Protecting Businesses and Banks from Authorised Push Payment (APP) Fraud
Authorised Push Payment (APP) fraud, exploiting real-time payment systems, has emerged as a major threat and the Payment Systems Regulator (PSR) implemented the Authorised Push Payment (APP) scam reimbursement framework in October,
In this blog I’ll explain what APP fraud is, the scale of the problem, why UK regulators are focusing on this type of fraud and the ways which financial services firms can tackle this issue.
What is APP Fraud?
Unlike traditional banking fraud, APP fraud occurs when fraudsters persuade victims to willingly transfer funds to fraudsters. It occurs when fraudsters trick account holders into sending payments directly, often through high-pressure tactics.
This deception typically takes the form of urgent messages or emails that prompt users to authorise payments unknowingly to fraudulent accounts.
Real-time payment systems, which settle funds instantly, make APP fraud particularly hard to counteract since there is minimal time to identify and halt suspicious activity.
Tackling APP fraud effectively involves educating consumers, strengthening internal controls, and utilising advanced fraud prevention technologies.
How big is the APP fraud problem in the UK?
The PSR reported £341 million being lost in the UK alone in 2023 through APP scams and the volume of cases being reported has increased by 12% since 20221. Only 67% of the money lost to APP scams in 2023 was reimbursed.
A report from Scamscope projects that APP fraud could cost the UK nearly £1 billion by 2072. This rise in fraud means businesses must improve detection methods and enhance internal controls to minimise their exposure to reimbursement costs which will be shared equally between the sending and receiving firms under the new rules.
The PSR expects that its new framework will bring an increased focus on addressing APP fraud here in the UK to help bring this level down.
Regulatory challenges and compliance in the UK
Recent UK reforms now require payment service providers (PSPs) using the Faster Payments Service to reimburse victims within five working days of a fraud claim (up to a limit of £415,000), posing a significant regulatory challenge.
Organisations will need robust fraud monitoring and rapid claim processing capabilities to meet these standards effectively. Moreover, businesses must maintain round-the-clock solutions to track claims, as victims can report fraud up to 13 months after the transaction.
Proper training, fraud monitoring, and customer service management are all crucial to meet these regulatory demands.
APP fraud is especially prevalent in payment methods where transactions are rapid and irreversible, including payment apps, wire transfers, and cryptocurrency transactions.
Significant differences in reimbursement performance between banks, means victims of this type of fraud have faced a reimbursement lottery depending on who they bank with.
These reforms place an equal responsibility on both the sending and receiving institutions, significantly increasing financial accountability and the need for robust fraud prevention measures.
How APP fraud differs from other scams
APP fraud relies on social engineering and the real-time nature of transactions. Three key characteristics distinguish it from other forms of fraud
-
Irreversibility of payments: Unlike credit card fraud, where transactions can often be reversed, APP fraud involves authorised payments that cannot easily be undone.
-
Victim authorisation: Victims actively authorise payments, believing them to be legitimate transactions, which complicates detection.
-
Speed of settlement: APP fraud often exploits fast-payment systems, making it difficult to intervene once funds have been sent.
Common types of APP fraud scams
APP scams follow common patterns designed to deceive victims into sending funds. Some of the most prevalent types include:
-
Purchase scams: Fraudsters pose as sellers, offering products or services that victims pay for but never receive.
-
Invoice scams: Businesses often receive fraudulent invoices for supposed goods or services, paying these invoices before realising they’re fake.
-
Imposter scams: Fraudsters impersonate authoritative figures, like a CEO or bank representative, to request urgent transfers.
-
Advance fee scams: Victims are tricked into paying upfront for promised high-value items or large returns, such as lottery winnings or inheritances.
Strategies to tackle APP fraud
-
Assess and mitigate fraud risks: Understanding both inbound and outbound payment vulnerabilities is crucial. Analysing data on transaction patterns can help businesses and financial institutions pinpoint weak spots and bolster their fraud prevention efforts.
-
Partner with fraud solution providers: Working with a specialised fraud solutions provider allows businesses to leverage industry expertise and implement tailored fraud detection and prevention measures. This collaboration can help streamline communication, develop individualised fraud detection rules, and enhance overall resilience.
-
Embrace advanced technology: Leveraging AI and machine learning for real-time fraud detection is key. These technologies can track abnormal patterns across datasets, identify potential mule accounts, and provide instant alerts to suspicious activity. Additionally, monitoring device ID and IP addresses (in compliance with local privacy laws) can help detect fraud attempts early.
-
Learn from fraud attempts: Analysing past fraud cases to recognize patterns helps institutions refine their security measures. PSPs are now incentivised to educate customers proactively, implementing preventative measures and adapting rapidly to new fraud tactics.
How can Equifax help?
We’re developing a technology-driven solution, called Authorised Payment Protection powered by Kount 360, which is being designed to meet these challenges head-on, offering a proactive defence that goes beyond traditional fraud detection by thoroughly assessing risks associated with both payer and payee accounts in real-time.
This will enable our clients to leverage advanced technologies like AI-driven behaviour analysis, velocity linking, and customisable business policies to detect patterns and identify suspicious activities that are often missed by conventional systems.
Financial institutions will benefit from enhanced fraud detection that considers critical account attributes, including transaction velocity, device intelligence, and location-based insights.
Helping reduce disputes and financial losses and increase customer trust.
Email me directly me directly if you’d like to find out more on robert.mckechnie@equifax.com
Source:
1 Payment Systems Regulator Authorised push payment (APP) scams performance report July 2024
2 ACI World Scamscope Fraud Report 2023 https://www.aciworldwide.com/scamscope-report-app-scam-trends