APP Fraud Reimbursement: £173 Million and the Cross-Sector Liability Debate
In short: UK payment firms reimbursed £173 million to APP fraud victims in year one of the PSR’s mandatory regime under Specific Direction 20. The payments sector bears all reimbursement costs, but APP fraud originates across telecoms, social media and messaging platforms. The Q2 2026 FCA/PSR review will consider whether the current single-sector liability model is sustainable. Both payment firms and telecoms operators need to prepare for what comes next.
APP fraud reimbursement in year one: £173 million returned to victims
UK payment firms paid £173 million in APP fraud reimbursement between October 2024 and September 2025, the first full year of the PSR’s mandatory regime. Of 269,000 reported authorised push payment (APP) fraud claims, 188,000 were eligible, and 88% received reimbursement under Specific Direction 20 (SD20). The regime is underpinned by section 72 of the Financial Services and Markets Act 2023 (FSMA 2023), which requires all directed payment service providers (PSPs) in the Faster Payments Scheme to reimburse victims unless the consumer was grossly negligent.
Mandatory APP fraud reimbursement works for consumers. Prior to October 2024, reimbursement rates varied widely between firms. The PSR’s Q3 2025 reimbursement dashboard shows the rate has stabilised, with only 3% of claims rejected for insufficient consumer caution. But who bears the cost matters. Under the PSR’s reimbursement rules, costs split 50/50 between the sending and receiving PSP. The per-claim cap is £85,000, following the PSR’s decision in PS24/7 to reduce it from the originally proposed £415,000. A maximum excess of £100 applies. The entire reimbursement cost falls on payment service providers.
The statutory framework: liability confined to payment firms
Section 72 of FSMA 2023 required the Payment Systems Regulator (PSR) to publish reimbursement rules for qualifying Faster Payments transactions executed after fraud or dishonesty. The PSR gave effect to this through Specific Direction 20, directing PSPs to comply with Pay.UK’s Faster Payments reimbursement rules from 7 October 2024. The Payment Services Regulations 2017 (PSRs 2017) impose broader obligations on PSPs, including requirements on authentication and transaction monitoring. The FCA’s Consumer Duty adds a cross-cutting obligation to deliver good outcomes for customers, including in the context of fraud prevention and reimbursement.
None of this regulatory architecture reaches the actors outside payments who enable fraud. Spoofed telephone calls, smishing messages, fake social media advertisements and compromised messaging platforms are the primary channels through which APP fraud reaches consumers. The PSR’s own data attributes the majority of APP fraud to romance scams, purchase scams and investment scams. Most of these originate on telecoms networks and online platforms, not within the payments system. As we noted in our analysis of PSR/FCA consolidation, the regulatory perimeter for fraud liability does not match the fraud supply chain.
The cross-sector debate: who should bear APP fraud reimbursement costs?
The UK government published the Fraud Strategy 2026-2029 in March 2026, backed by over £250 million in public investment and a new £30 million Online Crime Centre bringing together police, banks, telecoms firms and technology companies. The strategy recognises that fraud is a cross-sector problem and commits all sectors to share intelligence and design collaborative data-sharing models within six months.
The Telecommunications Fraud Charter, updated in November 2025, requires signatories to maintain scam call blockage, modernise network security and support traceback systems. The 2023 Online Fraud Charter imposes similar commitments on technology platforms. The payments sector argues these voluntary commitments are not equivalent to financial liability: the charters impose no reimbursement obligations on telecoms operators or platform providers, and a telecoms operator that fails to block a spoofed call faces no share of the £173 million reimbursement bill.
The telecoms sector’s counter-argument is that operators are carriers, not the proximate cause of fraud. APP fraud is social engineering: the fraudster deceives the victim into authorising a payment. Network operators already invest in call blocking, number verification and traceback under the Telecoms Fraud Charter and the Telecommunications (Security) Act 2021. Extending financial liability to carriers for content that transits their networks would be a material change to the regulatory model and raises questions about where liability stops. The same argument applies to online platforms, which point to content moderation obligations under the Online Safety Act 2023 as their contribution to fraud prevention.
