/ Money

Improving protections for victims of APP fraud

We’ve been campaigning to improve protections for victims of authorised push payment (APP) scams for more than four years – here’s our progress so far, and our concerns.

Our campaign has resulted in hard won benefits for people – including the landmark Contingent Reimbursement Model Code introduced in 2019.

This voluntary set of guidelines was the first document to set out formal protections for APP scam victims. It committed signatories to improve fraud protections and provided guidance on how victims should be treated and reimbursed.

Authorised push payment (APP) – or bank transfer – scams are scams where a person is tricked into making a payment to someone who they think is a legitimate recipient (could be a business, a formal body like a bank or a solicitor, or an individual), but who turns out to be a scammer.

It was thanks to Which?’s super-complaint in 2016 that the Code was introduced, and it currently covers the vast majority of the industry. Since its creation we have kept a close eye on how signatories have interpreted and implemented it to make sure that it is working for victims.

Although the Code was introduced in May 2019, APP scams continue to be a major issue today with the latest figures suggesting that around 350 people fall victim to them every day with hundreds of thousands of pounds being lost. In the first six months of 2020 more than £200m was stolen.

Is the Code being undermined?

We have become increasingly concerned over the last 18 months that banks signed up to the Code are interpreting and implementing it in a way which is undermining its effectiveness.

Thanks to the work of our policy, investigations, and Money Helpline teams we have been able to identify numerous ways and hundreds of examples where banks are letting down victims. These include:

🔸 Banks relying on having shown a victim a warning before they made an online payment, despite not producing any evidence that these warnings work

🔸 Banks not properly assessing whether a victim was more susceptible to being scammed (for example due to a pre-existing mental health condition or going through bereavement), or not taking into account evidence provided to them by the victim

🔸 Banks treating victims as fraud experts and expecting them to have taken unreasonable steps to question the scammer or verify who they were paying

Reimbursement rates of victims also remain worryingly low, at an average of about 45%. Figures published by the regulator last year suggested that some firms’ full reimbursement levels have been in the single figures.

Industry has been able to get away with this haphazard implementation of the Code due to the lack of proper regulatory oversight. In our view, the PSR’s approach has been slow and has lacked the decisiveness that is needed for such a potentially life-changing issue.

Implementation of the Code

The evidence that the voluntary Code isn’t working as it should be has been well known for well over a year, yet the PSR has continually looked to others – particularly industry – to bring forward solutions and to fix the issues, rather than making the tough decisions itself.

It handed the day-to-day running of the Code over to the Lending Standards Board, an industry-funded group with no formal regulatory powers. And it has failed to set out a clear, decisive regulatory framework and direction of travel to move us towards a system of mandatory protections.

Last month, the PSR published its latest call for views on APP scams which again suggested that the industry needs to improve, but failed to give a clear indication that swift changes would be forthcoming.

There are some promising ideas in there – particularly around publishing transparent data on the reimbursement rates of firms, but the pace of action – publishing this document followed by another consultation in the autumn – is causing harm to victims who desperately need certainty and support.

We will continue to work constructively with the PSR on this issue. It is vitally important, however, that they work quickly and decisively to create a mandatory set of protections for victims which can replace the voluntary Code.

If they need more powers in order to do what is needed then the government needs to give these to them as quickly as possible. 

We want to continue to build our understanding of how victims are being failed by the current system. If you’ve been a victim of an APP scam and need support or would like to share your story, please let us know in the comments.

If you’ve prefer to do so privately we can be reached via Which? Conversation’s mailbox here.


I have had email from Which? today asking me “We want to know whether you want your bank to publish it’s reimbursement rates for victims of bank transfer scams?“. Yes/no/don’t know, but no opportunity to say why. Although much has been discussed in Convos but not mentioned.

The campaign plea includes “But why, almost five years after Which?’s super-complaint that highlighted just how sophisticated these scams can be, are so many victims still being told it was all their fault?“. If Which? read Convo comments they might get some views on that question.

Indeed – and, yet again, where is the money for all these refunds supposed to come from?

