Request an online demo
Get a personalized online demo of Kount's trust and safety technology at a time and date of your choosing.
Authorized Push Payment (APP) Fraud Threatens Banks and Businesses
Authorized push payment (APP) fraud poses a real threat to businesses and banking institutions due to its insidious nature. APP fraud preys on consumers’ trust, getting them to initiate payments directly to fraudsters. The use of real-time payment systems lies at the heart of APP fraud, making it different from credit card fraud or traditional banking scams. Education and information are paramount for protecting against this emerging threat.
What is APP fraud?
APP fraud occurs when fraudsters trick account owners into sending money through fast-payment networks. Instead of relying on stolen credentials or unauthorized transactions, APP fraud leverages the victim’s trust. Fraudsters work to convince victims to initiate an urgent funds transfer, often through email or text. Near-instant payment settlement makes it challenging or even impossible in some cases to recover the losses. Social engineering scams involving APP fraud make prevention difficult, investigations costly, and criminal proceeds hard to recoup.
The global problem of authorized push payment fraud
Although “APP fraud” is a UK term, the issue is global. In the United States, similar scams fall under names like confidence or romance scams. Many are classified by the type of APP fraud scam. The FBI warns against the higher likelihood of such scams with peer-to-peer (P2P) payment methods, especially those that offer irreversible payments and real-time funds transfer. This includes electronic money or payment apps as well as wire transfers or decentralized financial instruments such as cryptocurrency.
Given the growing impact of these scams on consumers, regulators are stepping in. Beginning in October of this year, the United Kingdom will require all payment service providers (PSPs) on the Faster Payments system to reimburse customers for losses related to APP fraud. This rule mandates reimbursement of up to £415,000 (approximately $533,250) within five working days when a victim properly reports APP fraud. Costs for this payment will be shared equally between both the institution that sent the funds and the receiving institution.
This is a significant change that will place a financial burden on companies banking in the UK as well as its financial institutions. It will be more important than ever to mitigate APP fraud and protect both assets and consumer trust.
Key differences between APP fraud and other banking scams
There are a few clear distinctions between APP fraud and other scams that rely on funds transfers. These types of confidence scams use social engineering methods disguised as immediate funding requests, dangerous threats, or claims of false emergencies to force the urgency of payments. Most target groups and organizations that may regularly face such challenges. Differences include:
- Reversibility of payments: When a credit card is used fraudulently or funds are transferred electronically between traditional bank accounts, the victim can dispute the transaction. Issuing banks can reverse the payments. Once an APP fraud victim authorizes a payment, it is nearly impossible to reverse due to the nature of authorized push payment systems.
- Nature of authorization: With APP fraud, the victim actively authorizes the payment, believing they are making a legitimate transaction. This element of deception and manipulation further complicates fraud detection and prevention. Emotions are often high from the outset.
- Speed of transactions: APP fraud most commonly comes across real time payment systems, which rapidly settle the transfer of funds. This leaves little time to identify and halt fraudulent transactions. The delays and safeguards in traditional banking or credit card processing systems offer more time for this type of protection.
MONEY LAUNDERING AND MULES
Even if an institution attempts a reversal or to reclaim scammed funds from the destination account, they may find nothing available. Funds are often moved from the destination to dedicated transfer accounts at other institutions (called mule accounts) or used to make purchases. Money laundering can make it near impossible to track and recover funds lost to APP fraud.
Types of APP fraud scams
APP scams typically follow similar blueprints, in which a fraudster attempts to convince someone to transfer funds under false pretenses. These can take a variety of forms but often fall into one or more of these common types.
Purchase scams
Businesses are likely to run afoul of purchase scams despite having no direct involvement. Fraudsters impersonate companies and promise goods or services to a victim who transfers funds through P2P or APP transfers without ever receiving what they purchase. Common examples include fake sellers of high-end items or technology at seriously low prices.
Invoice scams
Businesses often end up the target of invoice scams. Fraudsters send a fake invoice or mandate of payment to businesses or individuals, often indicating past-due balances on goods or services supposedly delivered. Many companies may pay these through accounts payable systems before detecting the scam.
Imposter scams
Imposter scams typically involve someone pretending to be a figure of authority and requesting the urgent transfer of funds. This large category includes fake CEOs, managers, police, or bank staff. But can also extend to family members or relatives.
Advance fee scams
Advance fee scams trick victims to pay upfront fees to secure high-value goods or the promise of a large windfall. These scams often start with claims of lottery winnings, inheritances, or excess goods held up by customs and other legitimate causes. There is typically never any delivery on these promises.
Investment scams
Investment scams persuade victims of all types to invest in fictitious businesses, funds, or securities with promises of high returns. These scams often use cold calling, emails, or social media to lure victims. Some may roll into pig butchering scams over time, offering small returns for larger investments.
