New technologies present opportunities for businesses to reach customers and conduct transactions. So-called “push” payments, or buyer-initiated purchases, are one example.
Of course, fraudsters are always looking for ways to exploit new technologies and engage in criminal activity. As a result, we’ve observed a substantial surge in Authorized Push Payment (or “APP”) fraud in recent years.
What is Push Payment Fraud?
Push payment fraud occurs when cybercriminals deceive consumers into authorizing payments under false pretenses. In an APP scam, fraudsters impersonate trusted entities such as banks or utility providers and convince individuals to authorize payments without proper scrutiny.
Regrettably, cunning fraudsters are already exploiting the system. APP fraud, although seemingly low-tech, is remarkably effective in depriving cardholders and merchants of their money.
APP scams fundamentally rely on confidence tricks. Any scam incorporating a “human element” may be considered a form of APP fraud. A recent report by ACI Worldwide highlights that it is among the most prevalent types of fraud worldwide.
The term “APP fraud” is predominantly used in the UK, while in the US, the tactics used are often referred to by their methodology, such as social engineering tactics.
How Does Push Payment Fraud Work?
APP fraudsters initiate their scams by researching potential victims. They meticulously create scenarios designed to manipulate individuals into approving payments or divulging sensitive account information.
Some common methods employed by fraudsters include:
Fraudsters impersonating trusted individuals, such as billing department representatives, contact cardholders directly. They use targeted personal details to persuade the cardholder to alter their account information. Consequently, when the cardholder attempts a push payment, the funds are redirected to the fraudster’s account instead of the merchant’s.
Fraudsters pose as merchants and send counterfeit invoices to cardholders. Assuming the invoice is genuine, the cardholder makes the requested payment, which is then redirected to the fraudster. Phishing often involves sending fake invoices to numerous cardholders in hopes that some will fall for the scam.
Fraudsters obtain partial or complete cardholder information, either by theft or purchasing it on the dark web. They then use this information to execute push payments to their own accounts.
Understanding APP Fraud: Common Examples
Push payment fraud is a significant concern for your merchant clients. From a criminal’s perspective, the goal of APP fraud is to persuade a victim to transfer money by impersonating a trusted and familiar entity. This impersonation can involve posing as a merchant, employer, government agency, or even a personal friend.
To better understand the issue, let’s examine a few real-world examples of how APP scams might occur:
These scams target individuals personally. The fraudster pretends to be a trusted friend or relative, convincing the victim to deposit money into an unrelated account. Common excuses include needing money for an overdue bill or having forgotten login details for a vital account.
Victims may receive counterfeit invoices resembling those from a child’s school or fake bills from utility companies or service providers, for example. Or, they may get personal ads, dating app scams, or confidence scams where fraudsters pretend to have a relationship with the individual.
Home Renovation Scams
Fraudsters exploit home renovations, which are often substantial investments, as an opportunity for substantial financial gain. Using fake invoices with a contractor’s letterhead and details, the fraudster sends false payment information to the homeowner.
The information provided for routing payment will direct the funds to the fraudster’s account, rather than the genuine contractor’s. Then, once payment is made, the criminal disappears.
New Account & Supplier Scams
If a fraudster has access to a consumer’s email address, they may send a fake payment request and use spoofing techniques to make the consumer believe the invoice comes from the company’s billing department. This can be especially challenging if auto-billing is enabled.
Merchants can also be targeted. The fraudster merely needs to convince someone in the company’s billing department that they are a legitimate account provider, allowing the scam to continue until the company identifies it.
Property Purchase Scams
Fraudsters can take advantage of consumers looking to purchase property. Scammers may pose as mortgage brokers or bank loan officers or operate without the knowledge of other parties. In either case, the scammer intercepts communications, alters relevant payment details, and hijacks the payment to reroute funds to their own account. This type of APP fraud can be especially financially devastating for consumers.
The Impacts of APP Fraud
Authorized push payment fraud is on the rise globally, with the number of incidents increasing each year.
