Authorized Push Payment (APP) Fraud Threatens Banks and Businesses

Authorized push payment (APP) fraud poses a real threat to businesses and banking institutions due to its insidious nature. APP fraud preys on consumers’ trust, getting them to initiate payments directly to fraudsters. The use of real-time payment systems lies at the heart of APP fraud, making it different from credit card fraud or traditional banking scams. Education and information are paramount for protecting against this emerging threat.

What is APP fraud?

APP fraud occurs when fraudsters trick account owners into sending money through fast-payment networks. Instead of relying on stolen credentials or unauthorized transactions, APP fraud leverages the victim’s trust. Fraudsters work to convince victims to initiate an urgent funds transfer, often through email or text. Near-instant payment settlement makes it challenging or even impossible in some cases to recover the losses. Social engineering scams involving APP fraud make prevention difficult, investigations costly, and criminal proceeds hard to recoup.

The global problem of authorized push payment fraud

Although “APP fraud” is a UK term, the issue is global. In the United States, similar scams fall under names like confidence or romance scams. Many are classified by the type of APP fraud scam. The FBI warns against the higher likelihood of such scams with peer-to-peer (P2P) payment methods, especially those that offer irreversible payments and real-time funds transfer. This includes electronic money or payment apps as well as wire transfers or decentralized financial instruments such as cryptocurrency.

Given the growing impact of these scams on consumers, regulators are stepping in. Beginning in October of this year, the United Kingdom will require all payment service providers (PSPs) on the Faster Payments system to reimburse customers for losses related to APP fraud. This rule mandates reimbursement of up to £415,000 (approximately $533,250) within five working days when a victim properly reports APP fraud. Costs for this payment will be shared equally between both the institution that sent the funds and the receiving institution.

This is a significant change that will place a financial burden on companies banking in the UK as well as its financial institutions. It will be more important than ever to mitigate APP fraud and protect both assets and consumer trust.

Key differences between APP fraud and other banking scams

There are a few clear distinctions between APP fraud and other scams that rely on funds transfers. These types of confidence scams use social engineering methods disguised as immediate funding requests, dangerous threats, or claims of false emergencies to force the urgency of payments. Most target groups and organizations that may regularly face such challenges. Differences include:

• Reversibility of payments: When a credit card is used fraudulently or funds are transferred electronically between traditional bank accounts, the victim can dispute the transaction. Issuing banks can reverse the payments. Once an APP fraud victim authorizes a payment, it is nearly impossible to reverse due to the nature of authorized push payment systems.
• Nature of authorization: With APP fraud, the victim actively authorizes the payment, believing they are making a legitimate transaction. This element of deception and manipulation further complicates fraud detection and prevention. Emotions are often high from the outset.
• Speed of transactions: APP fraud most commonly comes across real time payment systems, which rapidly settle the transfer of funds. This leaves little time to identify and halt fraudulent transactions. The delays and safeguards in traditional banking or credit card processing systems offer more time for this type of protection.

The impact of APP fraud on businesses and banks

The new UK guidelines may prove a testing ground for such policies worldwide. Financial institutions and banks need to be aware of the risks and dangers inherent with such scams. The reimbursement requirement is sure to place a significant financial burden on UK institutions, as the global cost of fraud could well reach over $40 billion in the next three years.

The Scamscope Fraud Report expects APP fraud losses to mount to near $1 billion in the UK alone by 2027. That’s a lot of shared costs for businesses failing to implement efficient fraud detection and prevention measures.

Reputational damage and consumer trust

The long-term impact on consumer trust and brand reputation in the face of APP fraud can be especially damaging. Victims of APP fraud may lose confidence in their payment service providers, leading to loss of business and market credibility.

Maintaining trust is critical, and the FBI notes scammers often impersonate banks or businesses. It is imperative that financial institutions and companies placed at risk by APP fraud educate customers and maintain robust communication channels for swift resolution of claims.

Regulatory and compliance challenges

Swift resolution is mandated by the UK reforms. With only five business days to reimburse account holders, companies will face high compliance standards and challenges that come with monitoring fraud volumes. Robust internal processes and controls will be necessary for institutions handling such claims, and businesses who are exposed must work with banking partners to help minimize financial exposure.

Additional considerations for upcoming compliance requirements include:

• Tracking and monitoring incoming claims. Victims have a 13-month window to file claims of APP fraud. Banks and businesses will need full-time, round-the-clock solutions for identifying and managing claims within short timeframes.
• Labor and technical expenses related to investigation. Payment services can use up to 35 days for investigation to verify APP fraud. Longer investigations are likely to require far more resources. Automated systems can help reduce much of this burden.
• Managing customer service. Institutions can only deny reimbursement due to gross negligence. And customers classified as “vulnerable” cannot be considered negligent in this fashion. Such vetting of personal information raises serious concerns that require great care.

Tackling the risks of APP fraud

Because social engineering lies at the heart of APP fraud, interaction with customers is paramount. Assess your risk exposure for both inbound and outbound payments. Collect and monitor data on fraud volumes and values, identify gaps where fraud can occur, and work to prioritize knowledge across your team and customer base.

Determining and preventing methods of operation

Companies that use P2P and APP funds transfer benefit from understanding how consumers interact with one another, where, and through which channels. Identifying the most likely avenues of attack makes it easier to focus prevention and resolution efforts. Financial institutions, in particular, must employ safeguards throughout the onboarding process to help keep APP fraudsters from creating mule accounts that can be used to accept or move fraudulently obtained funds.

Working with solutions providers

Partner with a fraud solutions provider that can help reduce related risks. Solutions providers work with banks and businesses to build detection rules and create plans to help reduce exposure and address challenges. UK banking institutions and payment service providers must coordinate reimbursement processes and establish clear communication channels with their fraud teams to create individualized strategies based on their ongoing operations.

Leveraging technology and data

These strategies can bring to bear the latest technology and data for effective real-time monitoring and detection. Machine learning and AI can help improve detection across datasets and develop targeted plans for fraud risk assessment. These efforts may include identifying mule accounts used to receive funds and device ID or IP address monitoring, based on local privacy laws. Fractions of a second matter when attempting to identify potential fraud and stop it before funds are lost for good.

Learning from fraud attempts

Effective strategies and rules require continuous learning from fraud cases to identify vulnerabilities and strengthen controls. With the likely burden of reimbursement, payment service providers are now heavily incentivized to invest in educating customers on how to identify APP fraud before it happens. Integrated, automated solutions must also be able to quickly adapt to evolving tools and shifting tactics employed by fraudsters.

It’s more important than ever to have effective fraud solutions able to learn and grow alongside your company. Look for a solutions team that addresses the individual needs of your business and uses insight from the market at large to protect against emerging threats.