Regulation
UK APP fraud reimbursement rules: what changed for fintechs
Since 7 October 2024, the Payment Systems Regulator's mandatory reimbursement requirement has made UK payment firms directly liable for authorised push payment fraud on Faster Payments and CHAPS, splitting the cost 50/50 between the sending and receiving payment service provider, up to a cap of £85,000. That shifts APP fraud from a customer loss to a direct firm cost, on both sides of the payment, which changes the value of a real-time phone-based risk check before a payment is authorised. This page is not legal advice.
This page summarises publicly available PSR policy material in general terms. It is not legal advice. Confirm your firm's specific obligations with your own compliance and legal teams and against the PSR's current published rules.
What changed on 7 October 2024
Before this requirement, a customer who was tricked into authorising a payment to a fraudster generally bore the loss themselves, since the payment was technically authorised by the account holder. The PSR's reimbursement requirement, covering Faster Payments and CHAPS transactions, changed that: in-scope payment service providers must now reimburse eligible victims of APP fraud, with liability split between the sending PSP and the receiving PSP. Source: PSR, PS25/5 "Consolidated policy statement: APP scams reimbursement requirement", May 2025, and PS24/7, checked July 2026.
The liability mechanics
- Split: reimbursement liability is shared 50/50 between the sending PSP and the receiving PSP.
- Cap: the maximum reimbursement is £85,000 per claim, aligned with the Financial Services Compensation Scheme limit.
- Excess: the sending PSP may apply an excess of up to £100 per claim.
- Timing: the sending PSP must reimburse an eligible claim within 5 business days of the claim being made, subject to limited stop-the-clock provisions while a claim is investigated.
- Claim window: a customer can generally claim up to 13 months from the date of their last relevant payment.
Source: PSR, PS25/5 and PS24/7 policy statements, checked July 2026.
Why this makes phone signals a direct cost lever, not just a fraud metric
Because liability sits on both the sending and the receiving side, a receiving PSP now has a direct financial reason to screen incoming payment accounts, not only its own outbound customers. A risk signal that reduces the chance of a successful APP scam, on either side of the payment, reduces reimbursement exposure directly, in pounds, rather than only improving a fraud-rate metric reported internally.
Where telecom signals map to this
APP fraud increasingly overlaps with account takeover, where an attacker who has taken control of a victim's number via a SIM swap initiates the payment directly, or intercepts the OTP used to authorise it. A pre-authorisation SIM swap check is a direct control against this pattern. See stopping authorised push payment fraud with phone intelligence for the fuller flow.
Accounts that receive APP fraud proceeds are frequently opened with disposable or recently issued numbers. Number type screening at onboarding for a receiving account is a live, low-cost check that does not depend on the sending side at all.
Under review: cross-sector liability
The FCA and PSR have signalled a joint review of the reimbursement framework, examining whether the current model, which places liability solely on payment firms, remains sustainable given the role telecoms and social media platforms play in originating APP fraud. As of the checked date, no outcome has been published and nothing about the current requirement has changed. Source: reporting on the FCA/PSR joint review, checked July 2026; re-verify against the PSR's own publications before treating any outcome as settled.
Signals available today
Live in every response
- Active status: whether the number is currently reachable on the carrier network
- Carrier: the network operator serving the number
- Country: ISO country code of the number
- Number type: mobile, landline, fixedVoip, nonFixedVoip, tollFree or voicemail