Protecting Against Authorized Push Payment (APP) Fraud

As online transactions continue to surge across industries, concerns over authorized push payment (APP) fraud are growing among businesses worldwide. During the first half of 2022, APP fraud constituted a staggering 75% of all digital banking fraud. This type of fraud poses serious risks to both businesses and their customers, leading to financial losses, reputational damage, and erosion of trust.

To counter the evolving tactics of fraudsters, businesses are actively seeking strategies to mitigate APP fraud risks and ensure the security of their customers’ financial information. This not only involves the implementation of robust security measures but also extends to educating customers about how to avoid falling victim to scams.

In this article, we will delve into the concept of APP fraud, explore various forms it can take, and provide insights into effective strategies that businesses and customers can employ to thwart fraudulent activities.

What is APP Fraud?

APP fraud involves scams in which criminals manipulate individuals or businesses into transferring funds to fraudulent accounts. Fraudsters employ diverse techniques to gain victims’ trust, often by masquerading as legitimate entities or individuals. 

Unlike other types of fraud, APP fraud entails victims willingly authorizing fund transfers, frequently through online banking or phone conversations. This makes recovery challenging and can result in substantial financial losses for victims.

As APP fraud continues to rise, financial institutions are implementing countermeasures. However, businesses and individuals must remain vigilant and adopt precautionary measures to safeguard themselves against these scams.

Examples of APP Fraud

APP fraud manifests in various ways, with fraudulent actors utilizing an array of tactics:

  • Impersonation Scams

Fraudsters pose as legitimate entities and request victims to transfer money to fake accounts. For instance, they may impersonate a bank employee and claim there’s an issue with the victim’s account, demanding a payment for resolution.

  • Invoice Fraud

Fraudulent actors send fabricated invoices to companies or individuals, requesting payment for nonexistent goods or services. Companies may receive invoices for services they never ordered, leading to payments to fraudulent accounts.

  • Investment Scams

Fraudsters promise high investment returns, persuading victims to transfer money to fictitious accounts. Examples include Ponzi schemes that promise lucrative returns on cryptocurrency investments.

  • Romance Scams

Fraudsters build relationships on online dating platforms and request funds to be transferred to fraudulent accounts. The notorious Nigerian prince scam is an example, where fraudsters impersonate wealthy individuals and request money for various reasons.

  • CEO Fraud

By posing as CEOs or high-ranking executives, fraudsters coerce victims to transfer funds to fake accounts. For instance, a scammer might impersonate a CEO and request an urgent payment to a supposed supplier.

  • Social Engineering

Social engineering uses psychological manipulation tactics. Fraudsters use impersonation techniques such as impersonation. They assume the identity of big companies to get them to surrender account information, and login details, or authorize payments.

  • Phishing

Phishing scams are prevalent. Fraudsters impersonate the identity of a trusted institution via email or text to get the victim to click on a link or download harmful files. Once the user opens the link/file, the fraudsters can access and collect their personal information.

  • ATO

ATO or Account Takeover Fraud is when a criminal takes control of an account that belongs to an individual or organization to cause harm or steal money. One of the most common methods is when a fraudster uses a hacked social media account to ask the victim’s friend to send money.

  • Confidence Scams

These scams work when a fraudster gains someone’s trust to access their account or manipulate them into handing over money. Usually, it involves a romantic angle or a business opportunity. 

  • Tech Support Scams

Fraudsters masquerade as tech support personnel, demanding payment to resolve fictitious computer issues. Victims receive pop-up messages prompting them to make payments to remove nonexistent viruses.

Protecting Customers Against APP Fraud

Businesses bear the responsibility of implementing effective security measures to safeguard customers against APP fraud. This involves educating customers about fraud risks, verifying payment requests, utilizing secure payment methods, monitoring accounts, implementing fraud prevention measures, and promptly reporting incidents to authorities.

