How Can Banks Stop Authorized Push Payment Fraud?

The UK introduced Authorized Push Payment (APP) fraud protections effective in October 2024, resulting in £61.1 million in reimbursements to consumers in Q3 2025 alone. These losses affect both consumers and banks. And criminals continue to innovate, expanding their arsenal of scam tactics thanks to AI. It’s imperative that banks go on the offensive in the fight against scams.

Deploy AI and Machine Learning – the Scams Model

PSD2 and Strong Customer Authentication have made life more difficult for fraudsters. Extra identity checks on payment transactions make it difficult for them to use stolen credentials to make payments. They have therefore turned their attention to crime where they can circumvent identity checks – by tricking consumers into making the payments themselves.

However, just because the legitimate customer is making the payment does not mean that their behavior has not been altered or coerced by the fraudster, and sophisticated machine learning models can detect this.

Typical fraud detection models are not effective in detecting scams, where the transaction is initiated on the customer’s device from an authenticated account. FICO’s award-winning Scams Detection Model uses sophisticated analytic features and targeted profiling to differentiate and identify scam transactions from traditional fraud transactions.

Look Out for APP Fraud Signals – Develop the Rules

The decisions made in fraud detection directly correlate to the depth and quality of data available. In many instances, banks have a limited number of variables they can consider in a fraud risk assessment. Widening the scope and breaking down silos can improve decisions.

Consider this scenario: a customer is making an initial payment to a new beneficiary. They have indicated it’s for an investment and the sum is a relatively large amount of $5,000. The bank flags this as potential fraud and stops the payment. The customer however is not happy since they were trying to make a payment into their retirement account before the annual tax deadline – and now they’ll miss it. With more contextual data, the bank could make a different and more customer-friendly decision. For example, is the payee account one that other customers have paid into on a regular basis? Has this payee account been receiving payments over a long period of time? Are payments to this beneficiary usually of a relatively large value? This extra context may well alter the decision, allowing the payment to proceed and the customer to meet the deadline and get their tax rebate this year.

Because fraudsters change their modus operandi, the signals for fraud also change. The amounts paid, type of payee account, and profile of the beneficiary account will be different for a scam that is leveraging a personal relationship, such as a romance scam compared to an investment scam. These variables constantly change, and sufficient flexibility is required in how the rules that manage risk are authored and adapted dynamically once the characteristics of a new fraud or scam type are identified.

Communicate with Customers About Scams

Consumer education is an important tool that banks can leverage to help customers protect themselves. A FICO survey found that nearly half of consumers ranked providing more warnings about scams as the most or second-most impactful action their banks could take to protect them. And

Getting communications right is not only about stopping fraud; it’s about customer experience. Holding a customer’s payment can impact customer experience when that payment is legitimate. The good news is that 75% of US consumers would feel positive if their bank proactively declined a real-time payment that had been identified as part of a scam.

No Silver Bullet for APP fraud

Authorized push payment fraud is a complex issue that manifests in many different forms with individuals, businesses, and the banks themselves as victims. A layered approach where all parties play their part is the best way to cut back on losses. Consumers and businesses must be educated and aware of scams and banks must use the tools available to identify APP fraud.

How FICO Can Help You Prevent APP Fraud

• Learn about our fraud scams model
• Find out about FICO Customer Communications for Fraud, which helps financial institutions build trust through low-friction, self-service fraud resolution
• Read more about authorised push payment fraud

This is an update of a post from 2022.