Derek, this image showing the best savings rates available compared to the much praised TSB probably explains where refund money is coming from and why it is very unfair to the real innocent people being denied interest on their savings to pay victims who in many cases are 100% responsible for their losses. Thanks to Which?, TSB customers now get next to nothing on their savings and I just hope all the financial institutions don’t sign up and follow suit.

As Which? put compensation first, perhaps they should compensate everyone who is losing interest on their savings.

It doesn’t seem a simple issue. Putting aside the fact that I don’t believe anyone, anywhere understands international macro economics it does seem there are a lot of factors at play, as this article from the USA-based New York Times suggests:

In the evolution of the U.S. economy over the past four decades, one fact stands out as especially puzzling: the large and fairly steady decline in interest rates.

Consider what has happened to three key benchmarks. In September 1981, the 10-year Treasury note yielded over 15 percent. Today, it yields less than 1 percent. Over the same period, the critical short-term rate set by the Federal Reserve, the federal funds rate, has fallen to nearly zero from about 16 percent, and the rate on 30-year mortgages has dropped below 3 percent from over 18 percent.

What accounts for this decline, and what does it imply for personal and public decision-making? Some answers are clear, but many more are elusive.

One reason for the interest rate decline is a drop in inflation expectations. As the economist Irving Fisher noted almost a century ago, when bond investors expect high inflation, they anticipate that repayment will be made in significantly less valuable dollars, and they demand a higher interest rate to compensate. When expected inflation falls, as it has over the past 40 years, interest rates typically do as well.

But according the University of Michigan’s survey of consumers, expected inflation fell 4.3 percentage points from September 1981 to September 2020, explaining only about a third of the decline in interest rates. The remaining question is why inflation-adjusted interest rates — what economists call real interest rates — have declined so substantially.

The Fed aims to set interest rates at levels that will produce full employment and stable prices. This level is sometimes called the natural rate of interest. The natural rate is determined not by the central bank but by deeper market forces that govern people’s supply of savings and businesses’ demand for capital. When the Fed sets low rates, it is acting more like a messenger, telling us that the economy needs them to maintain equilibrium.

My impression is that interest rates are generally low at present, irrespective of whether they are offered by banks that have signed up to the voluntary code for handling claims for reimbursement. Are there other factors involved such as the fact that banks have a legal responsibility under Section 75 of the Consumer Credit Act for purchases of goods and services? This is now better publicised than in the past. Banks also lose money when customers default on debts. It would be interesting to take these and other factors into consideration rather than assuming that poor interest rates are the result of compensation of victims of fraud.

I’m not keen on compensating people who have been careless and I do hope that the banks do look at each case objectively. In the past couple of years, banks have put in a great deal of effort to protect their customers, which is very encouraging. I hope that this will help us all and wonder why this was not in place earlier.

I wonder what the views of other Which? members are regarding the issue of compensation.

”If your bank is signed up to the code, it should reimburse you the money, as long as you can show you’ve paid attention to warnings it provided before making the transfer, had a reasonable basis for believing that the the person you were paying was genuine, or are considered vulnerable.

While I have sympathy with those who take every precaution I do have a problem with the premise that if the customer is relatively blameless, the bank must be blamed and forced tocompensate.. Both can be equally blameless; it is, of course, the fraudster who is to blame. So using the banks to automatically compensate for a crime is neither right, nor healthy; it is just a sticking plaster that rewards the irresponsible as well as other victims.

We should be looking at ways of minimising the losses people can make, whether through their own lack of competence or not. This includes tailored bank accounts. It does not included taking money from me and paying it to many when it is not appropriate.

By all means hold banks to account when they have been negligent. But we must also hold victims to account when they, too, have been negligent.

We could say that the banks are being held to ransom by the fraudsters, thus effectively committing two crimes in each case.

Much more effort needs to be put into finding the means to identify, trap and stop the fraudsters and then deprive them of the proceeds of their crimes as well as making them repay the community for their offences through appropriate penal sentences.