ClickCease

Fighting Authorized Push Payment Fraud in the UK

Prove
August 27, 2021

Authorized Push Payment (APP) fraud is possibly one of the hardest fraud vectors to tackle. An advanced form of social engineering, APP fraud has been on the rise globally, causing significant financial losses to consumers. In its 2020 report on financial fraud, UK Finance reported close to 150,000 incidents of APP fraud in the UK, an unprecedented 22% increase over the previous year, draining consumers almost half a billion pounds. Impersonation scams accounted for most of these incidents. In 2023, the UK’s Payment Systems Regulator (PSR) has mandated severe penalties for banks that allow APP fraud.


APP Fraud – Modus Operandi


Fraudsters impersonate authorized service representatives of trusted firms such as banks and trick unsuspecting consumers into transferring money into accounts under their control. The exponential rise in real-time digital payments has been a critical driver in the rise of APP fraud globally. Since real-time payments cannot be revoked and the settlement is instantaneous, it has been the most attractive vehicle for criminals to execute APP fraud.




How to Spot Ongoing APP Fraud


Understanding the consumer's digital behavior during the course of a transaction is key to preventing APP fraud. Several risk indicators point to a consumer being manipulated into performing a fraudulent activity. Here are some:


  1. Lengthy calls: Widespread in APP fraud; long calls while making an online financial transaction is a common indicator of the consumer being socially engineered. Various industry estimates by carriers in the UK indicate that a high percentage of APP fraud events have an active call that overlaps the event.
  2. Network usage and call patterns that seem to match typical patterns associated with fraudulent activities.
  3. Device usage patterns such as typing and handling the phone that appear different from the typical usage patterns followed by the user.


The Contingent Reimbursement Model (CRM) code in the UK sets out the standards to protect consumers from APP fraud and reimburse them for financial losses. However, while the code is essential from a consumer protection perspective, it can do little to prevent the occurrence and repeat of the same fraud for a consumer. Therefore, the industry and participating organizations need to collaborate and implement innovative technologies to tackle APP fraud.


Steps to Tackle APP Fraud


Using behavioral biometrics in identity verification and authentication is an effective way to counteract APP fraud. Behavioral biometrics can score the authenticity of a user based on insight gathered by analyzing hundreds of device usage and behavioral parameters. Apart from thwarting the most advanced types of impersonation fraud, behavioral biometrics provides a frictionless way of authentication, ensuring no deprecation in user experience.


Considering the fact that a high number of APP fraud incidents are associated with long overlapping voice calls, industry participants are now collaborating to track phone usage in real time at the time of a transaction or digital engagement to determine if the consumer has been socially engineered into performing a sensitive transaction.


Companies must invest in strong possession checks that are an upgrade on legacy 2FA practices such as SMS-based OTPs. For example, instant links provide higher immunity to 2FA interception than OTPs and ensure the flexibility to check if the transaction is being completed where it began—a case often violated when the customer is socially engineered to share credentials with a criminal.


Conclusion


In the UK, there’s been a strong push to include financial fraud within the scope of the Online Safety Bill to ensure consumer protection, fight terror financing, and stop the exploitation of the vulnerable sections of the society. Technology companies need to take the onus upon them to ensure that fraudsters do not have it easy. However, effective tackling of a complex fraud like APP can only happen with the government, technology providers, and the online consumer entities coming together to collaborate.

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.


Share
Tweet
Share
Tags:
Fintech Lending
Tags:
EU

Keep reading

See all blogs
Developer Blogs
Integrating Customer Due Diligence Workflows: Challenges and Solutions for Developers

Learn how customer due diligence (CDD) verifies onboarded customers to keep your product secure.

Rajkumar Venkatasamy
April 3, 2025
Developer Blogs
Developer Blogs
Introducing the Prove Developer Portal

Learn about the new Developer Portal and how it can help developers implement identity verification.

Alec Pomnichowski
April 1, 2025
Developer Blogs
Developer Blogs
How to Streamline Identity Verification with Minimal User Friction Using KYC Software

Learn how to streamline identity verification with KYC software while maintaining a seamless user experience.

Samuel Umoren
March 21, 2025
Developer Blogs

Let us Prove it
Talk to an expert today

Let's talk
Legal & CompliancePrivacy PolicyTerms of ServiceExercise Your RightsTrademark GuidelinesDo Not Sell or Share My InformationStatement on Combating Modern SlaveryManage Cookie Preference
© Prove Identity, Inc. All Rights Reserved.

Policy Notice

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Cookie Preferences
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.