In 2022, an estimated 93% of the UK adult population will use some form of online banking. Today, online banking and the rise of P2P payment platforms have made it easier than ever for UK residents to pay bills, deposit cheques, and check the balance of their various accounts online. Unfortunately, all of this added convenience comes at a major cost in the form of APP (Authorized Push Payments) fraud.
Today, there’s no question that APP fraud is a national crisis in the United Kingdom. Last year, losses from APP fraud totaled a staggering £583 million. With fraud increasing 39% from the previous year, APP scams are “now the biggest fraud threat to British businesses and consumers, having made up over half of all scams that took place through 2021.”
In a recent webinar, Chris Parker, Fraud Analytics Product & Threat Lead at NatWest Group joined Prove to discuss APP fraud in detail. Watch the on-demand webinar here or keep reading for an overview of APP fraud.
APP is an abbreviation for an Authorized Push Payment. To understand how this specific scheme works, it’s best to break down the concept word-by-word.
When you imagine the classic fraud scenario, you’re probably picturing fraud via unauthorized payments. Unauthorized payments or charges occur when a bad actor steals a victim’s credit card credentials, for instance, to make purchases without the victim’s knowledge or consent. If a fraudster stole your credit card information via a skimmer and then used the information to purchase luxury goods, for example, that would be an unauthorized payment.
Fraudulent authorized transactions, on the other hand, are a bit more complicated because they involve the knowledge of the victims. In these scenarios, a fraudster will “socially engineer” or fool a victim into transferring funds to the fraudster’s account under false pretenses. As its name suggests, APP fraud involves authorized payments.
Here’s the distinction between push and pull payments, according to gocardless.com:
“Push payments describe any method where the customer must take the action to initiate payment. In other words, the payer is in control, pushing the funds to a destination account. Pull payments describe any method where the business can take money from the customer without approval for every single transaction. In this case, the payee is in control, pulling funds into their own account.”
Examples of push payments include cash, checks, and bank transfers while pull payments include ACH debit or direct debit payments, automated card payments, and automated digital wallet payments. Because APP fraud is a push payment, the funds are nearly impossible to track once the victim approves the transaction.
To commit APP fraud, bad actors must convince victims to push funds. Unlike fraud that involves unauthorized payments, there’s a distinctly psychological component to APP fraud. Fraudsters cajole, confuse, and manipulate victims sometimes for months on end to defraud them. There are several common ways in which a fraudster will socially engineer or trick a victim into initiating an authorized push payment under pretenses. In Prove’s on-demand webinar Fighting APP Fraud and Scams in 2022, Chris Parker, Fraud Analytics Product & Threat Lead at NatWest Group, describes a few of the most common forms of socially engineering in the UK:
Because of the complex nature of this fraud vector, no one solution will stop all APP fraud. There are, however, a handful of strategies that financial institutions can and should implement:
First, there’s education. In the Fighting APP Fraud and Scams in 2022 webinar, Chris Parker highlights the important work of the United Kingdom’s Take 5 campaign. It encourages residents to take a moment before parting with their money to consider fraud risks. Because fraudsters are experts at rushing victims with fictitious deadlines and unmerited urgency, it’s important to slow down before approving any money transfers. Unfortunately, fraudsters are so skilled at manipulation that education is not enough. Even individuals who believe they are scam-savvy can still be socially engineered into falling for APP fraud. That’s why more technical fixes are also critical.
There’s a whole host of fixes that can be implemented by financial institutions both in the UK and abroad to stop APP scams.
In the Fighting APP Fraud and Scams in 2022 webinar, Chris Parker emphasizes that it’s important not to simply add a warning message to every single transaction because users will stop noticing the messages altogether. A better way to fight APP scams is to deliver warning messages only before high-risk transactions to really grab the user’s attention when it matters most.
Another great tip is to begin phasing out OTPs (one-time passcodes) and replacing them with more secure Instant Links. Instant Link is a second-factor authentication (aka, “proof of possession check”) service that allows a client to issue a clickable link embedded in an SMS. Unlike an OTP it verifies the possession and trustworthiness of a user’s phone. This prevents a host of sophisticated and common forms of fraud, including account takeover (ATO) fraud. Instant Links help prevent APP fraud because, unlike passcodes, they can’t be easily shared by the victim to the fraudster under false pretenses.
Rates of APP fraud are at a crisis level in the United Kingdom. Every day, new victims part with their hard-earned money. News stories about victims losing their life savings to fraudsters damage the public’s trust in digital banking and increase calls for tighter regulations. To protect both their customers and their bottom line, banks and other financial institutions can leverage both educational campaigns and new technology to prevent APP fraud.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.