How to Protect Your Business From Authorized Push Payment Fraud

Protecting against fraud is an essential priority for every business. As well as minimizing financial and reputational risk to your organization, strong security standards contribute to a better customer experience and increase the likelihood of buyers coming back to make repeat purchases from you.

Fraudsters are constantly evolving and coming up with new ways to attack businesses and individuals, so it's vital that you stay up to date with the latest threats and how they could impact you.

One particular danger every company should be aware of is authorized push payment (APP) fraud, which has become increasingly common in recent years. Make sure you're aware of the risk this poses and you're ready with a plan to defend against it.

What is APP fraud?

Authorized push payments are normal transactions organizations and individuals make via online banking services. The payer approves the transfer and 'pushes' it from their account to the payee.

APP fraud, also known as a bank transfer scam, is when criminals use manipulative tactics to lead someone - either an individual consumer or an employee of a business - to make a payment to an account controlled by fraudsters.

This type of fraud has become a more attractive option for criminals as a result of global growth in real-time payments, which surged by 41% in 2020, according to ACI Worldwide. Faster payments are convenient for genuine customers, but they also give scammers the opportunity to execute fraudulent transactions at high speed and extract the funds before banks or the authorities can intervene.

A growing threat

Recent data has highlighted growth in APP fraud, particularly during the COVID-19 pandemic. In the UK, for example, the total number of attacks of this type increased by 22% to 149,946 in 2020. Losses due to bank transfer scams rose by 5% to £479 million, according to a report compiled by industry association UK Finance.

The study noted that criminals' use of social engineering tactics, deception and impersonation are key drivers of this trend and were particularly prevalent during the pandemic. This often involves perpetrators posing as a genuine individual or organization and contacting their targets via channels including email, phone and text message. Social media also provides opportunities for criminals to elicit payments from their victims by advertising fake goods and investments.

In the Global Banking Fraud Survey, published in May 2019, KPMG revealed that this trend of growth in APP scams was evident long before the COVID-19 outbreak. More than half of its global survey respondents said they had witnessed increases in the total value and volume of external fraud.

APP fraud was among the types of attacks that increased in frequency between 2015 and 2018, along with:

• Identity theft
• Account takeover
• Cyber attacks
• Card-not-present fraud

How to protect against APP fraud

So what can you do to stay vigilant to the threat of APP fraud and protect your organization against it?

1. Know the warning signs

Ensuring your business and its employees are sufficiently educated on APP scams and the dangers they pose will minimize the risk of you falling victim to them. Offer bespoke training to your staff on the most common warning signs of these attacks, which include:

• Transfer requests that are out of the ordinary, such as a new payee being added or payments being made in a different currency
• Submissions for payment that are marked as highly urgent or confidential
• Unusually large payments
• Changes in a supplier or business partner's details, such as email address or contact number

2. Combine tech with human expertise

Developments in areas such as artificial intelligence and machine learning can help you protect your business against fraud, but you shouldn't place all your faith in technology. Combine automated checks and processes with human activities such as using call-backs to verify transactions. Your employees should also focus on building close relationships with partners and suppliers, which will help them spot unusual and potentially fraudulent events.

3. Don't deviate from policy

It's crucial to follow clear policies and practices to mitigate the risk of APP fraud, and your staff should understand the importance of adhering to these standards at all times. For example, payments shouldn't be approved if the identity of the payee or the authenticity of the request can't be verified, no matter how much pressure is being placed on the employee to process it.

4. Respond quickly

If you do find yourself falling victim to an APP scam, it's vital that you react quickly and report the incident to your bank and relevant law enforcement authorities as soon as possible. The faster you act, the better your chances of recovering the funds you've lost. It will also be easier for the people involved to recount and record the details of the event while it's still fresh in their minds. This will help the authorities do their job and also inform your efforts to avoid similar problems in the future.