Read the full report from Willis, a WTW business
Authorised Push Payment (APP) Fraud has emerged as a significant global threat, exacerbated by the rapid growth of real-time payment (RTP) systems and the increasing sophistication of fraud techniques. In 2023, the UK alone saw £341 million lost to APP Fraud, while global losses reached a staggering $1.03 trillion, with over 50% of these incidents unreported. The impact of APP Fraud extends beyond financial losses, affecting consumer trust and the stability of financial systems. As fraudsters exploit the weakest links in the payment ecosystem, often through social media platforms and weak mobile security, it is imperative for jurisdictions to collaborate and implement robust frameworks. This white paper explores the efforts of key jurisdictions, including the UK, the European Union, the United States, India, Australia, Canada, Brazil, and Singapore, to combat APP Fraud. It highlights the importance of shared liability, data sharing, and the integration of advanced technologies like artificial intelligence and machine learning to stay ahead of evolving fraud trends. By working together, these regions aim to create a more secure and resilient financial ecosystem, protecting consumers and fostering innovation.
Key points:
Below is a summary of the key points from the full report:
01
02
03
04
05
The report highlights several regulatory frameworks and collaborative initiatives from around the world aimed at combating Authorized Push Payment (APP) fraud. In the UK, the Payment Systems Regulator (PSR) has implemented a 50/50 liability split between sending and receiving financial service providers (FSPs) for Faster Payments and CHAPS, focusing on UK-only transactions. The PSR has also called for tech firms, telcos, and social media platforms to collaborate more closely to close vulnerabilities.
Singapore has established a Standing Committee on Fraud (SCF) and a Shared Responsibility Framework (SRF) to address phishing scams, with a focus on collaboration between financial institutions, telcos, and law enforcement. The SRF allows for the blocking or restriction of scam victims' bank accounts.
In the United States, the Protecting Consumers from Payment Scams Act proposes expanding the definition of 'unauthorized electronic funds transfer' to include transactions authorized due to fraud. The Act also introduces shared liability between sending and receiving banks and allows for regulatory oversight by the CFPB.
Australia's Scam-Safe Accord, introduced in 2023, includes a pledge to invest in Confirmation of Payee (CoP) systems, increased consumer education, and hold-times for investigations. The Scam Prevention Framework (SPF) Bill, presented in 2024, targets financial institutions, telecommunications, and digital platforms, with potential fines for non-compliance.
Brazil's central bank, BCB, has introduced Resolution 6, requiring data collection on fraudulent transactions, and the Special Return Mechanism (MED) for Pix transfers, which allows for the blocking of funds and investigation of fraud cases. MED 2.0, set to launch in late 2025, will enhance these measures.
Canada is preparing for the Real-Time Rail (RTR) with a centralized fraud utility service and the Retail Payments Activity Act (RPAA) to govern and supervise payment service providers (PSPs). The framework emphasizes data sharing, device and behavioural data capturing, and multi-factor authentication.
India has introduced CoP within the Unified Payments Interface (UPI) and a real-time monitoring system called rt360, which uses AI and machine learning to detect fraud. The Reserve Bank of India (RBI) has also established a Central Fraud Registry to share data on perpetrators.
These frameworks and initiatives demonstrate a global effort to secure the financial ecosystem and protect consumers from APP fraud, emphasizing the importance of collaboration and data sharing across various sectors.
Several concerns and gaps in the current measures to combat APP fraud have been identified. One major concern is the fragmented approach across different jurisdictions, which can lead to inconsistencies in fraud prevention and consumer protection. For instance, the UK's 50/50 liability model for Faster Payments and CHAPS may inadvertently disadvantage smaller financial institutions that lack the resources to absorb additional costs. Similarly, the EU's PSD3, while introducing CoP/VoP controls, does not cover all types of scams, leaving gaps in protection. In Brazil, the Special Return Mechanism (MED) allows for the blocking of funds but does not guarantee reimbursement if the fraudster's account lacks funds. In India, the ease of use of UPI has led to a surge in fraud, and while measures like the Central Fraud Registry and awareness campaigns are in place, there is a risk that overly rigid checks could exclude vulnerable and unbanked populations.
To address these gaps, the white paper could recommend a more unified global framework that emphasizes data sharing, collaboration between financial institutions, telcos, and social media platforms, and the use of advanced technologies like AI and machine learning for real-time monitoring and fraud detection. Additionally, the white paper could suggest that regulatory frameworks be flexible enough to adapt to new fraud trends and technologies, while also providing support and resources to smaller financial institutions to ensure they can comply without being disproportionately burdened.
In conclusion, the global rise of Authorized Push Payment (APP) fraud underscores the urgent need for a coordinated and comprehensive approach to combat this escalating threat. Key jurisdictions such as the UK, India, Brazil, Singapore, Canada, and Australia are taking significant steps to strengthen their frameworks, but the challenge remains multifaceted. The introduction of shared liability, enhanced data sharing, and advanced fraud detection technologies like artificial intelligence and machine learning are crucial. However, these measures must be balanced to avoid disproportionately burdening smaller financial institutions and vulnerable consumers. Collaboration across sectors—banking, telecommunications, social media, and law enforcement—is essential to create a resilient financial ecosystem.
Stakeholders are urged to actively participate in data sharing initiatives, invest in robust fraud detection systems, and engage in continuous consumer education to stay ahead of evolving fraud techniques. The insurance industry also has a vital role to play in providing protection and support to victims of APP fraud. Together, these efforts can help mitigate the impact of APP fraud and protect consumers in the rapidly evolving digital payments landscape.
