Authorized push payment (APP) fraud is a growing concern, causing billionsicon denoting destination link is offsite of dollars in global losses. Despite the introduction of technologies like two-factor authentication, biometric security, and artificial intelligence, the rise of faster payments has made combating this type of fraud increasingly difficult.

While faster payments offer convenience, they also create new opportunities for fraud. The real-time nature of these transactions leaves little time to detect or reverse fraudulent transfers, making APP fraud more effective. This rapid pace enables social engineering attacks, quick conversion of stolen funds into cryptocurrency, and the movement of money across borders, all of which complicates efforts to trace or recover funds.

This leads to a couple logical questions: who should bear responsibility for losses due to APP fraud, and are faster payments too fast? In the US, current regulations under the Electronic Fund Transfer Act do not require banks to reimburse consumers for APP fraud since the payments are technically authorized—even if they are obtained through deception. Banks argue that consumers are responsible for ensuring the legitimacy of recipients, although Early Warning Services, which operates Zelle, now mandates reimbursementicon denoting destination link is offsite for qualifying imposter scams.

This stance is increasingly contested by consumer advocacy groups and lawmakers, who believe that financial institutions should take on more responsibility given the sophisticated nature of modern scams.

The US could learn from measures implemented in other countries. For example, in 2020, the United Kingdom introduced the Confirmation of Payee (CoP) service, which verifies that the payee's name matches the account details before payment is made. Additionally, starting in October, the Financial Services Markets Act 2023icon denoting destination link is offsite mandates full reimbursement for APP fraud victims, up to £415,000. However, facing government and industry pressures, the UK's Payment Systems Regulatoricon denoting destination link is offsite is now proposing to reduce this limit to £85,000 to help protect smaller fintechs and maintain market competition. Recognizing the risk posed by rapid transactions, the UK government has also drafted legislationicon denoting destination link is offsite that allows payment service providers to delay outbound payments by up to four business days to investigate suspicious transactions.

Similarly, Australia plans to roll out a national CoP in 2025 as part of the Scam-Safe Accordicon denoting destination link is offsite initiative. The new service, developed by Australian Payments Plus and the Australian Banking Association, will ensure that account names match before payments are processed, adding an additional layer of protection against APP fraud. Australian banks are investing heavily in this technology and are anticipating a significant reduction in fraud cases.

Implementing a CoP system in the US could be an effective measure for reducing or even preventing APP fraud. It will be interesting to see how lawmakers address the legal responsibilities of financial institutions in these cases. While consumers must remain cautious, banks could eventually be held accountable and therefore may want to consider taking steps to ensure their platforms have robust security measures in place to prevent fraud.

A shift in the UK's liability limit could have implications in this country. If the US considers adopting similar reimbursement policies, the balance between protecting consumers and ensuring market competition will be significant. The UK's experience shows that high reimbursement caps can strain small fintechs, potentially stifling innovation. Conversely, lowering these limits might expose consumers to greater financial risk. Carefully evaluating these trade-offs to create a framework that both deters fraud and fosters a competitive and safe financial ecosystem will be important.