| Factor | Payment Firms (PSR) | Telecoms Operators (Ofcom) | Online Platforms (Ofcom/DSIT) |
|---|---|---|---|
| Liability regime | Mandatory (SD20, FSMA 2023 s.72) | Voluntary (Telecoms Fraud Charter) | Voluntary (Online Fraud Charter) |
| Financial liability for APP fraud | 50/50 sending/receiving PSP | None | None |
| Reimbursement obligation | Yes, capped at £85,000 per claim | None | None |
| Fraud prevention obligation | Transaction monitoring, consumer caution checks | Call blocking, number verification, traceback (TSA 2021 + Charter) | Content moderation, ad screening (OSA 2023 + Charter) |
| Enforcement mechanism | PSR enforcement action, firm-level data publication | Ofcom (network security); Charter commitments (fraud prevention) | Ofcom (online safety); Charter commitments (fraud prevention) |
Both sides have a point. The current model concentrates financial liability on the sector that processes the payment, not the sectors through which the fraud reaches the victim. Whether the Q2 2026 review will recommend any form of cross-sector cost contribution remains to be seen. What is clear is that the debate is live, and both payment firms and telecoms operators should prepare for it.
APP fraud reimbursement costs: what payment firms and fintechs face
The PSR already publishes firm-level APP fraud performance data for the 14 largest banking groups. As the regime matures and the dataset expands, firms with high reimbursement ratios relative to transaction volumes face growing reputational and commercial pressure. The FCA and PSR are conducting a joint review of the APP fraud reimbursement framework, expected to report in Q2 2026.
For smaller PSPs and electronic money institutions, the 50/50 cost split is particularly acute. A fintech processing lower transaction volumes but serving a customer base more exposed to APP fraud may face disproportionate reimbursement costs. The FCA’s revised safeguarding rules, which take effect from 7 May 2026 under the CASS 15 Supplementary Regime, add a further compliance layer for e-money firms already managing reimbursement reserves.
Payment firms should act now. Fraud detection systems need review against the PSR’s expectations. Reimbursement reserves need stress-testing ahead of expanded firm-level data publication. Firms within scope of both the PSR regime and the FCA Consumer Duty should assess whether their fraud prevention measures meet the good outcomes standard. If the Q2 2026 review recommends changes to the cap or the cost split, firms with inadequate reserves will be exposed. For firms assessing their obligations, see our guidance on payments product, safeguarding and scheme governance.
Viewpoint
The APP fraud reimbursement regime has achieved its primary objective: consumers are getting their money back. The 88% reimbursement rate and £173 million returned in year one mark a clear improvement on the pre-October 2024 position. The harder question is whether the current liability model is the right one for the long term.
Having advised from both the telecoms regulatory and payments sides, neither sector’s position is entirely comfortable. Payment firms face real and growing reimbursement costs for fraud they cannot prevent at point of origin. In our experience advising PSPs on compliance, the operational burden falls disproportionately on smaller firms that lack the data infrastructure and analytics capability of the major banks, yet bear the same 50/50 split. Telecoms operators, meanwhile, are investing in fraud prevention through the Telecoms Fraud Charter and under the Telecommunications (Security) Act 2021, but face growing political and industry pressure to do more. The argument that carriers are not the proximate cause of fraud is legally sound, but it may not survive a policy environment in which £173 million a year in reimbursement costs concentrates on one sector.
The Q2 2026 FCA/PSR review could go in several directions: adjusting the cap, revising the excess, refining the gross negligence standard, or recommending a cross-sector cost contribution model. Payment firms should stress-test their reimbursement reserves against all scenarios. Telecoms operators should assess their exposure to any future cross-sector framework and ensure their Fraud Charter commitments are well documented. The rise of agentic AI in payments will increase both the volume and sophistication of APP fraud. The liability debate is not going away.
Key sources
- Financial Services and Markets Act 2023, s.72
- PSR Specific Direction 20
- PSR APP scams reimbursement dashboard (Q3 2025)
- PSR PS24/7: Maximum level of reimbursement
- UK Fraud Strategy 2026-2029
- Telecommunications Fraud Charter
- Bratby Law: PSR/FCA Consolidation
- Bratby Law: What Do the FCA and PSR Regulate?
Get in touch
Related insight
The hidden architecture of UK open banking explains why the shared directory and dispute management system are the load-bearing parts of the UK’s payments ecosystem.
For advice on APP fraud reimbursement compliance, the 50/50 cost split, or preparing for firm-level data publication, contact Rob Bratby at Bratby Law.
