APP Fraud: Risks in Real-Time Payments

What is APP (Authorised Push Payment) fraud?

Authorised Push Payment (APP) fraud, often referred to as “push payment fraud” or simply “APP fraud,” occurs when fraudsters manipulate victims into authorising payments to bogus accounts. Unlike other types of fraud, APP scams leverage social engineering tactics to convince individuals and businesses to voluntarily perform transactions without realising the deceit.

Key Distinctions from Other Types of Fraud:

  • Customer consent: Unlike account hacking or theft, APP fraud requires the victim’s authorisation for the transaction.
  • Manipulative tactics: Fraudsters use impersonation, urgency, and trust to subvert the victim’s decision-making ability.

Why is APP Fraud Increasing?

The rise in real-time payments and the digital interface used for financial transactions, coupled with sophisticated social engineering techniques, creates fertile ground for APP fraud to escalate. As global digital payment volumes soar, it is expected that the financial losses from APP fraud will exceed £331 billion by 2027.

How APP Fraud Works (Step-by-Step Lifecycle)

Step 1 — Contacting the Victim: Fraudsters initiate first contact using common vectors such as phishing emails, spoofed calls, or impersonating trusted entities. For example, they may appear to be your bank warning of urgent risks.

Step 2 — Establishing Trust: Criminals often impersonate banks, suppliers, or even government bodies. Techniques include creating convincing fake websites or using official-looking branding.

Step 3 — Urgent Payment Requests: Scammers create urgency, claiming that paying immediately is necessary to avoid drastic consequences (e.g., blocked accounts or legal troubles).

Step 4 — Disguising the Transaction: Fraudsters split payments into smaller amounts or channel funds through multiple intermediaries, making recovery increasingly difficult.

Common Examples of APP Fraud

  • Fake Bank Calls: Fraudsters impersonate bank employees, urging victims to transfer money to a “safe account.”
  • Supplier Payment Changes: Businesses often fall victim to scams where suppliers request payments to new fraudulent accounts.
  • Investment Fraud: Scammers promise high ROI, coaxing individuals into transferring funds to fraudulent accounts.

APP Fraud in Banking and Payments

While APP fraud heavily impacts individuals, businesses suffer immensely from these attacks. With fraud completion rates increasing due to real-time payment systems, banks and financial entities must integrate robust detection solutions such as behavioural analytics and risk scoring.

How Banks Detect APP Fraud

Banks employ several cutting-edge detection mechanisms:

  • Real-Time Monitoring: Payment patterns are continuously assessed for anomalies.
  • Device Fingerprinting: Unique data signals ensure that transactions align with known behavioural profiles.
  • Anomaly Detection: Suspicious deviations from typical payment activity trigger alerts.

LSEG’s Global Account Verification solutions and LSEG World-Check Risk Screening systems help banks streamline fraud detection measures through advanced analytics and risk profiling.

Why False Positives Occur

While attempting to prevent APP fraud, banks face the challenge of triggering false positives when legitimate, atypical transactions resemble fraudulent patterns. Tools embedded with advanced machine learning often provide insights to reduce such disruptions without compromising security.

How Businesses Can Prevent APP Fraud

Key Practices for Businesses:

  • Implement Dual Approval: Payments authorised by multiple personnel reduce fraud risk.
  • Independent Verification: A different channel must confirm supplier banking changes before payments proceed.
  • Staff Phishing Awareness Training: Educate teams about recognising BEC (Business Email Compromise) -style fraud messages.

Integrating Global Account Verification and identity authentication solutions such as those offered by LSEG Risk Intelligence significantly enhances transactional integrity.

How Consumers Can Protect Against APP Fraud

Simple Safeguards:

  • Avoid sharing OTPs or sensitive information via email or phone.
  • Confirm suspicious payment requests directly with the involved parties.
  • Monitor banking notifications to catch unauthorised payments in real time.

APP Fraud Reimbursement & Compensation (UK Context)

UK financial regulations mandate consumer protection against APP fraud, albeit with caveats. Banks may reimburse victims under the Contingent Reimbursement Model Code, provided the victim wasn’t negligent. Fraud prevention accountability and cooperation by claimants also determine compensation decisions.

