The definitive guide to combating authorised push payment (APP) fraud

Authorised push payment (APP) fraud is one of the most common types of fraud in the UK, with APP fraud losses totalling nearly 500 million GBP in 2022 alone. APP fraud takes many guises – but in all cases it is traumatic for victims, and reduces trust in the security of the UK banking and payment system.

To tackle this, the Payment Systems Regulator (PSR) in June 2023 set out how mandatory reimbursement should work in the case of APP fraud. From 2024, this means that the liability to compensate victims of APP fraud will be split 50:50 between the financial institution that sends the fraudulent payment, and the receiving institution. This shared liability makes it crucial that all banks and payment companies in the UK understand and tackle the issue effectively, using the most impactful tools, approaches and practices to minimise losses.

Read on for all you need to know, including a look at how innovative tools like Salv Bridge are making it easier for institutions and payment providers to detect and prevent fraud.

What is authorised push payment (APP) fraud?

Authorised push payment fraud (APP fraud) involves a criminal tricking a victim into authorising a payment to them through their bank or a payment service provider.

APP fraud covers many different scenarios in which fraudsters and criminals are able to target and steal from vulnerable victims. Scams range from fairly unsophisticated to very complex – and can be anything from ‘selling’ concert tickets which don’t exist, to impersonating bank staff to request a payment, or posing as a romantic partner asking for financial support.

APP fraud is a global problem which has been described as a fraud ‘epidemic’. Despite customer education and preventative action from banks, APP fraud has continued as more and more customers become comfortable – and reliant on – ecommerce, mobile and online payments, and through the broader expansion of fintech and use of cryptocurrencies. Criminals involved in APP fraud are constantly changing their approaches to stay one step ahead, including taking advantage of challenges involved in detecting fraud in instant payments, such as those being processed as Faster Payments in the UK.

To protect customers and maintain secure banking and payment services, regulators, banks and payment companies all have a duty to focus on preventing APP fraud. This guide walks through what this means in practice, and highlights new commercial tools available to support, such as Salv Bridge.

What are the most common types of APP fraud and scams?

The approaches used by fraudsters are ever evolving, but many APP scams can be broken down into either:

• Malicious payee scams, such as where a victim is tricked into making a payment for goods or services which are not delivered.
• Malicious redirection, such as impersonation of a bank employee to trick a victim into making an internet or mobile banking transfer to a criminal.

Here are some of the most common fraud techniques currently being used, according to the UK Finance’s Half Year Fraud Update for 2023.

Internet banking fraud

Total number of cases, H1 2023: 8,826 cases

Gross loss, H1 2023: 53.4 million GBP

Internet banking fraud can take many different forms, including impersonation scams where criminals pretend to call, email or message victims on behalf of legitimate organisations. The criminal is then able to trick vulnerable victims into handing over sensitive financial data, secure log on information and passwords, which allow them to access a bank account and make a fraudulent transfer.

In other cases, criminals take advantage of remote access software to directly take control of a victim’s account to transfer out funds. Again, these scams may involve impersonation of a legitimate organisation, such as a software engineer calling to support a customer struggling to resolve an IT issue.

Mobile banking fraud

Total number of cases, H1 2023: 8,078 cases

Gross loss, H1 2023: 18.7 million GBP

Similar to internet banking fraud, mobile banking fraud involves criminals using stolen or compromised banking details to log into banking apps and make unauthorised transfers.

Mobile banking fraud figures are split out from those committed through a desktop log in, which are captured in the internet banking fraud. As more and more customers prefer to manage their money using their phones, this is a category of APP fraud that’s on the rise. There was a 32% rise in the number of cases reported in 2023 compared to the year before, incurring a 17% increase in gross losses year on year.

Purchase scam

Total number of cases, H1 2023: 76,946 cases

Gross loss, H1 2023: 40.9 million GBP

In the first half of 2023, purchase scams remained the most common form of APP scam – in fact, the numbers of purchase scams so far in 2023 are the highest since UK Finance started to collect data in 2020.

