Protecting Against Authorized Push Payment (APP) Fraud

As online transactions continue to surge across industries, concerns over authorized push payment (APP) fraud are growing among businesses worldwide. During the first half of 2022, APP fraud constituted a staggering 75% of all digital banking fraud. This type of fraud poses serious risks to both businesses and their customers, leading to financial losses, reputational damage, and erosion of trust.

To counter the evolving tactics of fraudsters, businesses are actively seeking strategies to mitigate APP fraud risks and ensure the security of their customers’ financial information. This not only involves the implementation of robust security measures but also extends to educating customers about how to avoid falling victim to scams.

In this article, we will delve into the concept of APP fraud, explore various forms it can take, and provide insights into effective strategies that businesses and customers can employ to thwart fraudulent activities.

What is APP Fraud?

APP fraud involves scams in which criminals manipulate individuals or businesses into transferring funds to fraudulent accounts. Fraudsters employ diverse techniques to gain victims’ trust, often by masquerading as legitimate entities or individuals. 

Unlike other types of fraud, APP fraud entails victims willingly authorizing fund transfers, frequently through online banking or phone conversations. This makes recovery challenging and can result in substantial financial losses for victims.

As APP fraud continues to rise, financial institutions are implementing countermeasures. However, businesses and individuals must remain vigilant and adopt precautionary measures to safeguard themselves against these scams.

Examples of APP Fraud

APP fraud manifests in various ways, with fraudulent actors utilizing an array of tactics:

  • Impersonation Scams

Fraudsters pose as legitimate entities and request victims to transfer money to fake accounts. For instance, they may impersonate a bank employee and claim there’s an issue with the victim’s account, demanding a payment for resolution.

  • Invoice Fraud

Fraudulent actors send fabricated invoices to companies or individuals, requesting payment for nonexistent goods or services. Companies may receive invoices for services they never ordered, leading to payments to fraudulent accounts.

  • Investment Scams

Fraudsters promise high investment returns, persuading victims to transfer money to fictitious accounts. Examples include Ponzi schemes that promise lucrative returns on cryptocurrency investments.

  • Romance Scams

Fraudsters build relationships on online dating platforms and request funds to be transferred to fraudulent accounts. The notorious Nigerian prince scam is an example, where fraudsters impersonate wealthy individuals and request money for various reasons.

  • CEO Fraud

By posing as CEOs or high-ranking executives, fraudsters coerce victims to transfer funds to fake accounts. For instance, a scammer might impersonate a CEO and request an urgent payment to a supposed supplier.

  • Social Engineering

Social engineering uses psychological manipulation tactics. Fraudsters use impersonation techniques such as impersonation. They assume the identity of big companies to get them to surrender account information, and login details, or authorize payments.

  • Phishing

Phishing scams are prevalent. Fraudsters impersonate the identity of a trusted institution via email or text to get the victim to click on a link or download harmful files. Once the user opens the link/file, the fraudsters can access and collect their personal information.

  • ATO

ATO or Account Takeover Fraud is when a criminal takes control of an account that belongs to an individual or organization to cause harm or steal money. One of the most common methods is when a fraudster uses a hacked social media account to ask the victim’s friend to send money.

  • Confidence Scams

These scams work when a fraudster gains someone’s trust to access their account or manipulate them into handing over money. Usually, it involves a romantic angle or a business opportunity. 

  • Tech Support Scams

Fraudsters masquerade as tech support personnel, demanding payment to resolve fictitious computer issues. Victims receive pop-up messages prompting them to make payments to remove nonexistent viruses.

Protecting Customers Against APP Fraud

Businesses bear the responsibility of implementing effective security measures to safeguard customers against APP fraud. This involves educating customers about fraud risks, verifying payment requests, utilizing secure payment methods, monitoring accounts, implementing fraud prevention measures, and promptly reporting incidents to authorities.

Customers also play a pivotal role in protecting themselves against APP fraud:

  • Verify Requests: Customers should verify payment requests, especially those from unfamiliar sources. Authenticity should be confirmed before authorizing any transfer.
  • Use Secure Payment Methods: Secure payment methods requiring two-factor authentication, such as card payments or bank transfers, should be favored. Avoid cash or insecure money transfer services.
  • Beware of Phishing Scams: Customers should exercise caution regarding phishing scams, refraining from clicking links or downloading attachments in suspicious emails or texts.
  • Protect Personal Information: Strong passwords, two-factor authentication, and prudent sharing of personal and financial data are essential safeguards.
  • Keep Software Updated: Regular updates to software and devices help guard against malware and cyber threats.

Fraud Detection and Prevention Tools

Advanced tools like Stripe Radar and secure payment hardware, such as Stripe Terminal, empower businesses to prevent APP fraud by offering:

  • Real-time Transaction Monitoring: Stripe Radar monitors transactions in real-time to detect anomalies and high-risk activities, enabling swift intervention.
  • Behavioral Analytics: Behavioral patterns are analyzed to identify unusual activities and potential fraudulent actors.
  • Two-factor Authentication: Secure payment hardware ensures dual authentication before transactions are authorized.
  • Data Encryption: Payment hardware and software use encryption to protect sensitive customer information.
  • AI-based Fraud Detection: Machine learning and AI algorithms detect patterns and anomalies to identify potential fraud.

Role of Liability Sharing in APP Push Fraud

The UK Payment Systems Regulator (PSR) made the news when they announced the 50/50 liability proposal and published their APP Fraud Performance Report. While the UK made the news the most, the proposal is not just limited to the UK and we’re seeing several countries across other regions. Several regions taking regulatory steps to fight scams that are enabled by real-time payments.

Several countries are taking steps to implement data sharing among one another to prevent fraud. The UK has taken the highest steps compared to other regions with the 50/50 Liability Announcement. It’s only a matter of time before other countries start implementing similar regulations. This is already apparent with the Monetary Authority of Singapore’s proposed framework for liability sharing.

Pros and Cons of Liability Sharing

Uncover more mule accountsReputational damage & customer switching.
Reduce scam lossesIncrease in opportunistic and first-party fraud.
Better customer protectionMore financial exclusion

With better data sharing among several regions, financial institutions (FIs) can make more accurate decisions to prevent fraudsters from opening a mule account.

Moreover, businesses will be able to judge better if a new customer account is part of a mule network. However, with the reporting comes potential risks. Above all, data sharing will lead to reputational damage to organizations that were hacked or attacked. Customers will better understand how well their financial institution protects them and how likely a particular institution is to be attacked.

Another benefit of sharing information between financial institutions and cross-industry collaboration is that it leads to a significant reduction in scam losses. 

The ability to highlight certain red flags on specific fraudulent transactions in real time can significantly reduce the risk of fraud. The enforced reimbursement of customers opens the door for first-party fraud. Account holders can claim that they were victims of a scam when they’re trying to scam the system. 

The focus of the regulation is to protect the victims of scams and more customers will be safeguarded. FIs will need to prove that the customer purposefully was a part of the scam to be reimbursed. 

Final Take

By fostering collaboration between businesses and customers and promoting awareness of emerging threats, APP fraud can be effectively curbed. As both parties unite to combat fraud, they enhance security measures and reduce vulnerability.