APP Fraud: Common Law Roadblock, but Regulatory Redemption

APP (Authorised Push Payment) Fraud continues to be a devastating everyday issue for individuals and businesses alike.

We first wrote about APP fraud over 18 months ago (Scamdemic – APP fraud on the rise | Herrington Carmichael ( We looked at the case of Phillip v Barclays Bank [2022], which has since been appealed by Barclays and been heard by the Supreme Court. This case concerns an example of APP fraud whereby fraudsters had managed to use ‘Social Engineering’ to convince Mr and Mrs Phillips to transfer £700,000.00 to a company based in the United Arab Emirates.

Social Engineering is a technique used by fraudsters to manipulate people or businesses, to hand over sensitive data. Often, fraudsters will impersonate familiar services or pretend to be relations of the intended target to take advantage of a pre-existing level of trust.

On first hearing of the case in the High Court, the Phillips’ sought to extend the duty of care banks owed its customers under the ‘Quincecare Duty’, to include circumstances whereby a customer actively and explicitly instructs a bank to make a payment, even if it is subsequently found to be a fraudulent payment.

The Quincecare duty is a duty imposed on banks who are required to refrain from executing a customers payment order if they have reason to believe that the payment order is made as a result of fraud.

The High Court originally dismissed the Phillip’s claim and found in favour of the Bank. However, on appeal, the Court of Appeal overturned the decision of the High Court and found in favour of the Phillips’. The Supreme Court was then tasked with finally deciding the matter.

The Supreme Court decided that in this case (among other factors) that as the victims of the fraud were so adamant, and explicit in their instructions to the bank, to wire the money to the UAE account, the Quincecare duty did not arise and Barclays Bank did not have to refrain from executing the payment order.

In any event, the Supreme Court highlighted the need for regulation to step in and address some of the shortcomings and obvious grey areas in regard to APP fraud. Thankfully, it looks as if regulatory change is on the horizon.

The Financial Services and Markets Act 2023 and the Payment Services Regulator.

The Financial Services and Markets Act 2023 (FSMA23) received Royal Assent on 29 June 2023. Section 72 of FSMA23 requires the Payment Systems Regulator to impose a ‘requirement for reimbursement’ on payment services providers whereby customers have made a payment elicited by fraud or dishonestly. There is currently a voluntary scheme designed to serve a similar function, although only 10 payment providers have signed up (one of which is Barclays).

This, on face value, will address the liability shortfall that common law is not prepared to meet. Whether the scheme fulfils the intention behind it, is yet to be determined.

The Payment Services Regulator is currently consulting on how the new scheme will operate and the scope of its remit. In August 2023, two consultancy papers were released, one of which is to ascertain the level of maximum reimbursement levels for the payment providers (and how any reimbursement scheme is to work mechanically), and the other is focused on the role of the consumer standard of caution (gross negligence). In any event, the new regulations intend to cover all Faster Payments and CHAPS payments made in the United Kingdom.

Both consultation papers are currently live and open for comments and feedback until 5pm on 12 September 2023.

Where do we stand currently?

Unfortunately, until the Payment Services Regulator publish its finalised regulations, consumers are left with no clear redress. The recent Supreme Court ruling in Phillips does not place a blanket ban on any further common law remedy but dismissed it in this case.

Regardless of when the situation becomes clearer, individuals and businesses need to continue to be vigilant and alive to the ever-growing threat of APP fraud. The rise of Artificial Intelligence is making ‘social engineering’ easier and making scams seem more realistic. APP fraud was responsible for losses of £485.2 million in 2022 alone and 78% of APP fraud cases originated online. There is still a very real threat to consumers which doesn’t look like it will be going away anytime soon. The proposed new regulation is a welcome step to protecting consumers after the fact, but the bulk of the threat will still be present.

If you have found yourself victim to APP fraud or your business is party to a potential APP claim and you need advice or assistance then please contact us to speak to a member of our Dispute Resolution Team.

James Musallam
Solicitor, Dispute Resolution
View profileContact Us

This reflects the law and market position at the date of publication and is written as a general guide. It does not contain definitive legal advice, which should be sought in relation to a specific matter.

Latest Legal Insights

Best Law Firms 2024

Herrington Carmichael has once again been named in the Times Best Law Firms. We were first listed in 2023 and have once again made the Best Law Firms list for 2024.

Best Law Firm 2024