What is authorized push payment (APP) fraud?
APP fraud is a type of scam where criminals trick individuals or businesses into sending money to a fraudulent account. The fraudulent actors might use various methods to gain the trust of their victims, such as posing as a legitimate company or person, or using social engineering tactics to persuade a victim to transfer money.These are to be distinguished from non-authorised frauds such as when a victim’s account is hacked and their personal details are stolen by fraudsters and used to defraud them.
As the volume of online transactions continues to grow in every sector, businesses globally are increasingly concerned about the rising risk of APP fraud. The latest figures show £239.3 million was lost to APP scams in the first half of 2023, which comprised £196.7 million of personal losses and £42.6 million of business losses.
Examples of APP fraud
There are a variety of common tactics and approaches APP scammers use:
Purchase scams
When fake or non-existent items are advertised for sale.The customer see an advert online for something that looks legitimate, but the link takes you to a bogus website.
Advance fee scams
When fake companies ask for an upfront fee but then don’t provide the service you’ve paid for. For example, after a job interview, you're offered a job and told you need to pay a fee to cover background checks or a training course.
Impersonation scams
A scammer pretends to be the police, a bank, a friend or business, to convince you to send money to their fraudulent account.
Invoice fraud
Fraudulent actors send fake invoices to businesses or individuals, requesting payment for goods or services that were never provided into the scammer’s account.
Investment scams
Scammers promise high returns on investments and request money to be transferred to a fraudulent account.
Romance scams
When someone pretends to be interested in a romantic relationship with you. They gain your trust and then request money to be transferred to a fraudulent account.
CEO fraud
A scammer may pretend a CEO or high-level executive of a company and send an email requesting an urgent payment to be made to a supposed supplier(fraudulent account).
Tech support scams
A victim might receive a pop-up message on their computer warning them of a virus and requesting payment to remove it, which leads them to a fraudulent website where they are asked to enter their payment information.
How can businesses/customers protect themselves from APP fraud?
There are several practices/effective security measures that can be used to protect against APP fraud:
Verify requests
They should verify any requests for payment, especially those that are unexpected or from an unfamiliar source. This verification can be done through phone calls, emails, or other methods of communication.
Use secure payment methods
They should use secure payment methods, such as card payments or bank transfers that require two-factor authentication, when conducting transactions.
Monitor accounts
Their accounts should be monitored for any suspicious activity and they are notified immediately if any unauthorized transactions are detected.
Implement fraud prevention measures
To implement fraud prevention measures, such as transaction limits, antiphishing filters, and fraud detection software, to help prevent APP fraud.
Be wary of phishing scams
The scammers may pretend legitimate businesses or individuals to trick people into providing personal or financial information. Don’t click on links or download attachments in suspicious emails, texts, or messages.
Protect personal information
They should protect their personal and financial information, such as login credentials, payment card details, and Social Security numbers, by using strong passwords, enabling two-factor authentication, and not sharing their information with anyone they don’t trust.
Keep software up-to-date
They should keep their software and devices up-to-date with the most recent security patches and antivirus software to protect against malware and other cyber threats.
Report incidents
Businesses should report any incidents of APP fraud to the bank and the relevant authorities, such as the police or financial regulators, to help prevent similar scams in the future.
