Fraudsters take advantage of people's natural tendency to trust one another, and one of their favourite method is Authorized Push Payment (APP) Fraud.
Although real-time push payments are not commonly used in American markets, countries such as the United Kingdom have already begun to adopt this new paradigm for merchant payments. Acquiring banks and other voices in the domestic payments industry have been touting the benefits of push payments, and merchants assessing its benefits and drawbacks require a clear and accurate picture of the dangers it can entail.
What are Push Payments?
In the context of payments, the terms "push" and "pull" refer to whether the payment is initiated by the business or the customer. In a traditional payment system, the client authorizes a payment, and the merchant then sends it to the issuer for clearing, effectively requesting to "take" money from the customer's account.
The customer does not have to disclose any account details to the merchant when using push payments. Instead, the merchant sends an invoice with account information, which the client uses to make a payment straight to the merchant account. Instead of submitting batches of transactions and waiting for them to settle, the client can "push" the money directly to the seller. This means businesses get their money faster, and users don't have to give away their personal information or account passwords, which are two significant benefits of push payment systems.
What is Authorized Push Payment Fraud?
Push payments function similarly to P2P payment systems such as Venmo, but are scaled up for usage by retail shops and business-to-business sellers. This makes it a tempting medium for fraudsters, who can swiftly cash out and vanish if they can dupe someone into sending them a substantial chunk of money.
There is an quite increase in Authorized Push Payment Fraud since 2020. You can see the increase rate in the Fraud The Facts 2021 report, which is created by UK Finance.
‘While the total number of Authorized Push Payment fraud cases seen in 2020 rose by 22 per cent as criminals increasingly looked to take advantage of the pandemic to defraud people, total APP fraud losses rose by just five per cent in 2020 compared to 2019, as measures introduced by banks helped to prevent many larger-scale fraud attempts. If a customer authorises the payment themselves current legislation means that they have no legal protection to cover them for losses – which is different to unauthorised transactions’
The typical method used by scammers is rather low-tech. They mostly rely on social engineering, phishing emails, and other easy deceptions.
Here are some examples of these different approaches, all of which end in acts of authorized push payment fraud:
- Social Engineering
- Account Takeover
- Safe Accounts
- Investment Scams
- Asking You to Lie
The fraudster contacts a company's accounts payable department and, posing as one of the company's vendors, persuades an employee to modify their push payment account details. When the company attempts to pay that vendor again, the fraudster receives it instead.
The fraudster sends an email that appears to be an invoice from their target's favourite eCommerce store. The customer doesn't look closely at it, overlooks the telltale signals that it's not a genuine invoice, and pays the fraudster.
On the dark web, the fraudster purchases a list of stolen usernames and passwords and tests them on several mobile banking apps. When the fraudster finds an unfortunate victim who always uses the same password on every website, they make a huge payment to their account.
Fraudsters may trick you into sending money to a ‘safe account’. For example, criminals may claim your account has been compromised and tell you to move your money to a new account that's been opened for you.
Criminals promote fake investment opportunities with unrealistically high profits. Scams can sometimes promise a big return in a short period of time. Or it could be a deceptive promise of long-term profit, with some initial rewards handed out to persuade individuals.
Asking You to Lie
If someone -potentially a fraudster- asked you to lie to your bank about the reason for your payment, or cash withdrawal, that's a telltale sign of a scam.
How to Stop Authorized Push Payment Fraud?
Strong passwords, persistent account monitoring, and awareness of the social engineering methods used by fraudsters are the most effective defences against push payment fraud. Merchants who use push payments to pay vendors should be extremely cautious about verifying and reviewing account information, as these payments might be high-value targets for fraudsters.
Issuers can deploy screening techniques, similar to those used to detect credit card fraud, that use machine learning and artificial intelligence to identify suspicious transactions and request extra confirmation from the customer before proceeding with the transaction.
You can use one of the fraud detection and prevention tool such as Formica. If you can dig into various fraud detection and prevention tools, you can check our Comparisons Page.
In the United Kingdom, the Lending Standards Board developed the Contingent Reimbursement Model Code, which aims to maintain consumer trust in push payment systems by establishing a fund to recompense victims of permitted push payment fraud. While participation in the code is totally voluntary, numerous UK issuers have agreed to take part. This method, however, appears to be geared solely to alleviate customer concerns about fraud—it will do little to prevent its occurrences.
While push payment systems offer clear benefits to merchants, such as faster settlements and reduced chargeback liability, merchants should be aware that they, too, can become the primary victims of authorized push payment fraud. Strong security practices, the latest anti-fraud tools, and careful review of vendor updates and payment procedures can help reduce the risk.
We are fighting Authorized Push Payment Fraud like we're fighting any fraud cases and risks to your company. If you are interested in this technology you can check our Rule Engine Usage in Fraud Solutions article and be informed of the topic in more detailed way!