Purchase scams generally involve a victim paying in advance for goods or services that never arrive. Victims are often targeted on social media or marketplace web platforms. Even if the web platform has a secure payment method, the criminal can persuade them to step outside of this system and pay by an alternative method such as a direct bank transfer.

In H1 2023, payment service providers returned 63% of the value lost by victims of purchase scams.

Investment scam

Total number of cases, H1 2023: 5,112 cases

Gross loss, H1 2023: 57.2 million GBP

While the overall number of victims of investment scams is lower than for purchase scams, it’s notable that the value lost is higher. This form of scam involves criminals persuading or tricking victims to move their money to an investment vehicle which does not ultimately exist. Victims may be subject to cold calls, social media messages and mail, and offered returns on investment which are higher than realistic to persuade them to hand over their money.

This form of scam peaked in 2021 during the Covid pandemic and has subsequently started to fall, but is still a serious concern in the UK.

Impersonation

Total number of cases, H1 2023: 5,979 cases of impersonating police or bank staff; 12,061 cases of other impersonation

Gross loss, H1 2023: 43.5 million GBP lost in cases of criminals impersonating police or bank staff; 32.6 million GBP lost in other impersonation cases

Impersonation fraud can be fairly sophisticated, with fraudsters taking time to research and target victims, using information gathered from previous data breaches to make their approach seem legitimate. A large proportion of these cases involve criminals impersonating police or bank staff and tricking the victim into making a transfer from their account. In fact, a huge 18% of all APP scam losses in the first half of 2023 were down to impersonation of police or bank staff.

Luckily, recent progress in customer education and increased use of warning messages during the payment journey are starting to bring down the levels of this form of scam.

Romance scam

Total number of cases, H1 2023: 2,120 cases

Gross loss, H1 2023: 18.5 million GBP

In a romance scam, a fraudster poses as a love interest using a fake profile, often on social media or dating websites.

Over time, they persuade the victim that they are in a relationship, and start to ask for money to be transferred to their account. Because of the nature of these scams, frequent payments may be made, which means this is the form of APP scam which involves the highest number of individual transfers per identified victim. Victims may not instantly realise they’ve been involved in fraud, allowing the criminal to continue to request money over a long period of time.

Advance fee scam

Total number of cases, H1 2023: 12,239 cases

Gross loss, H1 2023: 15.1 million GBP

Advance fee scams are the second most common type of APP fraud. In this scenario, the victim is tricked into making a fairly small payment to a criminal in the hope and expectation of getting more back in the end. The payment may be made to access an inheritance or as an administration fee to unlock an investment for example. In either case, the reward never arrives, and the victim is left out of pocket.

What are the challenges with APP fraud reporting?

The latest PSR’s APP fraud performance report, released in October 2023 highlights some key challenges that are slowing progress on resolving fraud cases – and reducing criminal’s ability to commit APP fraud in the future. Key issues include:

• Communication difficulties as both the financial institution sending a payment, and the recipient institution hold vital pieces of the information jigsaw, fast and effective communication is essential
• Disagreements on the scope of APP fraud, where institutions disagree on whether a payment is in scope, this causes further delays and distress for victims. Having agreed definitions to help assess potential APP fraud cases is required
• Fraudsters spot and exploit weak systems and controls. Criminals can exploit variations in the level of control and anti-fraud measures in place from different PSPs, creating important loopholes which must be closed

Addressing these issues will improve consistency of outcome for customers, and reduce opportunity for criminals to commit APP fraud in the future.

New requirements for APP fraud reimbursement

The PSR has confirmed new requirements for APP fraud reimbursement, which tackle some of the key issues and underlying factors discussed above. From January 2024, the liability for reimbursement will be split evenly between the sending and receiving institution. This approach aims to create a step change across all banks and payment providers to improve fraud prevention and resolution approaches.