Customers also play a pivotal role in protecting themselves against APP fraud:

  • Verify Requests: Customers should verify payment requests, especially those from unfamiliar sources. Authenticity should be confirmed before authorizing any transfer.
  • Use Secure Payment Methods: Secure payment methods requiring two-factor authentication, such as card payments or bank transfers, should be favored. Avoid cash or insecure money transfer services.
  • Beware of Phishing Scams: Customers should exercise caution regarding phishing scams, refraining from clicking links or downloading attachments in suspicious emails or texts.
  • Protect Personal Information: Strong passwords, two-factor authentication, and prudent sharing of personal and financial data are essential safeguards.
  • Keep Software Updated: Regular updates to software and devices help guard against malware and cyber threats.

Fraud Detection and Prevention Tools

Advanced tools like Stripe Radar and secure payment hardware, such as Stripe Terminal, empower businesses to prevent APP fraud by offering:

  • Real-time Transaction Monitoring: Stripe Radar monitors transactions in real-time to detect anomalies and high-risk activities, enabling swift intervention.
  • Behavioral Analytics: Behavioral patterns are analyzed to identify unusual activities and potential fraudulent actors.
  • Two-factor Authentication: Secure payment hardware ensures dual authentication before transactions are authorized.
  • Data Encryption: Payment hardware and software use encryption to protect sensitive customer information.
  • AI-based Fraud Detection: Machine learning and AI algorithms detect patterns and anomalies to identify potential fraud.

Role of Liability Sharing in APP Push Fraud

The UK Payment Systems Regulator (PSR) made the news when they announced the 50/50 liability proposal and published their APP Fraud Performance Report. While the UK made the news the most, the proposal is not just limited to the UK and we’re seeing several countries across other regions. Several regions taking regulatory steps to fight scams that are enabled by real-time payments.

Several countries are taking steps to implement data sharing among one another to prevent fraud. The UK has taken the highest steps compared to other regions with the 50/50 Liability Announcement. It’s only a matter of time before other countries start implementing similar regulations. This is already apparent with the Monetary Authority of Singapore’s proposed framework for liability sharing.

Pros and Cons of Liability Sharing

Uncover more mule accountsReputational damage & customer switching.
Reduce scam lossesIncrease in opportunistic and first-party fraud.
Better customer protectionMore financial exclusion

With better data sharing among several regions, financial institutions (FIs) can make more accurate decisions to prevent fraudsters from opening a mule account.

Moreover, businesses will be able to judge better if a new customer account is part of a mule network. However, with the reporting comes potential risks. Above all, data sharing will lead to reputational damage to organizations that were hacked or attacked. Customers will better understand how well their financial institution protects them and how likely a particular institution is to be attacked.

Another benefit of sharing information between financial institutions and cross-industry collaboration is that it leads to a significant reduction in scam losses. 

The ability to highlight certain red flags on specific fraudulent transactions in real time can significantly reduce the risk of fraud. The enforced reimbursement of customers opens the door for first-party fraud. Account holders can claim that they were victims of a scam when they’re trying to scam the system. 

The focus of the regulation is to protect the victims of scams and more customers will be safeguarded. FIs will need to prove that the customer purposefully was a part of the scam to be reimbursed. 

Final Take

By fostering collaboration between businesses and customers and promoting awareness of emerging threats, APP fraud can be effectively curbed. As both parties unite to combat fraud, they enhance security measures and reduce vulnerability.


Five Key Fraud Management and Assessment Strategies

In today’s digital landscape, businesses with an online presence often encounter fraud or potential fraud. As cybercriminals employ advanced techniques like ‘synthetic identities,’ organizations seek comprehensive approaches to fraud and risk management. To effectively combat fraud, businesses are adopting holistic fraud risk management strategies.

Fraud risk management entails evaluating fraud risks within an organization and designing an anti-fraud program to preempt fraudulent activities. This involves identifying inherent and potential fraud risks and implementing measures to detect and prevent both internal and external fraud.

Statistics indicate that companies worldwide lose an average of 5% of their gross revenue to fraudulent activities. Given this substantial impact, businesses must proactively address fraud risk to prevent its escalation within their operations.

