What Is Authorised Push Payment Fraud?
The advent of real-time payment schemes, such as Faster Payments in the UK, has made push payments more attractive to criminals because they can quickly take the money and run
Understanding Authorised Push Payment Fraud
Authorised push payment fraud has been made more attractive to criminals since the advent of real-time payment schemes. In the UK, Faster Payments were launched in 2008 and enabled the first wave of APP scams, but today real-time payment schemes are a reality worldwide. Schemes such as PIX in Brazil, the New Payments Platform in Australia and the July 2023 launch of FedNow in the USA make real-time payments and unfortunately real-time payments fraud a reality.
This type of fraud is on the rise – but what is it? And who are the victims?
Authorised push payment fraud, also known as APP fraud, or APP scams happens when fraudsters deceive consumers or individuals at a business to send them a payment under false pretences to a bank account controlled by the fraudster. As payments made using real-time payment schemes are irrevocable, the victims cannot reverse a payment once they realise they have been conned by a fraudulent party. The Which Super Complaint in 2016 was a wakeup call to the UK banking industry. Steps such as the contingent reimbursement model and the confirmation of payee service have led to improvements. However, authorised push payment fraud continues to regularly hit the UK headlines and now other countries are rapidly experiencing the same fraud issues.
The approach taken by the fraudsters is not new. They use social engineering techniques and may hack into email and other systems to set up their victims. These methods of attack are used to perpetrate a wide range of attacks; however, with authorised push payment fraud scammers can trick victims into using real-time payment schemes to transfer the money to them. As more consumers and businesses adopt simple ways to send money in real time the pool of potential victims increases, a trend accelerated by the COVID-19 crisis pushing more people to use online banking. Real-time payments also lower the risk for fraudsters, as money is transferred instantly, fraudsters can move payments through multiple accounts in a process of layering to launder the proceeds of the fraud and make tracing them more difficult.
These criminals are devious and clever, and fraud victims cannot simply be written off as gullible fools. As real-time payment schemes can be used to transfer large sums of money, there is a need to employ layered fraud protection across all products and channels used to manage real-time payments.
Types of APP Scams
Authorised push payment fraud schemes are many and varied, some common attack types include:
Attacks on Individuals
- Paying an invoice that looks exactly like one from their child’s school – but turns out to be from a fraudster and sends the money to the fraudster’s bank account.
- Sending payment for work done by a tradesperson such as a carpenter or a builder who’s been working on your house, only to find that you have acted based on an email that came from a fraudster pretending to be your legitimate contractor.
- Confidence tricks such as romance scams, or the infamous ‘Hey Mum’ scam, where people are tricked into sending money to criminals they believe they have a personal relationship with.
Scams Targeting Property Transactions
This kind of fraud can affect any property purchase, whether by an individual or a business. In fact, the conveyancing solicitors may also end up as victims of payment fraud. Property purchase fraud occurs when criminals intercept the email chain between sellers, buyers, estate agents and solicitors. Once the communications are intercepted, the fraudsters change the payment information related to transfer of funds so that payments are diverted to the fraudsters’’ account. With property transactions, the sums involved are likely to be large and falling victim can be life-changing.
Fraudsters Intercepting Supplier Payments
Also known as fake invoice fraud, this scheme is similar to the APP attacks made on individuals, but the victims are businesses. Using a combination of interception and social engineering techniques to obtain information, fraudsters are able to convince businesses to change bank account details, getting their victims to replace the account number of the legitimate suppliers with their own. When the business later goes to pay an invoice from their supplier, they are instead sending it to a fraudster.
Authorised push payment fraud is notoriously difficult for banks to prevent. Because the victim is sending the money themselves, the steps that banks take to authenticate customers are ineffective, as the customer will of course pass any identity check.
In the UK, the Payments Systems Regulator has stepped in — the contingent reimbursement model is being expanded and liability for scams is to be shared by both the payer and payee bank. The confirmation of payee service is also being expanded, and data sharing to detect more fraud is being explored by industry bodies such as UK Finance. The forthcoming PSD3 regulation in Europe and the accompanying Payment Services Regulation (PSR) signal a new era of tighter oversight, increased liability, and elevated expectations for consumer protection.
It's notable that despite the long history of issues in the UK, new real-time payment schemes are still launched in many countries without these safeguards in place. UK Faster Payments is a case study for both success in mass adoption of a real-time payments scheme and a salutary tale of the impact of fraud when necessary controls aren’t in place – will other countries learn from it?
How Can FICO Help?
FICO helps financial institutions to detect and prevent APP fraud in several ways:
- An award-winning scam detection score that uses AI and machine learning to detect a scam is being attempted.
- Scam Signal Detection Service - telco data about mobile phone behavior is used by FICO Platform to produce a score on the likelihood a scam is in progress.
- Customer communications – FICO Platform’s multi-channel, two-way communications capabilities enable highly tailored yet automated communication strategies. This helps customers recognize the risks particular to the transaction they are making and so breaks the spell of the fraudster.
How FICO Helps You Stop More Fraud
- Explore how FICO helps fight fraud, regardless of channel or portfolio
- See how Customer Communications Services for Fraud engages customers in real time to disrupt a variety of fraud typologies
- Learn how real-time customer communication can be a competitive differentiator across the entire customer lifecycle
- Review what to do if you fall for a scam
Note: This is an update of a post originally published in December 2017.
Popular Posts
Business and IT Alignment is Critical to Your AI Success
These are the five pillars that can unite business and IT goals and convert artificial intelligence into measurable value — fast
Read more
Average U.S. FICO Score at 717 as More Consumers Face Financial Headwinds
Outlier or Start of a New Credit Score Trend?
Read more
FICO® Score 10 T Decisively Beats VantageScore 4.0 on Predictability
An analysis by FICO data scientists has found that FICO Score 10 T significantly outperforms VantageScore 4.0 in mortgage origination predictive power.
Read moreTake the next step
Connect with FICO for answers to all your product and solution questions. Interested in becoming a business partner? Contact us to learn more. We look forward to hearing from you.