APP fraud may be in the spotlight for 2024, but it’s certainly not a new issue. As we’ve already highlighted, APP fraud losses in 2022 came to almost 500 million GBP, accounting for 40% of total losses to fraud over the year. While banks and payment services are taking steps to prevent APP fraud and to educate their customers, the increasing number of digital payments being processed, and the continual evolution of scam techniques and approaches prove this is an issue which is not going away any time soon.

How national authorities address APP fraud

The National Fraud Strategic Authority (NFSA) oversees the strategy to tackle fraud and rebuild trust in the UK. This plan which was updated in May 2023, set out ambitious aims to reduce fraud significantly within the current parliament through 3 major approaches:

• Disrupting criminals involved with fraudulent activities and bringing them to justice
• Preventing fraud at source by blocking scam calls and messaging
• Empowering people to identify and report scams and fraud then they see them

The government’s approach is cross-departmental and involves efforts to improve consistency of approach and communication on both domestic and international levels. This work is ongoing in Q4 2023 – there are, however, commercial solutions that address different aspects of the issue, which are available to institutions in the UK today.

Existing solutions to tackle APP fraud

Some commercial solutions are already available and established, to help banks, and payment institutions detect and prevent fraud. However, many of the commercial solutions are either focused on a specific geography or a specific payment network. That limits their application for large enterprise banks and payment providers, which offer multiple payment options across a global scale.

Some, such as the tools available from the Mastercard Intelligence Center, focus on helping providers make data driven decisions to prevent fraud, with payment analytics, benchmarks and insights. Others, like the SWIFT Stop and Recall service, deal with the post-transaction fraud recall process – allowing payment providers to quickly stop suspicious payments to check for fraud.

The new reality, however, calls for a more comprehensive solution that would fill the gap between risk-based prevention and the recall process for confirmed fraud.

Salv Bridge: a new approach to the recovery of funds

Salv Bridge is a platform for collaborative investigations which offers a new approach to the recovery of funds lost to APP fraud.

With Salv Bridge, fincrime investigation teams across multiple institutions can communicate securely, allowing them to join forces and work in a network to prevent fraud, share information on bad actors, and recover funds. Salv Bridge is a GDPR-compliant solution, underpinned by advanced encryption. That guarantees that neither Salv nor any third party can access the sensitive information shared within the platform.

Using Salv Bridge cuts out the extensive time delay caused by waiting for confirmation of fraud. This delay can mean that funds are unrecoverable. Having tools to enable the recovery of funds based on a high level of suspicion instead goes beyond fraud detection, bridging the gap between risk-based prevention and recall for confirmed fraud.

Salv Bridge introduces a critical dimension to the detection and prevention of fraud, and it has been effectively operational across borders and across various industry sectors in the EU and the UK. The results speak for themselves. Large banking groups, fintechs, and VASPs report increasing the success of recovery of funds up to 80% with Salv Bridge.

---

This guide covers all the key questions, including: what is APP fraud? How does APP fraud reimbursement work at the moment and how will PSR mandatory reimbursement change this? Now you’ve got the full picture, it’s time to make a difference.

APP fraud is in the spotlight thanks to the move to mandatory fraud reimbursement from January 2024. It’s not a new issue, but as more and more customers move to online and mobile payments, with an ever-increasing number of PSPs and fintech solutions available to them, it’s one that requires urgent focus from financial institutions in the UK. National-level initiatives will not be enough to prevent the emotional distress and financial harm caused by APP fraud. But new approaches like Salv Bridge can help.

By using advanced and secure communication channels to work together instead of in isolation, Salv offers large banking groups, fintechs and VASPs new ways to protect customers, boost trust, defeat fraudsters and recover lost funds. Learn how Salv Bridge is making a difference, today.

Salv Bridge

Investigate and solve fraud, and increase recovery rates up to 80% with Salv Bridge

Learn more