APP Fraud and the New Dispute System You Can’t Ignore
Most chargeback conversations stay inside one lane: card networks, issuer rules, merchant liability and dispute rates. But since October 2024, there’s been a second dispute system operating in the UK, built from scratch, running outside the card networks entirely, and already generating the same incentive problems the credit card chargeback world has spent decades wrestling with. It’s called the authorised push payment (APP) fraud reimbursement regime. If you operate in the UK, process bank transfers, or run a fintech that touches payment flows, the APP fraud reimbursement regime is your problem now.
Two Dispute Systems, One Problem
Fraud happens. Someone authorizes a payment, money moves, and later someone claims it shouldn’t have. Every dispute system in payments is essentially an answer to that scenario: who eats the loss, under what conditions, and who decides.
Card chargebacks and the UK’s APP reimbursement regime both answer that question. But the mechanics, the liable parties, and the incentive structures are fundamentally different.
How Card Chargebacks Assign Liability
The card chargeback system is built around unauthorized transactions. The consumer says they didn’t authorize it; the issuer fronts the refund; liability flows backward depending on which party failed to follow the rules. SCA compliance, authorization, and network rule adherence are the variables that determine who bears the loss. The merchant carries the burden of proof. The network sets the guidelines.
The system is not designed to be fair. It’s designed around incentives. Like the actual justice system, disputes are not resolved based on the actual truth but on an interpretation of the evidence presented and how it fits the rules.
How the UK’s APP Fraud Regime Works
Authorised push payment fraud is what happens when a consumer is tricked into sending money directly to a fraudster’s account. The key word is authorised. In APP fraud, the consumer authenticated, approved, and executed the transfer. From the card system’s perspective, that transaction is clean. There’s no unauthorized transaction to dispute. The chargeback right simply doesn’t exist.
The UK’s Payments Service Regulator (PSR) closed that gap. From October 7, 2024, all PSPs processing Faster Payments must reimburse APP fraud victims up to £85,000 per claim within five business days. Liability is split 50/50 between the sending and receiving PSP. In the first year, 88% of APP scam losses were reimbursed to victims, totaling £173 million.
That’s a meaningful consumer protection outcome. The question is whether it also creates an incentives problem.
The Incentive Problems Are Familiar
Anyone who has spent time in chargeback operations will recognize what comes next.
Guaranteed reimbursement reduces the cost of being defrauded, which creates “moral hazard.” The PSR’s early data shows only 3% of claims were rejected for insufficient consumer caution, reassuring for now, but the regime is still young. The same dynamic took years to fully develop in card chargebacks.
The first-party fraud risk is more immediate. In the chargeback world, friendly fraud is one of the most persistent problems in dispute management. The APP regime creates a structurally similar vulnerability: a consumer initiates a transfer, later claims they were tricked, and files for reimbursement. The PSP has five business days to investigate, with a narrow set of rejection grounds.
The receiving PSP problem is real. Under the 50/50 split, the PSP on the receiving end shares reimbursement cost even if they had no direct relationship with the victim. That’s liability built entirely on receiving fraud. It incentivizes tighter mule detection, but also creates disproportionate exposure for neobanks and fintechs that skew toward the receiving end of fraud flows.
The Chargeback Incentive Triangle maps directly onto this system. Different players (sending PSP, receiving PSP, PSR rule architecture instead of merchant, issuer, network), but the same dynamics. Liability is distributed via rules, not based on truth! The party with the least control over fraud entry often bears the most exposure.
The EU Treats APP Fraud Differently
PSD3 and PSR are expected to be published towards the end of Q2 2026 in the Official Journal of the European Union, the news gazette where EU regulations must be published to enter force, with the PSR entering into application 18 months after publication.
The EU approach is structurally different. Under the agreed text, consumers generally remain liable for authorized fraud. PSP liability attaches only in two specific cases: where the fraudster impersonated the PSP itself, or where the PSP failed to properly apply Verification of Payee or transaction monitoring.
That’s a fundamentally different liability view. The UK created broad mandatory reimbursement for APP fraud as a category. The EU maintained consumer liability as the default, with PSP liability tied to PSP failures.
For businesses operating across both markets, this creates a real operational difference. Same fraud pattern, two different guidelines, two different liability outcomes. That needs to be mapped and priced, not treated just as a compliance matter.
What to Do With This Info
If you’re a fintech or PSP operating in the UK, receiving PSP exposure is the most urgent issue. Mule account detection, outbound payment monitoring, and fast inter-PSP communication are no longer optional. That’s where your reimbursement cost lives.
If you operate cross-border, you’re now managing two dispute systems with different liability logics running in parallel. One mandatory and broad, one conditional and PSP-failure-based. The operational and risk implications are not the same.
The card chargeback system took decades to produce the problems it has today; inflated dispute rates, friendly fraud, merchants spending more on dispute operations than on acquisition. The APP reimbursement regime is eighteen months old. The incentive problems are already visible..
The industry tends to learn these lessons slowly, usually after the losses have happened. This time, the playbook from chargebacks is available in advance. The question is whether anyone uses it.