Fraud risk management also carries legal implications, as non-compliance can result in severe penalties for both organizations and employees. The “Yates Memo” of 2015 spotlighted corporate wrongdoing and held individuals accountable for knowing of misconduct within their organization.

Key Factors in Fraud Risk Assessment

Here are the five key principles of an effective fraud risk management strategy:

1. Fraud Risk Assessment

Understanding organizational vulnerabilities is the first step in fraud prevention. A comprehensive risk assessment helps analyze the specific risks that a company faces due to its complexity, scale, products, and market exposure. It examines various risk types, their likelihood, and associated costs.

The assessment encompasses internal and external factors. Employees’ interactions with company resources, senior management communication, and external threats should be scrutinized.

Defining a risk-tolerance limit quantifies risks and guides the development of a strategy that prioritizes risks exceeding the limit.

2. Fraud Risk Governance

Embedding fraud management into the corporate culture is essential. Stakeholders must embrace new procedures and comprehend the severity of fraud risks. Effective Governance includes:

  • Clear strategy communication for upper management and a fraud risk manager
  • Delegated roles and responsibilities
  • Whistleblower procedures
  • Internal audit measures
  • Investigation process description and corrective actions
  • Fraud awareness tools and techniques

Appointing a designated leader responsible for the entire fraud risk management program ensures cohesive communication, training, and adjustments.

3. Fraud Risk Prevention

A proactive approach involves deploying fraud detection tools at the onboarding stage to verify identity. This strategy applies to customers, employees, and vendors, preventing fraudulent individuals from embedding themselves within the organization.

The primary goal is to stop fraud before it occurs. Frequent risk assessments and internal controls are crucial. Over time, the organization may modify its prevention program, potentially avoiding certain activities or transferring risk to other parties.

4. Fraud Risk Detection

Controls and reporting mechanisms employed for prevention can also aid detection. Controls, implemented across various organizational layers, alert employees to potential fraud. Clear understanding and timely assessment of controls are imperative.

Reports play a critical role in detecting fraud by identifying variances and suspicious behavior. These reports should contain essential details, including timestamps. A streamlined process for flagging fraud ensures prompt action while safeguarding sensitive information.

5. Monitoring and Reporting

Fraud risk management is a continuous process that necessitates monitoring and reporting on the first four principles. Regular assessment evaluates successes, identifies blind spots, and highlights areas for improvement.

Transparency is vital in communicating outcomes to stakeholders. Regular reviews of legal requirements ensure compliance.


In summary, clarity is the common thread running through these five principles. A thorough risk assessment establishes the foundation, and clear governance ensures alignment across the organization.

Collaboration and culture underpin fraud prevention, while effective detection relies on transparent controls and reporting. Consistent monitoring and reporting sustain a robust fraud management system.

A well-integrated fraud risk management strategy shields organizations from financial losses, fraudulent activities, and legal repercussions.


What is fraud management, and why is it important?

Fraud management refers to the set of processes, tools, and strategies used by organizations to detect, prevent, and mitigate fraudulent activities. It’s important because fraud can lead to financial losses, damage to reputation, and legal consequences for businesses and individuals.

What are the primary goals of fraud management?

The main goals include identifying fraudulent activities, preventing fraud from occurring, reducing fraud-related losses, and maintaining compliance with legal and regulatory standards.

What are fraud assessment strategies, and how do they differ from fraud management?

Fraud assessment strategies involve evaluating the potential risks and vulnerabilities within an organization’s operations that could lead to fraud. This is a proactive step to identify areas of weakness and implement preventive measures. Fraud management, on the other hand, deals with ongoing activities to detect and respond to actual instances of fraud.

What are some common methods used for fraud assessment?

Common methods include conducting risk assessments, internal audits, and vulnerability assessments to identify weak points in an organization’s processes that could be exploited for fraudulent activities.


Top 5 Compliance Trends to Watch in 2023

In past years, the rising pressure for financial crime professionals, whether they work in AML, fraud prevention, or cybersecurity. It is getting harder and harder to keep up with growing compliances.

