Finance Editor, Kael Tripton Ltd - LBS MBA - Verified against FCA Handbook: 14 June 2026
Quick answer
Under the Payment Services Regulations 2017, banks must refund unauthorised transactions within 1 business day unless you were grossly negligent. For APP fraud (being tricked into authorising a payment), mandatory reimbursement of up to PS415,000 applies from October 2024 under PSR rules. Gross negligence does not mean being deceived by a sophisticated scam.
Are You Liable for Fraud on Your Bank Account?
Direct answer
Am I liable for fraud on my bank account and what must my bank do?
Under the Payment Services Regulations 2017, you are not liable for unauthorised transactions unless you acted fraudulently or with gross negligence. Banks must refund unauthorised fraud within 1 business day. For APP fraud (being tricked into authorising a payment), mandatory reimbursement up to PS415,000 per claim applies from October 2024. Being deceived by a sophisticated scam is not gross negligence.
FCA Handbook - PSR 2017 Reg 77 - Verbatim Rule Text Source: handbook.fca.org.uk
Where an unauthorised payment transaction has been executed, the payer's payment service provider shall immediately refund the payer the amount of the unauthorised payment transaction and, where applicable, restore the debited payment account to the state it would have been in had the unauthorised payment not taken place.
Report to your bank immediately
Call the fraud number on the back of your card. Banks must freeze the account and attempt to recall the payment.
Report to Action Fraud
actionfraud.police.uk or 0300 123 2040. Get a crime reference number.
For APP fraud -- request reimbursement under PSR rules
Write to your bank citing the PSR mandatory reimbursement scheme (from October 2024). Banks must reimburse within 5 business days unless investigating.
Challenge a gross negligence finding
If your bank claims you were grossly negligent, challenge this in writing. Being deceived by a sophisticated scam is not gross negligence.
Escalate to the FOS if refused
The FOS handles fraud liability disputes and has consistently found against banks that apply gross negligence too broadly.
| Fraud type | Liability | Bank obligation | Deadline |
|---|---|---|---|
| Unauthorised (card lost/stolen -- reported promptly) | Maximum PS35 | Must refund immediately | 1 business day |
| Unauthorised (card fraud -- not your fault) | Zero if not negligent | Must refund in full | 1 business day |
| APP fraud (tricked into authorising payment) | Zero if not grossly negligent | Must reimburse up to PS415,000 | 5 business days (or 35 to investigate) |
| Gross negligence (shared PIN etc) | Full loss possible | No obligation to refund | N/A |
Related KT guides
Frequently Asked Questions
Am I liable for fraud on my bank account?
Your liability for unauthorised transactions depends on the Payment Services Regulations 2017 (PSRs 2017). Under Regulation 77, you are only liable for unauthorised transactions if you acted fraudulently or with gross negligence. For standard fraud where you did not authorise the transaction and were not negligent, the bank must refund you. The bank must refund within 1 business day of you reporting the fraud. Your maximum liability for transactions made before you reported the loss of your card is PS35, unless you acted with gross negligence.
What is the Contingent Reimbursement Model for authorised push payment fraud?
Authorised Push Payment (APP) fraud is where you are tricked into authorising a payment yourself -- for example, a scammer impersonates your bank or solicitor and persuades you to transfer money. The Contingent Reimbursement Model (CRM) Code is a voluntary industry code (now replaced by mandatory PSR rules from October 2024) requiring banks to reimburse victims of APP fraud unless the victim was grossly negligent. From October 2024, the Payment Systems Regulator (PSR) mandated that banks must reimburse APP fraud victims up to PS415,000 per claim.
What is the APP fraud mandatory reimbursement rule?
From 7 October 2024, the Payment Systems Regulator (PSR) requires all banks and payment firms participating in the Faster Payments scheme to reimburse victims of authorised push payment (APP) fraud up to PS415,000 per claim, unless the victim was grossly negligent or acted dishonestly. The sending bank and the receiving bank share the cost of reimbursement 50/50. This is the strongest APP fraud protection in any major economy.
What counts as gross negligence in bank fraud?
Gross negligence in the context of bank fraud means a serious failure to take basic precautions that any reasonable person would take. Examples: sharing your PIN or passwords with a third party, ignoring clear fraud warnings from your bank before making a payment, or making a payment after being explicitly warned by your bank that the payment may be fraudulent. Standard carelessness or being deceived by a sophisticated scam does not typically constitute gross negligence.
What should I do if I am a victim of bank fraud?
Report to your bank immediately -- banks must freeze the account and attempt to recall the payment where possible. Report to Action Fraud (actionfraud.police.uk, 0300 123 2040). For APP fraud, your bank must reimburse you within 5 business days under the PSR mandatory scheme (from October 2024) unless they need more time to investigate (maximum 35 business days). If the bank refuses reimbursement, escalate to the FOS.
Primary sources
Kael Tripton Ltd is registered with the Information Commissioner's Office under registration number ZC135439.
