How to tackle authorized push payment fraud: A merchant’s guide

Authorized push payment (APP) fraud is rampant, impacting millions of individuals and businesses every year. In the UK alone, APP fraud increased  22% in 2023 compared with the same period in 2022.

Let's learn more about APP fraud. In this article, we'll cover:

• What is authorized push payment fraud, and how does it work?
• Tactics to carry out authorized push payment fraud
• How to identify and protect against authorized push payment fraud

What are push payments?

Push payments occur when the payer initiates the transaction, pushing the funds to the payee. Think of it as a digital equivalent of handing over cash. The payer takes control, directing the money to its destination in bank transfers.

Conversely, card payments work like a pull mechanism. The payer provides information to the merchant, who then pulls the funds during settlement through their payment gateway.

What is authorized push payment fraud, and how does it work?

Authorized push payment fraud (APP fraud) unfolds when fraudsters insert themselves between the payer and payee, employing various tactics to dupe the payer. Sadly, the payee never sees a dime, as the money ends up in the fraudster's pocket.

APP fraud thrives because it targets the human element in payment chains. It's a confidence trick that fraudsters use frequently, as we'll detail shortly.

The impact of authorized push payment fraud

APP fraud can financially devastate businesses and individuals. Take a look at these sobering statistics:

• APP fraud accounted for 75% of all global digital banking fraud during the first half of 2022. Source: The Outseer Fraud & Payments Report.
• £485.2 million was lost to APP scams in the UK in 2022. Source: UK Finance.
• The number of phishing attacks targeting US customers grew 42% in the first half of 2022. Source: The Outseer Fraud & Payments Report.
• Globally, APP fraud is the number one fraud threat. Source: ACI's 2023 Prime Time for Real-Time report.

Common forms of authorized push payment fraud

The uncomfortable truth is that APP fraud comes in various forms, employing a range of tactics. Let's explore two of the most prevalent methods:

Social engineering scams

Scammers manipulate individuals by impersonating trusted entities. For example, they might pose as an online retailer to dupe customers.

Let's look at an example of how a fictitious individual called John fell victim to APP fraud.

1. John buys a new TV from an online retailer. The TV arrives with no issue, and John posts a picture of the new TV on Facebook, recommending the retailer to his friends.
2. A fraudster monitoring the retailer's Facebook feed spots John's post.
3. The fraudster crafts a fake email from the retailer offering an exclusive deal offering 50% off a new soundbar to those customers who recently bought a TV. The fraudster sends the email to John's address on his Facebook page.
4. John receives the email and replies with his telephone number, as requested in the email, so that a customer service representative can get in touch.
5. The fraudster calls John the next day to discuss the fake deal and further the fraud.
6. The fraudster follows up with John over email and requests he make a bank transfer to complete the soundbar purchase.
7. John makes the transfer to the credentials the fraudster provided.
8. John never receives the soundbar or hears from the fraudster again. He only finds he's been defrauded when he contacts the retailer, who tells John that no such offer exists.

Everybody, apart from the criminal, loses. John has lost several hundred pounds to the fraudster. And the merchant, despite not playing any role in the fraud, will never receive John's custom again. That's because research shows that individuals will still hold a merchant accountable—even when they did not know about the fraud occurring.

Romance scams, app scams, and tech support scams are other common examples of social engineering fraud. Criminals use a wide variety of techniques to launch these attacks. These include email, cold calling, pop-up messages, hacked websites, and incorrect search engine results.

Account takeovers

Fraudsters hijack individuals' or businesses' accounts to make unauthorized transactions, withdraw cash, or modify account credentials. Bank, email, and social media accounts are frequent targets.

How to identify and prevent authorized push payment fraud

Detecting APP fraud requires robust tools and a proactive strategy. Behavioral profiles, biometrics, and risk-based algorithms are pivotal. Given the high risk, merchants should implement measures to protect themselves and their customers.

Here are a few APP fraud prevention measures to consider:

To help protect customers, merchants should:

• Clearly communicating payment requests.
• Educating customers about APP fraud warning signs.
• Advising customers on what to do if they suspect a scam.

Merchants should also consider these measures to protect their business from APP fraud:

• Training employees to manage APP fraud.
• Staying vigilant against phishing scams.
• Safeguarding personal information with strong passwords and 2FA.
• Using secure payment methods that require two-factor authentication.
• Keeping software up-to-date and monitoring for suspicious activity.
• Developing a comprehensive fraud prevention strategy in partnership with a specialist.

The fight against APP fraud goes on

Fraudsters will not stop trying to defraud businesses and their customers, that's for sure. And while APP fraud is increasingly widespread among fraudsters, it's not the only threat merchants must concern themselves with.

Look at our ultimate guide to payment fraud prevention to learn more about the different types of fraud. And then see how Primer gives merchants the tooling to prevent payment fraud.