Authorised Push Payments (APP) Fraud

Learn about Authorised Push Payment (APP) fraud and how can merchants be protected from these growing financial scams.

By Content team

8 min read • Last edited: 14 January 2025

In this article you will find

Authorised Push Payment (APP) fraud is one of the fastest-growing financial crimes in the UK, with over 200,000 victims and a staggering loss of GBP 459.7 million reported in 2023. These scams not only inflict financial hardship on individuals and businesses but also undermine trust in the rapidly evolving digital payment landscape.

APP fraud has become a significant focus for regulators and financial institutions due to its prevalence and devastating impact. In response, the UK government has introduced new regulations to strengthen protections against fraud, ensuring victims are reimbursed promptly and consistently. This article explores the mechanics of APP fraud, the types of scams fraudsters use, and the practical steps merchants can take to protect their businesses and customers.

What is APP fraud?

Authorised Push Payment (APP) fraud occurs when fraudsters manipulate individuals or businesses into willingly transferring funds into accounts they control. Unlike other forms of fraud, where transactions may occur without the victim’s consent, APP fraud leverages trust and deception to gain voluntary authorisation from the victim, making it particularly challenging to detect and prevent.

Fraud has become the most common crime in the UK, and APP fraud constitutes a significant portion of these incidents. In 2022, APP fraud accounted for 40% of the total financial losses due to fraud. This rising trend highlights the need for both awareness and action to combat such scams.

Common types of APP fraud

Purchase scams

Scammers trick victims into paying for goods or services that they never receive. This usually happens online, such as on marketplaces or classified ad websites such as Craig’s List or Gumtree.

The fraud can involve the scenarios of fake listings of desirable products at attractive prices. The victim purchases the item but does not receive anything in return. Additionally, fraudsters frequently impersonate legitimate businesses to appear trustworthy.

Investment scams

People get deceived into investing in fake or high-risk ventures, often with promises of guaranteed profits. Common frauds include Ponzi schemes, which use new investors' money to pay earlier ones, pyramid schemes, fake stocks or cryptocurrencies, and high-pressure sales tactics for worthless investments.

Scammers may also demand upfront fees with the promise of future returns or impersonate real financial firms to gain trust. These frauds can lead to major financial losses, so it is crucial to research thoroughly and be cautious of any investment offering guaranteed returns with minimal risk.

Invoice scams

It involves fraudsters tricking businesses or individuals into paying fake invoices. Scammers often impersonate regular suppliers or service providers, sending invoices for goods or services that were never delivered. The invoices look legitimate, making them easy to fall for.

In some cases, scammers hack into company emails and send fraudulent invoices from real-looking addresses, diverting payments to their own accounts. To avoid losses, it is important to verify the authenticity of invoices and payment details before processing.

Impersonation scams

Fraudsters pretend to be someone else, such as a trusted person, organisation, or authority, to trick individuals into giving away money or sensitive information. Scammers often impersonate bank officials, government agencies, or tech support, convincing victims to make payments, share personal data, or provide access to accounts.

These frauds can happen via phone calls, emails, or text messages, and the fraudsters use convincing tactics to gain trust. To protect yourself, it's important to verify the identity of anyone requesting sensitive information or payments, especially if the request seems urgent or unexpected.

How are they so effective?

Fraudsters often exploit a sense of trust and urgency to pressure their victims into urgent action. By posing as trusted figures, such as bank officials, government agents, or service providers, they create an air of authority that makes their requests seem legitimate. To heighten this effect, they frequently introduce an element of urgency, such as claiming that there’s suspicious activity on the victim’s account or that an overdue payment requires immediate attention. This sense of urgency leaves the victim little time to think critically or verify the situation, pushing them to act quickly, often resulting in a direct transfer of money to the fraudster's account.

Another key tactic used in APP fraud is personalisation. Fraudsters gather personal data about their targets, often through social media, phishing emails, or data breaches, which they use to make their scams more convincing. With access to details like the victim’s name, recent transactions, or even the names of friends and family, the fraudsters tailor their approach to appear highly legitimate. This level of personalisation makes it much harder for individuals to recognise they’re being scammed.

How can merchants avoid APP fraud?

Implement strong verification processes

Merchants should ensure they have robust procedures in place to verify payment instructions, especially for large or unusual transactions. This could include confirming any change in payment details directly with the customer or supplier using a known and trusted contact method, rather than relying solely on email or text message instructions, which could be intercepted or faked.

Educate employees and customers

Providing regular training for employees on how APP fraud works and the common tactics fraudsters use can help reduce the risk. Employees should be trained to spot fraud when there are urgent payment requests or changes in banking details. Merchants can also educate their customers on how to recognise potential fraud, encouraging them to verify any unexpected payment requests or account changes before acting.