Pig butchering scams
Pig butchering scams are particularly insidious as they involve building a relationship with victims in order to get increased funds from them over time. This type of fraud includes romance scams, which combine elements of investment scams with sharing personal or intimate details to build the relationships. It also covers scams where victims do receive some small payouts in hopes of bigger returns for greater investment.
The impact of APP fraud on businesses and banks
The new UK guidelines may prove a testing ground for such policies worldwide. Financial institutions and banks need to be aware of the risks and dangers inherent with such scams. The reimbursement requirement is sure to place a significant financial burden on UK institutions, as the global cost of fraud could well reach over $40 billion in the next three years.
The Scamscope Fraud Report expects APP fraud losses to mount to near $1 billion in the UK alone by 2027. That’s a lot of shared costs for businesses failing to implement efficient fraud detection and prevention measures.
Reputational damage and consumer trust
The long-term impact on consumer trust and brand reputation in the face of APP fraud can be especially damaging. Victims of APP fraud may lose confidence in their payment service providers, leading to loss of business and market credibility.
Maintaining trust is critical, and the FBI notes scammers often impersonate banks or businesses. It is imperative that financial institutions and companies placed at risk by APP fraud educate customers and maintain robust communication channels for swift resolution of claims.
Regulatory and compliance challenges
Swift resolution is mandated by the UK reforms. With only five business days to reimburse account holders, companies will face high compliance standards and challenges that come with monitoring fraud volumes. Robust internal processes and controls will be necessary for institutions handling such claims, and businesses who are exposed must work with banking partners to help minimize financial exposure.
Additional considerations for upcoming compliance requirements include:
- Tracking and monitoring incoming claims. Victims have a 13-month window to file claims of APP fraud. Banks and businesses will need full-time, round-the-clock solutions for identifying and managing claims within short timeframes.
- Labor and technical expenses related to investigation. Payment services can use up to 35 days for investigation to verify APP fraud. Longer investigations are likely to require far more resources. Automated systems can help reduce much of this burden.
- Managing customer service. Institutions can only deny reimbursement due to gross negligence. And customers classified as “vulnerable” cannot be considered negligent in this fashion. Such vetting of personal information raises serious concerns that require great care.
Tackling the risks of APP fraud
Because social engineering lies at the heart of APP fraud, interaction with customers is paramount. Assess your risk exposure for both inbound and outbound payments. Collect and monitor data on fraud volumes and values, identify gaps where fraud can occur, and work to prioritize knowledge across your team and customer base.
Determining and preventing methods of operation
Companies that use P2P and APP funds transfer benefit from understanding how consumers interact with one another, where, and through which channels. Identifying the most likely avenues of attack makes it easier to focus prevention and resolution efforts. Financial institutions, in particular, must employ safeguards throughout the onboarding process to help keep APP fraudsters from creating mule accounts that can be used to accept or move fraudulently obtained funds.
Working with solutions providers
Partner with a fraud solutions provider that can help reduce related risks. Solutions providers work with banks and businesses to build detection rules and create plans to help reduce exposure and address challenges. UK banking institutions and payment service providers must coordinate reimbursement processes and establish clear communication channels with their fraud teams to create individualized strategies based on their ongoing operations.
Leveraging technology and data
These strategies can bring to bear the latest technology and data for effective real-time monitoring and detection. Machine learning and AI can help improve detection across datasets and develop targeted plans for fraud risk assessment. These efforts may include identifying mule accounts used to receive funds and device ID or IP address monitoring, based on local privacy laws. Fractions of a second matter when attempting to identify potential fraud and stop it before funds are lost for good.
Learning from fraud attempts
Effective strategies and rules require continuous learning from fraud cases to identify vulnerabilities and strengthen controls. With the likely burden of reimbursement, payment service providers are now heavily incentivized to invest in educating customers on how to identify APP fraud before it happens. Integrated, automated solutions must also be able to quickly adapt to evolving tools and shifting tactics employed by fraudsters.
It’s more important than ever to have effective fraud solutions able to learn and grow alongside your company. Look for a solutions team that addresses the individual needs of your business and uses insight from the market at large to protect against emerging threats.
Keep in touch!
Working together
As experts in the world of fraud detection and prevention, the Digital Solutions team at Equifax can help you further understand what it takes to combat this emerging threat. Combining the latest in fraud prevention technology developed at Kount with almost a century of solid financial strength, we stand ready to help defend your business against the latest tools and tactics used by fraudsters.
Let us help you learn more about detecting and preventing fraud. We’re available to assist businesses and financial institutions of all sizes looking to mitigate the risks associated with APP fraud and other payment security challenges.