Free trial

Decoding authorised push payment fraud regulations: A global overview for banks

Security
Frederik Mennes,
APP fraud regulations

Authorised push payment (APP) fraud is a growing threat to financial institutions worldwide. Leveraging sophisticated social engineering techniques, APP fraud scams trick an unsuspecting user into authorising a payment to a fraudulent account. In the UK alone, £213.7 million was lost to APP fraud in just the first half of 2024, and bank impersonation scams are claiming victims worldwide.

Though government-driven efforts to implement anti-scam measures are in progress, there are some countries and regions that lead the world in anti-scam regulations. These include the UK, the European Union, Singapore, Hong Kong, and Australia.

In our latest white paper, Global APP scam regulations: Comparing approaches in EU, UK, Singapore, Hong Kong, and Australia, we provide an overview of the most important anti-scam regulations around the world with a specific focus on APP fraud. Let’s review the regulatory frameworks and fraud prevention strategies these five regions have implemented to combat digital banking scams.

Understanding regional regulatory frameworks

When getting started with creating a strategy to effectively combat APP fraud, review the leading regional regulations and the actions that inspired the creation of those guidelines. The top regulations include:

  • United Kingdom: The UK’s Contingent Reimbursement Model Code (CRM) emphasizes victim reimbursement and shared accountability between banks and customers. In addition, the Payment Systems Regulator (PSR) introduced mandatory reimbursement policies that came into effect in 2024, requiring banks to refund victims unless negligence can be proven. This establishes a high standard for consumer protection.
  • European Union: The Payment Services Regulation (PSR) mandates measures, like IBAN-name matching, to prevent misdirected payments. It also helps to enhance fraud data sharing among financial institutions. This regulation aims to increase transparency and cooperation across borders within the EU.
  • Singapore: The Monetary Authority of Singapore’s (MAS) Shared Responsibility Framework (SPF) focuses on balancing accountability between banks, telecommunications providers and consumers while implementing innovative tools, such as account “kill switches.” This allows customers to freeze their accounts immediately when fraud is suspected. The SPF only focuses on phishing scams.
  • Hong Kong: In September 2024, the Hong Kong Monetary Authority (HKMA) announced that it will launch an industry consultation about a responsibility framework regarding digital scams. The framework is expected to focus on authorised push payment fraud, and exclude other types of fraud, such as fraud based on phishing attacks.
  • Australia: The Scam-Safe Accord incorporates measures such as Confirmation of Payee, biometric verification for customer onboarding and  limitations on high-risk transaction channels, such as cryptocurrency, to limit fraud exposure. It also mandates collaboration between banks and telecommunications providers to combat scam calls and messages. In September 2024, the Australian government also introduced the Scam Prevention Framework (SPF) for public consultation.

Each approach reflects the unique priorities and challenges of its region, offering valuable lessons for financial institutions worldwide. The UK’s focus on consumer reimbursement, for example, contrasts with Singapore’s technological innovations and Australia’s cross-sector collaborations, demonstrating the diverse methods being used to tackle APP fraud.

Combating banking scams requires collaboration

The anti-scam regulations established by the UK, European Union, Singapore, Hong Kong, and Australia are creating foundational work for the industry at large. APP fraud often spans industries, necessitating collaboration between financial institutions, telecom providers, and digital platforms. For instance, the European Union emphasizes shared responsibility, creating a precedent for cross-sector partnerships to close loopholes and effectively disrupt fraud networks.

But these are just a starting point. As APP fraud and other banking scams continue to evolve, so, too, will the regulations designed to combat them. It will be interesting to see which regulatory approach emerges as the most successful when it comes to tackling digital banking scams.

Global authorised push payment (APP) scam regulations
White paper

Global APP scam regulations: Comparing approaches in EU, UK, Singapore, Hong Kong, and Australia

Stay ahead in the fight against APP fraud. Download the full white paper for deeper insights and practical strategies to combat APP fraud.

Download now
Frederik Mennes
Frederik Mennes

Frederik Mennes is Director of Product Management & Business Strategy at OneSpan. In this role, he is responsible for defining and implementing OneSpan’s business strategy for specific industry verticals, and to determine how OneSpan responds to security and regulatory market trends. Previously, Frederik led OneSpan's Security Competence Center, where he was responsible for the security aspects of OneSpan's products and infrastructure. 

Go To Top
Share