Most fraud people picture involves a stolen card or a hacked account. Authorised push payment (APP) fraud is different and, in many ways, harder: the victim themselves is tricked into authorising a payment to a fraudster. Because the customer pressed "send", it long fell outside traditional fraud protections. That changed: since 7 October 2024, UK payment firms must reimburse most APP-fraud victims. It is one of the most consequential consumer-protection and financial-crime reforms in years.
What APP fraud is
In an APP scam, the fraudster manipulates the victim into sending money from their own account — by impersonation, a fake invoice, a romance scam, a bogus investment, or a "safe account" trick. The payment is genuine and authorised by the customer, which is exactly why it was hard to challenge.
| APP fraud | Unauthorised fraud | |
|---|---|---|
| Who sends the money | The victim, deceived | The fraudster, without consent |
| Example | "Your account is at risk — move funds to this safe account" | Stolen card used to buy goods |
| Historic protection | Weak — the customer "authorised" it | Stronger — clearly not the customer |
| Now | Mandatory reimbursement (since Oct 2024) | Long-standing chargeback/refund rights |
The mandatory reimbursement regime
Brought in by the Payment Systems Regulator, the regime applies to APP scams over Faster Payments made on or after 7 October 2024.
- Victim is scammedThey authorise a payment to a fraudster and realise they were deceived.
- Claim to their PSPThe victim reports it to their payment service provider.
- AssessmentThe PSP assesses the claim against the scheme rules (with limited exceptions).
- ReimbursementIn-scope claims are reimbursed, generally within five working days, up to the cap.
- Cost sharingThe sending and receiving PSPs share the loss 50/50.
The crucial AML link
This is where APP fraud meets anti-money laundering, and why it belongs in a compliance curriculum.
- Fraudster needs somewhere to receive stolen fundsoften a "money mule" account
- Receiving PSP should detect the mule accountvia KYC, monitoring, screening
- Better AML controlsfewer mule accounts
The 50/50 cost split deliberately gives the receiving firm skin in the game: the account that received the fraudulent funds is frequently a money mule account that stronger customer due diligence and transaction monitoring should have flagged. Fraud prevention and AML are two sides of the same coin.
Decide whether each case is authorised push payment (APP) fraud covered by the reimbursement regime.
A caller posing as the victim's bank persuades them to move savings to a 'safe account' that the fraudster controls.
Where Probitas fits
APP-fraud defence depends heavily on stopping mule accounts and knowing who is really behind a counterparty. A Probitas check screens individuals and businesses against sanctions, PEP and adverse media sources and surfaces the public record, anchored to its origin — supporting the due diligence that keeps mule accounts and fraudulent counterparties out. The payments controls and reimbursement decisions remain the firm's own.
APP
What is authorised push payment (APP) fraud?
A scam in which the victim is deceived into authorising a payment from their own account to a fraudster — for example through impersonation, fake invoices, romance or investment scams, or "safe account" tricks. The payment is genuine, which is what made it hard to challenge.
Do banks have to refund APP fraud victims?
Since 7 October 2024, in-scope UK payment service providers must reimburse most victims of APP scams made over Faster Payments, up to a maximum of £85,000 per claim, generally within five working days — subject to limited exceptions.
Who pays for the reimbursement?
The cost is split 50/50 between the sending payment firm and the receiving payment firm. This gives the receiving firm — whose account took the fraudulent funds — a direct incentive to prevent mule accounts.
Are all APP fraud claims reimbursed?
No. The scheme has exceptions, such as where the customer acted with gross negligence or where there is first-party (complicit) fraud. A consumer standard of caution applies. It is a strong protection but not unconditional.
How does APP fraud relate to anti-money laundering?
The accounts that receive APP-fraud proceeds are frequently money mule accounts. Stronger AML controls — customer due diligence, screening and transaction monitoring — reduce mule accounts and therefore the success of APP fraud, which is why the two disciplines are closely linked.
Sources
This guide is written from primary sources. Each is linked below; claims in the text link to the specific reference they rely on.