How LSEG's Solutions Help

LSEG Risk Intelligence solutions, including Global Account Verification, provide critical safeguards against APP fraud. By verifying account integrity and analysing risk signals, LSEG Risk Intelligence helps financial institutions secure cross-border and domestic transactional workflows.

Additionally, LSEG World-Check integrates regulatory due diligence, eliminating compliance gaps and reinforcing trust across payment infrastructures.

Conclusion:

APP fraud remains one of the most complex forms of cybercrime impacting consumer and corporate payments today. With rising sophistication in scams, institutions must invest in robust fraud detection and prevention. Leveraging advanced LSEG Risk Intelligence solutions offers a pathway towards greater security in challenging payment environments.

FAQs

  • Authorised Push Payment (APP) fraud occurs when victims are tricked into willingly transferring money to fraudulent accounts. Unlike unauthorised fraud where criminals hack systems, APP fraud relies on social engineering tactics to manipulate individuals or businesses into making payments under false pretences.

  • APP fraud in banking refers to scams where fraudsters deceive customers into authorising payments to fake accounts. Banks face challenges in detecting this fraud because the payment is authorised by the customer, making real-time monitoring, behavioural analytics, and anomaly detection essential tools for identifying risks.

  • An example of APP fraud includes receiving a fake call from someone impersonating your bank, claiming your account is at risk and asking you to transfer funds to a “safe” account. Another common scenario is a fraudulent supplier email requesting payment to a new account due to "urgent changes."

  • While APP fraud relies on victims authorising payments voluntarily after being deceived, account takeover involves criminals illegally accessing a victim’s account to initiate transactions. APP fraud exploits trust and urgency, while account takeover bypasses the victim entirely.

  • Fraudsters initiate contact via phishing emails, spoofed calls, or fake messages designed to impersonate trusted entities such as banks or suppliers. They manipulate trust, often creating urgency, and instruct victims to transfer money to fraudulent accounts, which are quickly emptied or rerouted across several channels.

  • Banks can detect APP fraud through real-time transaction monitoring that flags atypical payment patterns, behavioural analytics that assess user activity, and device fingerprinting to match known user profiles. Advanced anomaly detection ensures quicker identification of suspicious transactions.

  • Financial institutions employ tools such as behavioural analytics, anomaly detection software, risk scoring systems, and real-time transaction monitoring frameworks. Additional measures include payee risk screening and database verification systems to ensure account authenticity.

  • APP fraud prevention refers to measures that mitigate risks of fraudulent transactions. These include enforcing dual payment approvals, verifying account changes independently, employee awareness training against phishing scams, and implementing advanced monitoring technologies to identify suspicious activities.

  • Businesses can reduce APP fraud risk by enforcing dual-approval processes for all payments, verifying supplier account changes independently, providing phishing awareness training to staff, and segregating financial duties. Employing comprehensive payment monitoring systems also strengthens fraud defences.

  • Consumers can avoid APP fraud by never sharing sensitive information like OTPs or passwords, verifying the legitimacy of payment instructions directly with organisations through separate channels, enabling transaction alerts, and immediately reporting suspicious activities to their banks.

  • If you fall victim to APP fraud, contact your bank immediately to report the incident, freeze suspicious transactions, and begin the reimbursement claims process. Work with law enforcement if necessary and provide supporting evidence like phishing emails or suspicious calls.

  • Victims of APP fraud in the UK may be reimbursed under the Contingent Reimbursement Model Code, provided they acted responsibly and weren’t negligent in protecting their funds. Banks follow specific regulatory guidelines to assess the validity of compensation claims.

  • APP fraud compensation involves financial reimbursement provided to victims by banks who conclude they qualify under the UK regulations. Factors such as cooperation during investigations and adherence to best practices, like suspicion reporting, influence compensation eligibility.

  • APP fraud losses are rising due to increased real-time payments, advanced social engineering scams, and the growing reliance on digital financial transactions. Fraudsters exploit trust and urgency via sophisticated means like phishing and impersonation tactics.

  • Transaction monitoring systems continuously assess payments for irregularities using behavioural analytics and risk scoring. They identify anomalies in transaction amounts, timing, and user behaviour, enabling banks to detect and block potential APP fraud in real time.

Request details

Help & Support

Already a customer?

Get help through MyAccount
external

Office locations

Contact LSEG near you

Find your nearest LSEG office