information available from the receiving PSP, and relevant third parties such as the police (when applicable).
If you are dissatisfied with the outcome of the claim, you can use the existing complaint process as described below, including escalating to the Financial Ombudsman Service (FOS).