Are Banks Liable for Text Scams?
The UK Made Banks Pay for Text Scams.
The US Is Next.
As of October 2024, UK banks are legally required to reimburse victims of text scams. US banks aren’t yet — but regulatory and legal pressure is mounting fast, and the direction of travel is clear.
A customer receives a text. It bears your bank’s name, matches your tone, and urges them to act immediately or face consequences. They click. They comply. Their money is gone. The call that follows lands in your fraud department. And the question on the other end of the line: “Why didn’t you protect me?” is no longer just a customer service issue. In an increasing number of jurisdictions, it is becoming a legal issue.
The UK Made It Law: Banks Must Reimburse Text Scam Victims
In October 2024, the United Kingdom did something no country had done before. The Payment Systems Regulator (PSR) made bank reimbursement for text scam victims mandatory, not voluntary, not best-practice guidance. Law.
“We want payment firms to take responsibility for protecting their customers at the point that a payment is made.
— UK Payment Systems Regulator, PS24/7, October 2024
What is APP fraud?
Authorized push payment (APP) fraud occurs when a scammer deceives a customer into willingly transferring money — typically by impersonating a bank, government agency, or delivery company via text message.
Under the new rules, banks must reimburse victims of authorized push payment (APP) fraud — the category that covers nearly every text-based scam — up to £85,000 per claim, within five business days of a report being filed. The cost is split 50/50 between the sending and receiving institution. No exceptions for “the customer authorized the transfer.”
The PSR was explicit about the intent: make financial institutions financially accountable for scams that exploit their brand and their customers’ trust. The era of “the customer clicked, so it’s their problem” is over in the UK.
UK vs. US: Where Liability Stands Today
| United Kingdom | United States | |
|---|---|---|
| Status | Mandatory reimbursement law | Legislation in motion |
| Since | October 7, 2024 | State AGs & Congress acting now |
| Reimbursement | Banks reimburse up to £85,000 | Bipartisan bills introduced in 2025–26 |
| Timeline | 5-day reimbursement window | 46% of Americans already expect it |
US Lawmakers Are Moving on Bank Text Scam Liability — and Ohio Is Leading the Way
At the federal level, the picture is still taking shape. Regulation E — the federal rule governing electronic fund transfers — already requires banks to reimburse customers for unauthorized fraud, such as account takeovers in which a criminal initiates a transfer without the customer’s knowledge. But authorized push payment fraud, where a customer is deceived into sending money, remains a gray area under current US law.
That gray area is narrowing.
In March 2026, the Ohio Attorney General’s office issued an urgent public warning about a smishing campaign targeting state residents with fake toll and parking violation notices and official-looking texts with QR codes that redirect to overseas fraud sites.
“Scammers rely on fear and urgency. If you receive a message threatening court action or demanding immediate payment, take a moment to verify it before responding.”
— Ohio Attorney General Dave Yost, March 2026
The warning is notable not only for what it says but also for who said it. State attorneys general are increasingly stepping into the fraud enforcement space as federal regulatory activity fluctuates. In Congress, Senator Jon Husted (R-OH) introduced the bipartisan Preventing Deep Fake Scams Act — legislation that would establish a formal task force to examine how financial institutions can use AI to detect and prevent fraud, with findings due to Congress within one year of enactment.
This isn’t fringe legislation. It is a Republican senator from Ohio introducing bipartisan consumer protection bills targeting AI-driven financial fraud. The direction of travel is clear.
Your Customers Already Expect It
Banks don’t need to wait for regulators to tell them what their customers already believe. According to the Global Anti-Scam Alliance State of Scams 2025 Report, the data is unambiguous:
46% of Americans believe banks should always reimburse scam victims — regardless of fault.
Source: GASA State of Scams 2025
The same report ranked banks and payment providers #1 across every dimension of scam responsibility — education, blocking, reporting, victim support, and reimbursement. Customers are not asking whether their bank is responsible. They have already decided the answer.
When a scam text carries your bank’s name, your customer does not distinguish between a fraud that your systems caused and a fraud that exploited your brand. The experience is the same. And the expectation that you will make them whole follows.
How CheckTxt Closes the Gap Banks Can’t Ignore
Real-time detection at the message layer. Before the click, before the transfer, before the claim.
Every security tool a bank deploys operates inside the enterprise: monitoring transactions, flagging account anomalies, analyzing payment behavior. MDM, SIEM, endpoint protection, and email security. None of them sees what happens before a customer acts. The fraudulent text message that tricks a customer into authorizing a transfer never touches your firewall. It never appears in your SIEM. It lands directly in your customer’s hand, exploits their trust in your brand, and is gone before your fraud stack knows anything happened.
That is the gap CheckTxt was built to close.
CheckTxt operates where your stack ends. Outside the enterprise, inside the message, before the click. It complements your existing fraud, risk, and SIEM tools without replacing them, requiring no workflow changes, no integration work, and no customer onboarding. Customers simply forward a suspicious text. CheckTxt’s patent-pending CHAI engine analyzes it across six specialized detection layers simultaneously: message content, sender behavior, embedded URLs, brand impersonation signals, urgency patterns, and campaign indicators. It returns a plain-language verdict in under 60 seconds. Before the customer acts. Before the transfer clears. Before the claim lands.
That is pre-payment prevention applied at the message layer.
Submitted messages are also correlated across your entire customer base in real time, giving your fraud team live visibility into emerging impersonation campaigns as they form, not after losses accumulate and claims start arriving. Your team sees the threat while there is still time to act.
For compliance and risk teams, this matters now — before any mandate arrives. Regulators are increasingly asking not just whether a bank reimbursed a fraud victim, but whether it had proactive, documented protections in place before a customer was deceived. CheckTxt creates that record. Every submission, every verdict, every campaign pattern is logged, giving your institution concrete evidence of reasonable protective action at the message layer.
The UK made bank liability for text scams the law. US regulators are watching. Your customers already expect it. The banks that act now won’t be scrambling to comply when the mandate arrives.
See how CheckTxt works for banks →
References
- UK Payment Systems Regulator. PS24/7: Faster Payments APP Scams Reimbursement Requirement. October 2024. https://www.psr.org.uk/publications/policy-statements/ps247-faster-payments-app-scams-reimbursement-requirement-confirming-the-maximum-level-of-reimbursement/
- Ohio Attorney General Dave Yost. Warning on text scam claiming outstanding parking and toll fines. March 2026. https://www.ohioattorneygeneral.gov/Media/News-Releases/March-2026/AG-Yost-Warns-Ohioans-of-Text-Scam-Claiming-Outsta
- Senator Jon Husted. Preventing Deep Fake Scams Act. June 2025. https://www.husted.senate.gov/media/press-releases/husted-leads-bipartisan-bicameral-bill-to-protect-ohioans-from-ai-driven-financial-scams/
- Global Anti-Scam Alliance. State of Scams in the United States — 2025 Report. https://www.gasa.org/research