For businesses looking to safeguard themselves from fraud, keeping up with compliance trends is crucial. Here are the top compliance trends to watch out for in 2023.

Growing Compliance Trends in 2023

1. Financial Crime Extending to Other Industries

Financial services is the most highly regulated industry, especially in the areas of crimes like money laundering, bribery and tax evasion, and other types of crimes.

Regulatory bodies all across the world are making new controls to make it harder for criminals to conduct crimes. This has pushed criminals to use other industries to conduct money laundering crimes.

Some other industries include:

  • Real estate
  • Luxury goods
  • Sports
  • Precious metals
  • Gems and Jewelry
  • Casinos gambling, and others

With growing awareness of financial crimes, regulators are mandating KYC and AML regulations across all high-risk industries.

The U.S., EU, UAE, and India are leading the industry in this space. Fincrime risk assessments for a variety of potential crimes, such as fraud, money laundering, corruption, and others.

2. SWIFT Migration to ISO20022 Will Drive Enhanced Screening

SWIFT’s migration to ISO20022 payment standard for cross-border payments and reporting has been in operation since March 2023.8.16.

With this sudden change, the new payment messages will have richer and more structured data than current MT formats.

Most FIs are currently facing issues with payment screening match accuracy, resulting in a deluge of false alerts while carrying a risk of missing true alerts.

As SWIFT shifts to new standards, FIs will have to enhance their screening process and matching rules by adopting targeted screening of cross-border payments.

3. Instant Payments Require Monitoring

Instant payments have become the norm in several companies. Beneficiary accounts are being credited within a few seconds, so it increases the risk of fraud.

IMPS in India, Faster Payments in UK, and Osko in Australia are the best examples of Instant payments.

EU laid out the foundation in 2017 for instant Euro payments within EU countries. The speed of payments is a crucial factor that is loved by fraudsters. This forces FIs to implement real-time screening and fraud detection systems.

The financial industry is looking to shift money laundering checks to monitoring to create reports for law enforcement to a real-time mode to identify payments that seem suspicious. 

FIs need to strike a balance between fraud prevention and customer experience. Achieving the highest level of accuracy and reducing fraud levels has to be the priority of financial institutions.

4. Adoption of Data & AI Solutions for Compliance

A lot of financial institutions struggle with fraud prevention relying on legacy solutions. Manual processes and fragmented data don’t paint the complete picture and are inaccurate in preventing fraud.

Crimes are getting more complex, higher volume and velocity of payments and growing regulatory obligations make it challenging to prevent crimes.

Regulators advice financial institutions to use advanced technologies which has led to a rapid growth of RagTech solutions. The number of FIs that have implemented new technologies is still small but they have shown promising results.

In coming years, the implementation of data-driven AI solutions will keep on rising, such as:

  • Biometric-based smart identification, verification, and authentication.
  • Natural language processing (NLP)-powered contextual screening and adverse media checks.
  • Network graphs for criminal linkage and corporate structure/beneficial ownership.
  • Machine learning for detection of fraud, money laundering, bribery & corruption, human trafficking, environmental crimes, and others.

5. Focus on Crypto Crime Prevention

Another compliance trend that’s on the rise is crypto crime prevention. This year’s crypto market was plagued by multiple storms and endless regulatory framework developments.

The crypto industry is still recovering from the impact of serious crimes that took place in 2022.

While the overall transactional value of crypto is much smaller compared to fiat currency, the rising adoption of crypto paired with an increasing rate of crime has begun to scare regulators.

During 2022, FATF also expanded the Travel Rule recommendation to include VASP reporting requirements. 

The EU also approved the MiCA Regulation in 2022 to protect businesses against crypto-based money laundering and other crimes.


Why Are AI-Based Document Verification Solutions Becoming Weaker?

