What is Authorised Push Payment Fraud? 2024 Changes
Despite increased security and compliance measures, fraud remains rampant, with both consumers and businesses falling victim each day. However, criminals always seem to find ways around these safeguards, despite new regulations and innovative solutions that try to halt fraudsters and protect business funds.
Authorised Push Payment (APP) Fraud is one of the most common types of financial scams. Its popularity is due to its simplicity: APP fraud involves the use of push payments, where the payer sends money directly to a bank account controlled by the fraudster under false pretences. In this article, we will explain in detail what APP fraud is, how to detect it early, and the risks associated with it. Additionally, we will provide examples of how your business can prevent falling victim to these scams using tools and processes.
What is Authorised Push Payment Fraud?
An APP fraud occurs when criminals trick people or businesses into transferring money to a fraudster’s bank account or sharing payment or business information. Fraudsters often manipulate bank account details, leading businesses to inadvertently pay fraudsters instead of legitimate suppliers. The problem with APP frauds is not their sophistication but their prevalence and how difficult it is to stop since the victims need to ‘authorise’ the bank transfer or payment for the scam to actually happen (hence the name).
Some examples include:
Both of these are called malicious payee scams.
As another variant, the malicious redirection scam involves a criminal pretending to be a bank employee and redirecting funds to the criminal’s account.
The Losses from APP Fraud
The losses from APP fraud are alarming, affecting not only individuals and businesses but also the economy as a whole. In the first half of 2023, payment fraud (including APP fraud) is estimated to have reached €2.4 billion in the European Economic Area alone, an increase of 20 to 25 percent annually. The UK seems to be the most affected country, with APP fraud losses reaching a staggering £459.7 million in 2023. This was further broken down into:
New regulations have shifted responsibility for fraudulent transactions from consumers to banks, compelling financial institutions to enhance their security measures.
The reputation of businesses can also be damaged in addition to financial losses. A customer will not return if they feel they have been scammed when transacting with a certain business even though, in reality, they were interacting with a criminal impersonating that business. As social media and online reviews are easy to access, the bad reputation will inevitably spread.
By failing to protect their customers’ data and funds before the actual purchase, companies risk not only money, but also their reputation.
Measures Against APP Fraud in Europe
The European Commission has recently published a draft PSD3 outlining the proposed changes to the Payment Services Regulations. This new directive includes:
Currently, in draft form, the regulation is expected to be published in September 2024 and implemented in 2025.
Changes in the UK Relating to APP Fraud
A contingent reimbursement model was established in 2019 in the UK to combat APP fraud and protect, educate, and reimburse victims. However, it was a voluntary code, with only 10 members representing 19 consumer brands.
Between 2021 and 2022, APP fraud cases decreased by 17%, but the losses from APP scams are still staggering, and regulators felt they needed to take a firmer stance.
The financial industry is under greater pressure to protect its customers’ funds and assets avoid APP fraud. From October 2024, all payment providers (banks, fintechs, and other financial institutions) will be required to reimburse the victims of APP fraud as the Payment Systems Regulator (PSR) implements a mandatory reimbursement program. The split will be 50:50 between receiving and sending Payment Service Providers (PSPs).
This new regulation encourages financial institutions to increase their fraud prevention activities by seeking additional measures and technology solutions.
Changes to Faster Payments
Faster Payments, the UK's most popular payment rail (in 2021, 97% of APP frauds were committed through Faster Payments), is also undergoing major changes. Here's what's happening:
Consequently, all PSPs that use the Faster Payments rail will be affected by the new regulations. Regulators and financial institutions must now balance safety and compliance with fast movement of funds. As a result, financial institutions and payment providers need to update their processes and systems, specifically:
There has been concern among some experts that the new PSR legislative reimbursement amount (£415,000) might encourage fraudsters to target high-value transactions, knowing that victims may be able to recover those funds. There's also concern that the 50:50 split between the receiving and sending PSP could favor larger institutions and cause problems for smaller fintechs that lack the funds to innovate significantly. Since the receiving PSP should have been more thorough with onboarding checks, sharing an equal burden of the cost may feel unfair to the sending PSP, for example, potentially discouraging them from offering future innovations or better payment services.
How Can You Protect Your Business from APP Fraud?
Although regulators and financial institutions are developing processes and systems to protect you from scams, especially APP fraud, you can take several steps to protect yourself:
If you'd like to see how Fyorin can help you deliver fast payments across over 100+ local payment rails and 100+ currencies while keeping your funds safe, don't hesitate to reach out to us by booking a demo or emailing sales@fyorin.com.