What is Authorised Push Payment Fraud? 2024 Changes

Despite increased security and compliance measures, fraud remains rampant, with both consumers and businesses falling victim each day. However, criminals always seem to find ways around these safeguards, despite new regulations and innovative solutions that try to halt fraudsters and protect business funds.

Authorised Push Payment (APP) Fraud is one of the most common types of financial scams. Its popularity is due to its simplicity: APP fraud involves the use of push payments, where the payer sends money directly to a bank account controlled by the fraudster under false pretences. In this article, we will explain in detail what APP fraud is, how to detect it early, and the risks associated with it. Additionally, we will provide examples of how your business can prevent falling victim to these scams using tools and processes.

An APP fraud occurs when criminals trick people or businesses into transferring money to a fraudster’s bank account or sharing payment or business information. Fraudsters often manipulate bank account details, leading businesses to inadvertently pay fraudsters instead of legitimate suppliers. The problem with APP frauds is not their sophistication but their prevalence and how difficult it is to stop since the victims need to ‘authorise’ the bank transfer or payment for the scam to actually happen (hence the name).

Some examples include:

A criminal impersonating a legitimate company or even a government entity (e.g., HMRC)

Offering nonexistent services or products and sending invoices that appear genuine to defraud individuals or businesses

Both of these are called malicious payee scams.

As another variant, the malicious redirection scam involves a criminal pretending to be a bank employee and redirecting funds to the criminal’s account.

The losses from APP fraud are alarming, affecting not only individuals and businesses but also the economy as a whole. In the first half of 2023, payment fraud (including APP fraud) is estimated to have reached €2.4 billion in the European Economic Area alone, an increase of 20 to 25 percent annually. The UK seems to be the most affected country, with APP fraud losses reaching a staggering £459.7 million in 2023. This was further broken down into:

117,170 purchase scams cases - the most popular type of APP fraud

£177.6 million in impersonation scam losses

New regulations have shifted responsibility for fraudulent transactions from consumers to banks, compelling financial institutions to enhance their security measures.

The reputation of businesses can also be damaged in addition to financial losses. A customer will not return if they feel they have been scammed when transacting with a certain business even though, in reality, they were interacting with a criminal impersonating that business. As social media and online reviews are easy to access, the bad reputation will inevitably spread.

By failing to protect their customers’ data and funds before the actual purchase, companies risk not only money, but also their reputation.

The European Commission has recently published a draft PSD3 outlining the proposed changes to the Payment Services Regulations. This new directive includes:

Limited liability on Payment Service Providers for APP fraud

The Confirmation of Payee service will become Verification of Payee for instant payments, where the IBAN and account details must match before payment can be processed. These measures aim to enhance security when consumers transfer money, ensuring that the details match before allowing transactions to prevent fraudulent activities.

Currently, in draft form, the regulation is expected to be published in September 2024 and implemented in 2025.

A contingent reimbursement model was established in 2019 in the UK to combat APP fraud and protect, educate, and reimburse victims. However, it was a voluntary code, with only 10 members representing 19 consumer brands.

Between 2021 and 2022, APP fraud cases decreased by 17%, but the losses from APP scams are still staggering, and regulators felt they needed to take a firmer stance.

The financial industry is under greater pressure to protect its customers’ funds and assets avoid APP fraud. From October 2024, all payment providers (banks, fintechs, and other financial institutions) will be required to reimburse the victims of APP fraud as the Payment Systems Regulator (PSR) implements a mandatory reimbursement program. The split will be 50:50 between receiving and sending Payment Service Providers (PSPs).

This new regulation encourages financial institutions to increase their fraud prevention activities by seeking additional measures and technology solutions.

Faster Payments, the UK's most popular payment rail (in 2021, 97% of APP frauds were committed through Faster Payments), is also undergoing major changes. Here's what's happening:

A stricter oversight of transactions going through Faster Payments, including behavioural biometrics and real-time transaction analysis to detect suspicious activity

To prevent fraudsters from exploiting any loopholes or weaknesses in the system, banks and fintechs are expected to improve the Confirmation of Payee service.

Implementing more rigorous onboarding procedures - some financial institutions may adopt more rigorous onboarding procedures to prevent fraudsters from accessing the Faster Payments rail to use it for illicit activities.

Occasionally, payments are deferred to allow for additional checks instead of being cleared immediately when they are suspicious or higher-risk

Consequently, all PSPs that use the Faster Payments rail will be affected by the new regulations. Regulators and financial institutions must now balance safety and compliance with fast movement of funds. As a result, financial institutions and payment providers need to update their processes and systems, specifically:

Enhancing fraud detection during payment as well as onboarding (KYC)

Improving warnings and interventions to protect customers from potential scams

Developing appropriate reimbursement systems and processes

There has been concern among some experts that the new PSR legislative reimbursement amount (£415,000) might encourage fraudsters to target high-value transactions, knowing that victims may be able to recover those funds. There's also concern that the 50:50 split between the receiving and sending PSP could favor larger institutions and cause problems for smaller fintechs that lack the funds to innovate significantly. Since the receiving PSP should have been more thorough with onboarding checks, sharing an equal burden of the cost may feel unfair to the sending PSP, for example, potentially discouraging them from offering future innovations or better payment services.

Although regulators and financial institutions are developing processes and systems to protect you from scams, especially APP fraud, you can take several steps to protect yourself:

Delegate or implement multi-stage approvals: A payment system that allows multiple team members to verify payments before they go through reduces fraud and unauthorised payments. Even an extra pair of eyes can prevent funds from being misappropriated, even if it slows down the process.

Request additional details: If anything seems suspicious during the payment process, when receiving an invoice, or payment details, request additional details like ID verification to make sure the account holder is who they claim to be. When you are uncertain of the IBAN, the PSP will have Confirmation of Payee in place to match it with the account holder, but you can request additional verification regardless. In addition, if you have not received goods or services yet, you can ask the vendor to accept a deposit first and complete the remainder of the payment upon delivery of the goods.

Make sure your supplier contacts are up to date and synced across different systems: Keeping supplier contacts across multiple, disjointed financial systems can increase fraud risk. Keeping your accounting system and payables system in sync is paramount. Criminals may impersonate existing vendors by providing slightly different email addresses or new bank accounts, claiming that circumstances have changed. A platform like Fyorin, which automatically matches your contacts between the accounting tool and the payment platform, ensures their validity, minimises fraud risk, and ensures smooth and safe fund transfers.

Invest in training: Given frequent changes to regulations and criminals' evolving tactics, training your finance team should not be overlooked. Help them prevent and mitigate payment fraud before the situation gets out of hand by providing them with an understanding of the signs, risks, and recovery processes associated with payment fraud, including APP fraud.

Partner with trusted payment providers and financial institutions: A constantly evolving financial landscape requires you to strike a balance between efficiency and safety. As a way to reduce the risk of APP fraud, you may want to partner with trusted financial providers that can provide fast cross-border and domestic payments and provide additional safety checks such as Confirmation of Payees, additional documentation, and approvals. In addition, these companies are more likely to innovate in response to changing regulations.

If you'd like to see how Fyorin can help you deliver fast payments across over 100+ local payment rails and 100+ currencies while keeping your funds safe, don't hesitate to reach out to us by booking a demo or emailing [email protected].