Introduction
Push payments contribute to easier and more efficient payment processing. Although they speed up the payment process for merchants and their consumers, fraudsters are starting to abuse this system by deceiving customers to authorize push payments. Merchants must increase their effort to combat authorized push payment (APP) fraud attempts and protect their ecommerce business and customer relationships.
In this article, learn about authorized push payment fraud, the methods fraudsters use, and ways to prevent it to avoid losses.
What Is APP Fraud?
Authorized push payment fraud happens when criminals deceive individuals and businesses to willingly authorize push payments to their accounts. Alternatively, the fraudsters obtain account information from their victims and perform the push payments themselves. With his type of fraud, the perpetrators frequently pose as trusted organizations such as banks and businesses.
Push payments are irreversible, and cardholders cannot dispute them after they have been authorized. APP fraud cannot be resolved through a chargeback either since the cardholders authorized the payment and it is almost impossible to prove that deception took place. All of this makes authorized push payment fraud an increasingly popular way of deceiving individuals and businesses.
Note: The term “authorized push payment fraud” is generally limited to the United Kingdom. In the U.S. this type of fraud is usually distinguished by the tactics the fraudsters use (e.g., social engineering) rather than the payment type. The U.S. Federal reserve has created a helpful online tool called the Fraud Classifier Model to help consumers and merchants identify fraud types.
APP Fraud Losses
Authorized payment fraud cases are expected to double in the next four years, reaching a staggering $5.25 billion globally. This represents a steady growth of over 20% each year.
Back in 2021, online banking was hit with losses of over $715 million due to authorized payment fraud in the U.K. alone. According to a 2022 report, 75% of all online payment fraud cases came from trusted devices and accounts, meaning they were a consequence of some form of APP fraud.
How Does APP Fraud Work?
In one of the more common APP fraud scenarios, the criminals start by informing the cardholder that their account is in danger and they should immediately move their money to a safe location. Fearing they will lose money, the cardholder transfers funds to the criminal’s account.
Fraudsters can also assume the identity of an organization that the individual or merchant works with, such as a building contractor, utility company, or supplier.
Another scheme is for the APP fraudsters impersonate a financial institution or law enforcement to gain the cardholder’s trust and get them to reveal their account information. They then transfer the money out of the accounts themselves, typically dividing it into smaller amounts to avoid raising any suspicion.
The victims of APP fraud are not only individuals but businesses as well. Fraudsters will target employees in the accounts payable departments by impersonating trustworthy individuals (e.g., managing directors) or organizations and tricking them into authorizing payments.
One of the major reasons why APP has become widespread is the growth of real-time payments. The fact that this payment type is instantaneous and irreversible, makes it ideal for abuse. Furthermore, the speed at which transfers occur enables fraudsters to cover their tracks.
Authorized Push Payment Fraud Examples
The authorized push payment fraud can be divided into two groups on the basis of the tactics the criminals employ to steal their victims’ money.
Social Engineering
Fraudsters pretend to be trusted individuals to trick the cardholder to authorize a push payment. There are many examples of social engineering:
- Phishing. Involves tricking the cardholder to reveal account information by clicking on the malicious attachment or a pop-up received via email or text.
- Romance scams. An online romantic partner claims to be in trouble or in need of money to travel and meet the victim in person.
- Investment scams. These come in the form of investment offers that sound too good to be true, often backed up by a sense of secrecy or urgency.
- Invoice scams. The criminal sends an invoice for something the cardholder has already paid for, or claiming that the payment details have changed, hence the new invoice.
- Home renovation scams. The criminals find a home renovation site and send the owners an invoice claiming to be a contractor or repairman.
- New bank details scams. The cardholder receives an email or text claiming their bank information has been compromised and suggesting they change it immediately to protect their money.
Account Takeover
In an account takeover, fraudsters gain unauthorized access to a cardholder’s account by acquiring their personal information through hacking, data breaches, or by tricking them to reveal the information themselves. After breaking into the cardholder’s account, they transfer their money into their accounts, often without raising any red flags.
How Can Merchants Combat APP Fraud?
There are several ways to combat authorized push payment fraud and merchants should work to protect both themselves and their customers.
Raise Awareness among Customers and End the Stigma
Merchants need to clearly outline the circumstances under which they will request push payment authorization from customers. They can also add warning notes in their communications that will help customers identify suspicious messages.
A lot of businesses have fine-tuned the art of frequently warning customers about fraud attempts without overwhelming them. This is done through pop-ups or email footers that remind them how to recognize APP fraud as they are about to authorize a push payment.
Many customers hesitate to report they fell victim to APP fraud due to shame, especially in cases of romance scams. Merchants in the online dating business should make the effort to raise awareness among their customers and work on removing the stigma of being an APP fraud victim.
Educate Your Staff and Monitor Communication
Merchants need to educate their staff on how to recognize and report APP fraud attempts. Employees need to know that they may be targeted through phishing and spoofing to reveal sensitive data, possibly causing irreparable financial and reputation loss.
Managers also need to communicate clearly to employees who can authorize push payments and in which situations.
As an added level of protection, merchants should monitor communication within their organization to spot potential threats. This is especially important when an exchange begins from an outside source.
Conclusion
Authorized push payment fraud is a common way to deceive customers by tricking them to authorize a push payment to a fraudster’s account. APP fraud is challenging to detect and impossible to dispute since the cardholders themselves authorize the payment. However, there are solutions that help merchants combat APP fraud and protect their customers and finances.
