What Is Authorized Push Payment Fraud (APP Fraud)?
Essentially, This Is When Scammers Convince A Customer To Transfer Money To Them Via An Instant Payment
It is a form of fraud in which victims are manipulated into making real-time payments to fraudsters, typically by social engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests." attacks involving impersonation An impersonator is someone who imitates or copies the behavior or actions of another. There are many reasons for impersonating someone, such as: part of a criminal act such as identity theft, online impersonation scam, or other fraud. This is usually where the criminal is trying to assume the identity of another, in order to commit fraud, such as accessing confidential information or to gain property not belonging to them. Also known as social engineering and impostors.. As of 2019 in the United Kingdom, because the victims of these frauds authorized the payments, albeit mistakenly, they are typically not fully reimbursed by their banks.
What Is A Push Payment And How To Avoid Fraud?
Scammers are getting more and more sophisticated, and one of the newer forms of deception is authorized push payment fraud. Banks are currently deliberating on how to handle the aftermath of this, and how much compensation customers can claim.
Due to the fact it’s an instant payment, the money is already gone before the victim is able to reclaim it (as may happen with older forms of payments).
The requests for the money may come over the phone (in a call or via text) or by email or on social media, and they are often sophisticated and socially engineered.
They may find you (via social media) and find out you’re having work done on your house (because you posted it) and send an invoice that matches that of your construction company. Or, they may call saying they’re your bank’s fraud team, ironically scamming you using the information you give them. The variations are endless.
For victims of this kind of fraud is that, since you technically gave the information willingly, it’s difficult to get compensation from financial institutions. This is true in most scams – however, more and more police understand that it was based upon deception and thus is a crime.
Currently, only about a fraction of the money lost to push payment fraud Payment Fraud (Non-Plastic)
The fraud definitions for payment fraud are confusing unless you specify “non-plastic”. Payment Fraud (non-plastic) refers to payments made outside of card networks, via payments rails that send funds from one bank account to another. When making this type of payment, fraud occurs when a payments is sent to an account that the fraudster controls. Payment fraud can be unauthorized, which is commonly executed as an account takeover. Payment fraud can also be authorized, which is commonly executed through authorized push payment fraud (scams). is refunded to customers, but work is underway to change this.
In the U.K. as part of a draft voluntary code of conduct for banks, it would become the standard that customers were refunded as long as they’d taken reasonable steps to check they were paying the correct person. Under the standard there will be eight reasons banks can decide not to reimburse customers:
- If they refuse to listen to warnings from their bank
- If they recklessly share (in their opinion) their security credentials
- If they don’t take steps to make sure the person they paid was correct
- If they lie to the bank
- If they are negligent (in their opinion)
- If they fail to heed a confirmation of the payee result (which is a future scheme whereby customers will be notified of the name of the payee rather than just the account number and sort code)
Unfortunately, there are no equivalent standards in the United States or elsewhere that we are aware of.
Remember, your bank is not an insurance company. They have limited protections, but this will not always help you – the rules are serious and unforgiving.
In The Meantime, Pay Attention!
- Never give your details to anyone who calls or emails or messages you without complete verification
- If it looks like it’s from somewhere or someone you might know, hang up and call them to confirm
- If from a financial institution – regardless of the reason for the request – do not respond, hang up and look up the authorized bank phone number on your card or statements or find their official website or email online and contact them
- Never believe your own caller ID or email addresses – often scammers can fake or clone these details easily