Paul Convery

Authorised Push Payment (APP) fraud happens when victims are deceived into making immediate payments to bank accounts managed by fraudsters pretending to be legitimate payees.

APP fraud involves various tactics, including impersonation scams, where fraudsters pose as legitimate entities such as banks or service providers.

This type of fraud frequently occurs with the victim’s consent, as they are unaware that the transaction is fraudulent. It can also lead to the loss of sensitive banking details, such as account numbers or PINs.

The real-time nature of these transactions leaves little room for detection or reversal, making APP fraud particularly effective and damaging.

Recent UK Supreme Court case on APP fraud

Philipp v Barclays [2023] UKSC 2 centred on whether Barclays owed a duty of care, known as the ‘Quincecare’ duty, to prevent APP fraud.

Fiona Philipp was a victim of APP fraud, losing £700,000 after being convinced by fraudsters to transfer money to accounts in the UAE. She claimed that Barclays should have recognised the fraud and intervened, invoking the Quincecare duty, which traditionally requires banks to refrain from executing payment instructions if they suspect fraud by an agent of the customer.

Initially, the High Court of England and Wales ruled in favour of Barclays, stating that the Quincecare duty did not apply to APP fraud. However, the Court of Appeal overturned this decision, expanding the Quincecare duty to include situations where the customer authorised the payment under fraudulent inducement.

The Supreme Court unanimously overturned the Court of Appeal’s decision, ruling that the Quincecare duty does not extend to APP fraud where the customer personally authorises the payment. It emphasised that a bank’s primary duty is to execute the customer’s instructions promptly and accurately, without questioning the wisdom or risks of the customer’s decisions, unless there is an express contractual term to the contrary.

Following this decision, banks in the UK are not legally required to intervene when they suspect a customer is an APP fraud victim. The duty to act on a customer’s instructions is strict and does not include assessing the validity of those instructions unless they come from an agent suspected of fraud.

The Supreme Court highlighted that it is up to parliament and regulators to determine the extent of banks’ responsibilities in APP fraud cases.

The Quincecare duty, therefore, remains applicable in the UK in situations involving an agent acting fraudulently on behalf of a customer but does not extend to cases where the customer is directly deceived into authorising a payment.

Recent UK High Court cases on APP fraud

In Larsson v Revolut [2024] EWHC 1287 (Ch), Larsson was defrauded into transferring funds to fraudulent accounts, believing he was purchasing shares in a non-existent entity. Larsson claimed that Revolut breached its contractual and tortious duties by failing to detect and prevent the fraud. He also alleged unjust enrichment and dishonest assistance in a breach of trust.

The High Court of England and Wales struck out the claims in contract and tort, finding that Revolut did not owe a duty of care to Larsson. However, it allowed the dishonest assistance claim to proceed, subject to Larsson amending his pleadings to clarify the existence and breach of trust and Revolut’s role in assisting that breach.

In Terna Energy Trading DOO v Revolut Ltd [2024] EWHC 1419 (Comm), Terna Energy Trading fell victim to an APP fraud, resulting in a transfer of €700,000 to Zdena Fashions Ltd, which held an account with Revolut. Fraudsters quickly dissipated the funds. Terna did not claim against its bank or Zdena but instead brought a claim of unjust enrichment against Revolut.

Revolut argued that it had not been enriched because a liability to Zdena offset any funds it received. However, the High Court held that the transfer enriched Revolut and that the position of an Electronic Money Institution (EMI) like Revolut is similar to that of a bank in this context. The High Court also rejected Revolut’s argument that any enrichment was not at Terna’s expense. Revolut has been granted permission to appeal.

The Larsson and Terna Energy cases involved claims against Revolut for failing to prevent APP fraud, with the courts examining Revolut’s responsibilities and potential liabilities as an EMI. These cases highlight the ongoing legal scrutiny of EMIs’ roles in safeguarding against fraudulent transactions.

The current landscape in Ireland

Figures provided by the Banking and Payment Federation of Ireland (BPFI) show that in 2023, the industry value of APP fraud was €18.1 million. In response to the growing trend of APP fraud and to assess its effects on consumers and businesses, the Joint Committee on Finance, Public Expenditure and Reform published a Report on Authorised Push Payment Fraud in October 2024. 

The report acknowledges that while no single measure can effectively prevent APP fraud, it sets out recommendations towards measures which would allow for a centrally coordinated, comprehensive approach where the State, financial services, social media companies, telecommunications companies and An Garda Síochána could work together to develop strategies for better intelligence sharing, consumer protection, and the creation of barriers to criminal activities.

The evolving landscape of APP fraud presents significant challenges for both financial institutions and consumers. The recent UK Supreme Court and High Court cases underscore the complexities surrounding the legal responsibilities of banks and EMIs in preventing and addressing APP fraud. They may provide insight into how the Irish courts would approach similar claims.

The Joint Committee on Finance, Public Expenditure and Reform, and Taoiseach recommendations emphasise the importance of collaboration among various stakeholders to enhance consumer protection and develop effective strategies against APP fraud.

• Paul Convery is a partner in William Fry’s litigation and investigations department. Ronan Shaughnessy also contributed to this article.