The UK has long been considered a leading force in devising fintech-friendly regulation. But a new set of reforms set to roll out next Monday tackling the rising issue of authorised push payment (APP) fraud is testing this thesis for some young companies in the space.
From October 7, the Payments Services Regulator (PSR) will stipulate that all payment service providers (PSP) must compensate APP fraud victims up to £85k within five days (with certain exceptions). It’s a world-first new regulation that fintech industry watchers believe could damage startups who might not have big enough cash reserves to make lots of chunky payouts, while also placing an extra compliance burden on smaller teams.
The impact on innovation
In an earlier form of the legislation, PSPs were due to be on the hook to compensate APP fraud victims up to £415k — something that Emma Hagan, incoming UK CEO of London-based digital bank and payments platform ClearBank, said would be disastrous for fintech startups.
“The liability cap where it was before would have acted as a deterrent from fintechs entering the industry,” she says.
That maximum payout was decreased after a big lobbying push from a consortium of banks — a move that Hagan welcomes — but some corners of the fintech industry fear the lower cap could still materially affect emerging startups.
Two fintech investors — who spoke to Sifted under condition of anonymity — told Sifted they felt the rules could be an impediment to innovation. One says it could drive some smaller fintechs “to go bankrupt overnight” and suggested it might decrease the number of new startups going into the regulated payment service provider space.
“It raises compliance burn to a level that’s questionable for a smaller fintech,” they say.
Stuart McFadden, cofounder of scam support startup Refundee, agrees that “there is a valid argument that it does diminish competition and new entrants in the market".
“Naturally, as a new entrant your processes aren’t going to be refined and you’re not going to have data to learn from,” he continues. “All it could take is a relatively small number of scams to go through your accounts and it’s wiped out all of your funding.”
The cost burden on startups could be exacerbated by the fact that the reimbursement process may have to be done manually to begin with. Earlier this month, Politico reported that a platform intended to handle disputes won’t be ready by the October 7 deadline, meaning companies may need to spend more time and resources handling each claim.
A PSR spokesperson underlined to Sifted the importance of the UK’s “vibrant payments landscape” but noted the equal importance of user protection from fraud. They also cited that the requirements catalysed many fintechs to adjust fraud prevention tooling.
What is APP fraud?
All the fintechs Sifted spoke to agree that action needs to be taken to reduce instances of APP scams, the victims of which suffer under huge emotional and financial damage.
APP fraud describes cases where perpetrators pose as genuine payees to trick victims into transferring money to the fraudster’s bank account voluntarily. According to an August report from the PSR, UK citizens lost £341m in such scams across 252,600 reported cases — a 12% increase in volume of cases compared to the year prior.
It’s also unique from other types of fraudulent activity, explains Nicky Goulimis, CEO and founder of APP fraud prevention platform TunicPay.
“Historically, fraud has always been the unauthorised kind — i.e. stealing your identity and card to make a payment on your behalf,” she says. "In the last 10-20 years, there's been some incredible anti-fraud toolings built — biometric identifications, device fingerprinting, transaction monitoring — [but] all of those crumble with APP scams."
Financial services companies haven’t been required to refund APP fraud victims and most only do so currently on a voluntary basis.
A boom in new antifraud tech?
But that’s all set to change from next week. All APP fraud cases — with the exception of international transfers and those involving crypto — must be compensated up to £85k.
And while the changes could be painful for smaller companies, they could also prompt a new wave of innovative startups working on fraud prevention tooling.
“What we’re seeing with the fintechs we work with is huge focus and operational preparation around readiness in managing the reimbursement process,” says Goulimis. TunicPay is part of a slew of startups in the fincrime and regtech vertical that have raised funding in the past 12 months — the company quietly closed a $5m funding round from LocalGlobe at the end of last year.
According to Dealroom data, fintechs specialising in the compliance and regtech verticals have raised $408m in funding so far in 2024, compared to $367m the year prior.
“What we see with the industry is that everyone is scrambling right now," says Goulimis.
She cites how banks and fintechs are staffing up call centres to easily identify instances of APP scams as well as increasing fraud prevention tooling.
“Ahead of our requirements coming into force, we’re already seeing many firms innovating and improving their fraud-prevention controls,” the PSR spokesperson says. “We see this as an indication that the incentives are already supporting positive change in the industry and we expect this to continue once our measures are in place.”
UK neobank Monzo, which was notably ranked the third lowest bank in the country for refunding APP fraud cases in 2023, rolled out three new security controls to reduce fraudulent activity this summer. And last week, Revolut was revealed to be one of three new firms to join the UK’s new fraud helpline 159.
Imperfect regulation?
One big criticism from the fintech industry around the new rules is that it doesn’t place any burden of responsibility on social media platforms — which are often where these scams are advertised to consumers.
“The financial services might be one of the channels used but it comes from somewhere in the first place,” says Hagan, echoing similar views shared with Sifted previously by Rich Bromley, Monzo’s head of fraud and disputes risk.
And as next week looms, some are questioning if the rollout of the new regulation will reduce the volume of cases.
TunicPay’s Goulimis says that while the regulation helps customers recoup losses, it’s unlikely to have any impact on reducing scams at source.
“In the short term, I don't expect fraud losses to decrease,” she says. “I do want to reiterate that there will still be harm to consumers, sadly, as well as continued outflows of funds to organised crime.”
Refundee’s McFadden also notes that the reimbursement process is contingent on a consumer passing through something called the standard of caution.These are a set of expectations that test whether the fraud victim has acted appropriately in the scam’s aftermath, for example by swiftly reporting the scam upon learning they’ve fallen victim of fraud, that he argues is open to interpretation and could act as a barrier to obtaining compensation.
“With the standard of caution, one of things they could say to refuse reimbursement is that the customer hasn’t been providing information and evidence about the scam,” he says. “They’re only allowed to ask for what’s reasonable but everybody’s definition of that varies.”
“I have to be honest, we have no idea what’s going to happen after October 7,” he continues.
But whatever happens, one thing is for certain: next week, fintechs and regulators from the world over will be watching carefully as the UK becomes the testing ground for groundbreaking fraud reforms, and what will happen in the next six months as the policy irons out any kinks in its rules could set a new standard for fraud compensation.