Authorized Push Payment (APP) fraud is possibly one of the hardest fraud vectors to tackle. An advanced form of social engineering, APP fraud has been on the rise globally, causing significant financial losses to consumers. In its 2020 report on financial fraud, UK Finance reported close to 150,000 incidents of APP fraud in the UK, an unprecedented 22% increase over the previous year, draining consumers almost half a billion pounds. Impersonation scams accounted for most of these incidents.
Fraudsters impersonate authorized service representatives of trusted firms such as banks and trick unsuspecting consumers into transferring money into accounts under their control. The exponential rise in real-time digital payments has been a critical driver in the rise of APP fraud globally. Since real-time payments cannot be revoked and the settlement is instantaneous, it has been the most attractive vehicle for criminals to execute APP fraud.
Understanding the consumer's digital behavior during the course of a transaction is key to preventing APP fraud. Several risk indicators point to a consumer being manipulated into performing a fraudulent activity. Here are some:
The Contingent Reimbursement Model (CRM) code in the UK sets out the standards to protect consumers from APP fraud and reimburse them for financial losses. However, while the code is essential from a consumer protection perspective, it can do little to prevent the occurrence and repeat of the same fraud for a consumer. Therefore, the industry and participating organizations need to collaborate and implement innovative technologies to tackle APP fraud.
Using behavioral biometrics in identity verification and authentication is an effective way to counteract APP fraud. Behavioral biometrics can score the authenticity of a user based on insight gathered by analyzing hundreds of device usage and behavioral parameters. Apart from thwarting the most advanced types of impersonation fraud, behavioral biometrics provides a frictionless way of authentication, ensuring no deprecation in user experience.
Considering the fact that a high number of APP fraud incidents are associated with long overlapping voice calls, industry participants are now collaborating to track phone usage in real time at the time of a transaction or digital engagement to determine if the consumer has been socially engineered into performing a sensitive transaction.
Companies must invest in strong possession checks that are an upgrade on legacy 2FA practices such as SMS-based OTPs. For example, instant links provide higher immunity to 2FA interception than OTPs and ensure the flexibility to check if the transaction is being completed where it began—a case often violated when the customer is socially engineered to share credentials with a criminal.
In the UK, there’s been a strong push to include financial fraud within the scope of the Online Safety Bill to ensure consumer protection, fight terror financing, and stop the exploitation of the vulnerable sections of the society. Technology companies need to take the onus upon them to ensure that fraudsters do not have it easy. However, effective tackling of a complex fraud like APP can only happen with the government, technology providers, and the online consumer entities coming together to collaborate.
To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.