Introduction
Each year, the UK economy loses over £1 billion to fraud. Figures by BDO reveal that in 2023 alone, fraud in the UK more than doubled reaching £2.3 billion. From card-not-present fraud to phishing and purchasing scams, the landscape of financial deception is vast and continually evolving. However, one insidious form of fraud that has seen a significant rise in recent years is Authorised Push Payment (APP) fraud, which accounted for over 40% of the total fraud losses in 2023 alone. In this article, we explore why APP fraud is such a big problem for UK businesses, the various types, and what businesses can do to prevent it.
What is APP fraud?
Authorised Push Payment Fraud is one of the simplest, yet most effective tactics in a fraudster's book. It involves fraudsters tricking individuals or businesses into authorising a payment to them.
As the name implies, authorised push payments are:
- Authorised: The payer fully intends to send their money to a recipient via a bank transfer.
- Push payments: The payer initiates the payment, as opposed to a ‘pull’ payment, where funds are taken from the payer’s account by the recipient.
Unlike other forms of fraud, APP fraud hinges on the victim’s willingness to transfer funds, making it particularly challenging to detect and mitigate. Using the latest technology advancements like Artificial intelligence (AI), fraudsters typically employ sophisticated social engineering techniques to deceive victims, often posing as legitimate entities such as banks, utility companies, or even friends, family or your CEO. The essence of APP fraud lies in the manipulation of trust and urgency, compelling the victim to act quickly without adequate verification.
Types of APP fraud
The term ‘APP fraud’ covers a broad spectrum of types of fraud, each of which exploits different vulnerabilities and scenarios. UK Finance has identified eight different categories of APP fraud, although, all authorised push payment scams involve convincing the target that they are a legitimate business or individual into initiating the payment. The most common are;
-
Purchase Scams
This is where the victim is tricked into paying for goods or services that do not exist or are significantly different from what was advertised. Common purchase scams include fake holidays and items listed on online marketplaces. Fraudsters will convince the victim to initiate a manual bank transfer, rather than using the platform's secure payment portal. In the first half of 2023, purchase scams accounted for 66% of the total APP fraud cases.
-
Investment Scams
Fraudsters often use cold-calling tactics to convince victims to transfer money for time-limited investments that promise high returns but are either non-existent or worthless.
-
Romance Scams
This is when fraudsters enter into an online relationship with their victim before requesting money. Often, the imposters use an emotionally manipulative backstory to convince the victims to initiate the payment. Figures by UK Finance reveal that romance scams accounted for £36.5 million of lost money to authorised push payment scams.
-
Impersonation Scams
Impersonation scams involve fraudsters convincing the target that they are a trusted entity such as HMRC, utility companies, or service providers, to deceive victims into transferring funds to a safe account. A similar scam also targets the employees of a business, trying to convince the victims that their CEO or someone from senior management needs them urgently to make a payment.
-
Invoice and Mandate Scams
Targeting businesses, fraudsters intercept legitimate invoices or create fake ones, tricking businesses into paying them instead of the actual supplier. This can also involve convincing the victim that the payment details have changed and they need to set up a new payment.
Cost of APP fraud
In 2023 alone, the UK economy lost £2.3 billion to fraud, with APP fraud accounting for £459.7 million of this total, with the majority of the losses (£376.4 million) being borne by consumers. These figures are likely much higher, as many individuals and businesses do not report scams to authorities.
The number of reported fraud cases rose by 18% to 232,429, reaching a three-year high, and the incidence of high-value APP fraud cases over £50 million increased by 60% year-on-year in 2023. Despite these alarming statistics, many overlook the true impact of authorised push payment scams. Beyond the immediate financial losses, businesses are responsible for the cost of any recoveries. The disruption caused by these scams can lead to significant cash flow problems, and in a volatile economic climate, this can quickly jeopardise a business's operational stability and push it towards insolvency.
Research by UK Finance highlights the financial burden of these scams: the average initial loss for frauds under £25,000 was £24,574; for frauds between £25,000 and £100,000, the average loss rose to £37,741; and for frauds between £100,000 and £1 million, it was £166,752.
These hidden costs reveal the full extent of the financial burden associated with fraud and underscore the necessity of having a robust fraud prevention strategy in place.
How to prevent authorised push payment fraud:
-
Education
Authorised push payment scams are so successful because they capitalise on the victim's lack of knowledge of payments against them. As criminal gangs and fraudsters look to exploit trust by leveraging sophisticated social engineering techniques, APP fraud will remain a significant threat in today’s digital landscape.
The saying goes, prevention is better than cure! So understanding what APP fraud is and how it operates is the first step in protecting against it. But as fraudsters evolve their methods, awareness and education will be paramount. Staying vigilant and proactive is essential in the ongoing fight against APP fraud, and by fostering a culture of scepticism, verification, and security, businesses can collectively reduce the incidence and impact of this pervasive threat.
-
Bank Verification
APP fraud has previously been an easy win for fraudsters and a significant challenge for banks, businesses, and consumers alike. The success of APP fraud lies within the fraudsters' ability to deceive the victim into believing they are engaging in legitimate transactions. Due to the abundance of readily available information online, fraudsters will often have credible research to back their claim if challenged, and more often than not without any doubts, many people will initiate the payment.
Bank Verification powered by Confirmation of Payee (CoP) is a digital name-checking service for UK-based payments intended to reduce misdirected, accidental and fraudulent payments. By utilising the fact that no two bank accounts share the same details, bank account verification can cross-reference details when setting up a new payee in real-time before alerting you if there is a match, partial match, no match or unavailable.
The error detection capabilities, such as identifying name mismatches and spelling errors have proven extremely useful. This feature allows us to quickly spot and rectify mistakes, providing an extra layer of clarity and confidence in our payments.
Luke Dodd
Head of Finance
Digital payment security
Whether you’re onboarding new employees or amending existing supplier details, Creditsafe’s Bank Account Verification is a simple, yet effective solution in combating accidental, misdirected and fraudulent transactions. Made easily accessible through our user-friendly API and connectors, our connectivity options are designed to facilitate quick and easy integration into existing systems, offering businesses an extra layer of security through a zero-change approach.
With the largest coverage of UK personal and business bank accounts—spanning 97-99% — Creditsafe eliminates the complexities often associated with integrating new technology, enabling businesses to power more secure and complex transactions with ease and confidence