Artificial intelligence (AI) allows computers to make human-like decisions, making certain processes more efficient. AI technology has improved a lot in recent times and it powers a lot of things such as self-driving cars, and facial recognition. Recently, AI has been applied to online identity verification and online document verification solutions. While the incorporation of AI brings in a lot of benefits, AI solutions are slowly falling prey to sophisticated techniques used by fraudsters. AI-Based solutions are slowly failing in comparison to other online document verification solutions.

The Growth of ID-Based Transactions

Banking, healthcare, government, and other industries use ID verification and authentication to verify accurate information about their customers and prevent ID fraud. Digital banking transactions are growing rapidly in correspondence to customer needs, with the rise of digital banking comes online fraud. As fraudulent transactions continue to rise, it is vital for businesses to choose strong document verification solutions.

Most businesses choose to opt for AI-based online document verification solutions. Artificial Intelligence is a part of machine learning which makes it possible to verify and authenticate identities. Machine learning-based solutions keep learning from the data they have access to. This helps organizations to keep track of their performance.

Fraudsters can easily feed wrong data to a bank’s online ID and online document verification solutions which can make them obsolete over time. To keep the AI-based online document verification solutions efficient in detecting fraud, the developers have to keep making changes according to new fraud trends.

Machine Learning for ID Proofing

Machine learning is definitely an efficient tool for differentiating between real and fraudulent IDs. Computer software is constantly learning and correcting itself and can process tons of transactions at a rate that can’t be achieved by humans.

However, IDs are physical documents often affected by wear and tear and may feature manufacturing discrepancies. If the model for failing IDs is based on a few samples, AI-based solutions won’t be able to recognize different types of IDs. This is one of the main weaknesses of AI-based online document solutions.

A blend of AI and Human Touch for Better Solutions

Trained professionals who use AI-based solutions can step in to prevent the failure of AI solutions because a document is torn or worn out. During instances where solutions fail to identify a fake identity, a document expert can check for the mistakes made by a document verification solution. However, the whole point of using an automated solution is to reduce the time spent on human document verification.

The best way to use AI-based online document verification technology is to blend them with a touch of humans. Businesses want to be able to improve the customer experience during the customer onboarding process. A good ID verification solution will help you achieve that, but a weak algorithm-based online document verification solution will just increase the error rate. Fraudsters can easily take advantage of those weak points which leads to identity theft, money laundering, and stealing.

What Makes DIRO’s Online Document Verification Solutions Different?

DIRO’s proprietary online document verification technology takes the document verification process a bit beyond the normal norms. Banks, financial organizations, and other organizations can use DIRO’s technological solutions to verify all kinds of online documents from all over the globe.

DIRO can verify documents like:

  • Driver’s license
  • Passport
  • Insurance papers
  • Bank statements
  • Bank account holder information
  • Utility bills (Electricity bill, Water bill, Cable bill, landline, or telephone bill)
  • Tax assessment online
  • Lease agreement online
  • Mortgage statement online
  • Government authority online
  • College enrollment online and much more.

DIRO online document verification technology provides 100% proof of authentication. The technology also places online verified documents on the blockchain to make the information immutable.

DIRO’s Technology vs AI-Based Solutions

DIRO’s Online Document VerificationAI-Based Document Verification
Verifies document data by comparing information right from the original web source.Verifies document data using machine learning.
Can verify any type of online document.Can have problems verifying old documents with wear and tear.
Verifies online documents instantly.Can take a few minutes based on the technologies applied.
Can verify documents from all over the globe.Not all AI-based solutions are built to verify online documents from all over the globe.
Provides 100% proof of authentication.Not all AI-based solutions offer proof of document authentication.
Place documents on the blockchain to secure customer information.Requires huge servers for customer information storage.
Can’t be tempered by feeding the wrong data.AI-based solutions are easy to tamper with by fraudsters with constant access to fake data.

Usually, most online document verification solutions aren’t as efficient as they should be. AI-based online document verification solutions, if not used ideally can cause more loss than profits for businesses. DIRO’s online document verification solutions bypass that barrier by being capable of verifying documents instantly with 100% proof of authentication. This leads to increased user experience and rate of customer onboarding.