Use two-factor authentication (2FA)

Requiring 2FA for account access and payment authorisation adds an extra layer of security. It makes it more difficult for fraudsters to execute scams, as they would need access to both the victim's credentials and their second verification method, such as a mobile phone or security token.

Secure payment systems

Merchants should invest in secure payment systems that incorporate Payment Services Directive (PSD), encryption and anti-fraud technologies. This could include payment gateways that flag unusual or high-risk transactions and systems that automatically cross-check account details for discrepancies. Ensuring that software and security protocols are up to date also helps to safeguard against emerging threats.

Regularly monitor accounts and transactions

By monitoring accounts for suspicious activity, such as unexpected requests to change bank details or unanticipated large payments, merchants can catch potential fraud before it escalates. Keeping track of transactions and establishing clear protocols for investigating any unusual activity can help prevent losses.

Report and share information

If a merchant suspects or experiences APP fraud, it is important to report it to the relevant authorities, such as Action Fraud in the UK. Sharing information about fraud attempts with banks and payment processors can help to build awareness and improve overall security across the financial system.

UK rules and regulations for APP fraud

The Contingent Reimbursement Model (CRM) Code was introduced in 2019 and protects consumers from APP fraud. This Code ensures that financial institutions have a consistent process for reimbursing victims of APP fraud and a unified strategy for preventing and detecting such fraud. While not all UK banks and lenders have adopted the Code, it covers approximately 90% of APP fraud cases in the UK.

This Code has improved reimbursement rates and slowed the rise of APP fraud. For instance, before the Code, APP fraud nearly doubled in a year, whereas last year it only increased by 6%.

In 2023, the Payment Systems Regulator (PSR) announced a new mandatory requirement for all UK Payment Service Providers to reimburse customers who fall victim to APP fraud. The PSR confirmed new rules have taken effect on 7 October 2024.

Key aspects of the PSR’s proposal include:

  • Claim excess: Sending PSPs can apply a claim excess of up to £100 per claim under the new reimbursement rule.
  • Maximum reimbursement: The maximum amount that can be reimbursed for APP fraud claims is set at £415,000 per claim. While the average APP fraud loss which was £2,340 in 2022.
  • No minimum threshold: There is no minimum claim value required for APP fraud victims to receive reimbursement.
  • Time limit for reimbursement: The sending PSP is required to reimburse any eligible APP scam payment to the victim within five business days of receiving the APP claim. However, the sending PSP has the option to invoke a "stop the clock" provision, allowing them to pause the five-business-day reimbursement timeline.
  • >Who the rule applies to: The new rule for reimbursing victims of APP fraud will apply to all providers participating in the Faster Payments Scheme that offer UK-based accounts. These accounts must be able to send or receive payments through the Faster Payments Scheme to qualify for the reimbursement.
  • Cost-sharing arrangement: Reimbursement costs will be shared between the consumer’s bank and the bank used by the fraudster.
  • Conditions for reimbursement: Consumers may be denied reimbursement if they fail to act carefully, such as ignoring fraud warnings from their bank, not reporting fraud promptly, withholding information from the bank, or refusing to allow the bank to report the fraud to the police. However, failing to meet one of these standards alone is not sufficient to deny a claim; banks must demonstrate that the customer acted with gross negligence. Vulnerable consumers are exempt from this condition.

These changes aim to create a more comprehensive and fair process for handling APP fraud across the UK.

How can emerchantpay help?

For fraud prevention, it is crucial to partner with a reliable payment service provider. At emerchantpay, we work with merchants and use advanced fraud prevention tools and over a decade of transaction data to ensure secure payment processing. Our rule-based risk engine monitors traffic, flags suspicious activity, and helps prevent fraud in real-time. This allows you to optimise your payment flow and protect your customers with confidence.

Our commitment to protecting your business from fraud enables you to streamline payment processes and keep your customers secure.

To find out more on how we can help you with fraud protection, get in touch with our team of payment experts today.

Related articles

What are peer to peer (P2P) payments?

If you’ve ever needed to pay someone back for a coffee, for rent and other utilities or split a meal, you might be familiar with peer to [Read more]

18 December 2024

Black Friday payment strategies guide

Black Friday is an annual shopping event known for major discounts and sales. This year in 2024, Black Friday will take place on 29th [Read more]

18 November 2024

How to combat credit card fraud and stay safe

In today's world, card payments offer unmatched convenience, but they also come with hidden security risks. This makes it essential for [Read more]

13 November 2024

We are using cookies to give you the best experience on our site. By continuing to use our website without changing the settings, you are agreeing to our use of cookies. For more information, check out our Cookie policy.
Change settings