UK Finance reported that losses from APP fraud reached £479 million in 2020; a 22% increase from the previous year. As more countries adopt real-time payment systems, the potential for APP fraud is expected to grow, making it an urgent issue for banks and merchants.
For merchants, falling victim to APP fraud can result in significant revenue losses and damage to their reputation. Customers who have experienced fraud may be reluctant to do business with the affected merchant in the future. This underscores the importance of merchants partnering with acquiring banks that prioritize fraud prevention and have robust security measures in place.
APP fraud can also negatively impact the reputation of banks. When merchants lose revenue, these losses reverberate throughout the payment chain, eventually hurting banks’ bottom lines.
Plus, when customers lose money due to fraud, they may associate the bank’s brand with the incident, leading to a decline in trust and potential loss of business. Therefore, it is essential for banks to invest in advanced fraud detection and prevention technologies and work closely with merchants to mitigate the risk of APP fraud.
Industry Collaboration Required
Tackling APP fraud requires a collaborative approach between banks, merchants, payment networks, and law enforcement agencies. In the UK, the Contingent Reimbursement Model (CRM) Code was introduced in 2019 to encourage banks to take more responsibility for protecting customers from APP fraud and reimbursing victims. This highlights the growing urgency of addressing the issue across the entire financial ecosystem.
The financial losses associated with APP fraud are increasing at an alarming rate. In 2021, UK Finance reported £583.2 million in losses, representing a 74% increase from the previous year. These statistics emphasize the need for banks and merchants to take swift action to combat APP fraud and protect their customers.
Ultimately, the rising prevalence of APP fraud makes it an urgent issue for acquiring banks and their merchant clients. By investing in advanced fraud prevention technologies, collaborating with industry stakeholders, and educating customers about the risks, banks and merchants can work together to mitigate the threat of APP fraud and safeguard their reputation and revenue.
How Can Banks Push Back?
Acquiring banks and their clients can fight authorized push payment (APP) fraud by implementing a multi-layered approach that combines robust security measures, advanced technologies, employee training, and collaboration with industry stakeholders.
Here are some strategies acquiring banks can employ to combat APP fraud:
Strong Authentication and Verification
Implement strict authentication and verification processes for transactions, including multi-factor authentication, biometrics, and secure customer identification methods.
Real-Time Transaction Monitoring
Use advanced systems to monitor transactions in real time, enabling early detection of unusual activities or suspicious patterns that may indicate fraudulent behavior.
Machine Learning & Artificial Intelligence
Leverage AI and machine learning algorithms to analyze vast amounts of transaction data, identify potential risks, and predict fraudulent activities more accurately.
Employee Training & Awareness
Regularly train employees to recognize the various tactics used in APP fraud and educate them on best practices for handling sensitive information and maintaining secure communication channels.
Collaboration With Industry Stakeholders
Partner with other banks, payment networks, merchants, and law enforcement agencies to share information, best practices, and insights about emerging fraud trends and tactics.
Provide customers with resources and guidance on how to identify and avoid APP fraud, such as recognizing phishing attempts, verifying the identity of a caller, and using secure methods to confirm payment details.
Robust Cybersecurity Measures
Ensure the bank’s systems and networks are protected with strong encryption, firewalls, intrusion detection, and other cybersecurity tools to safeguard sensitive data and mitigate potential breaches.
Implement Fraud Detection & Prevention Solutions
Invest in sophisticated fraud detection and prevention solutions that can detect and block fraudulent transactions before they are completed.
Swift Incident Response
Develop and maintain a well-defined incident response plan to handle potential cases of APP fraud efficiently and effectively, minimizing the impact on customers and the bank.
Regularly review and update security measures, policies, and procedures to stay ahead of evolving fraud tactics and emerging threats in the payment landscape.
The Bottom Line
The rising prevalence of push payment fraud makes it an urgent issue for acquiring banks and their merchant clients. By investing in advanced fraud prevention technologies, collaborating with industry stakeholders, and educating customers about the risks, banks and merchants can work together to mitigate the threat of APP fraud and safeguard their reputation and revenue.