In the UK right now, members of Parliament are debating whether tech companies like Meta or Google have an obligation to compensate victims of authorized push payment scams, which are flourishing across communication platforms and social media.

One report that is part of the debate by the government recommends mandatory reimbursement for authorized push payment fraud victims, which goes much further than the UK’s contingent reimbursement model for such scams.

This is an area of fraud that is moving quickly, and many people are only now catching up. They’re asking:

  • Exactly what is a push payment?
  • How do people get scammed into making push payments online?
  • Is my money safe?
  • What can I do if I am the victim of a scam?

In this article Steve Goddard, Featurespace Subject Matter Expert, outlines the scope of push payment fraud today, and what financial institutions can do to protect themselves and their customers from it.

What is a push payment?

A push payment is a transaction that gets initiated by the payer. This is different from a pull payment, such as a credit card payment, that gets initiated by the payee, or the person who receives the money.

In pull payments, there’s usually a merchant or service provider asking to be paid. In push payments, the payer takes the first step. The difference seems subtle, but it’s the “Here, I would like to send you money” aspect of push payments that make them so useful for fraudsters.

What is authorized push payment (APP) fraud?

Authorized push payment fraud (APP fraud) is when a payer is tricked into transferring money to someone. Authorized push payments are difficult to reverse after the payment has been made, which is one reason these scams appeal to fraudsters.

APP fraud is also sometimes referred to as bank transfer fraud. In APP scams, the victim could be an individual or a business.

There are various types of push payment fraud schemes, including:

  • Invoice scams. This is when a fraudster creates a fake invoice for work that seems legitimate or the invoice has new fraudulent payment details for a legitimate company or person. When the victim pays the seemingly legitimate invoice, the money gets transferred to the fraudster’s account.
  • Impersonation scams. This is when a fraudster pretends to be a legitimate payee. They often pretend to be a person or organization the victim trusts. For example, a fraudster pretends to be from a bank or the police. They contact potential victims in various ways; phone, email, text, social media to request payment for something that appears legitimate. To the victim, the email address or the website might look sufficiently legitimate, and they initiate payment.
  • Confidence scams. These include romance scams and any other scheme in which a fraudster pretends to be a family member, friend or other loved one in need of money.
  • Investment scams. This is when a fraudster poses as an investor, usually online, and targets people who are looking for speculative investments such as crypto coins. The scammer promises big returns on investments and then disappears with victims’ funds.

Social engineering plays a big role in APP fraud. Fraudsters deploy all kinds of sophisticated measures to convince victims they really are who they pretend to be, but the basic scam follows a familiar pattern:

  • The fraudster initiates contact — usually by phone, email, social media or direct message — by pretending to be someone the victim can trust.
  • The fraudster tells a story designed to neutralize any red flags the victim might otherwise spot. There’s always evidence to support the story, whether it’s a fake website or photos or the seemingly legitimate email address.
  • The fraudster’s story eventually leads to a request for a bank transfer or authorized push payment, which cannot easily be reversed.

Hundreds of million are lost every year to APP scams

In the UK, the latest data available shows that APP fraud losses exceeded £350 million — in the six month period from January through June 2021 alone. That’s an increase of more than 70 percent from the same period in 2020.

Push payment scams are thriving around the globe but reports in the UK show that fraudsters are especially targeting its citizens. As The Telegraph’s Bill Gardner reported in October 2021, around 45 million people — that’s a majority of the UK’s population of 67.4 million people — had been targeted by scammers in the preceding three months alone.

With scams running at that scale, the problem comes into focus. APP fraud puts the onus on the victim to sniff out the scam. Sometimes, people can spot the scam. Sometimes, they cannot. Either way, there are thousands of people every day being forced to navigate a scam.

In purely practical terms, financial institutions cannot expect each individual customer to have the time, energy or resources to vet every single ask for money.

At the same time, financial institutions cannot simply pause every transaction over a certain amount to verify its legitimacy. People’s financial lives would grind to a halt.

Fighting push payment fraud is complex. Adapting regulations helps, as does teaching banking customers how to be vigilant against the threats they face every day. But APP fraud requires additional layers of protection, at the technical level, to run in the background and spot scams in real time.

How Featurespace can help detect authorized push payment fraud

Featurespace built the ARIC™ Risk Hub to serve as that technical layer of protection for financial institutions and their customers.

ARIC Risk Hub uses patented Adaptive Behavioral Analytics technology to learn about customer behaviors — the transactions they make, when, to whom, why. The machine learning that powers this technology continuously learns the transactions that are legitimate and those transactions that might be suspicious, and it can make these assessments in real-time.

When a bank’s fraud teams can detect fraud with that kind of precision, it creates a better customer experience for everyone. People who are about to become victims of a scam can be stopped before money leaves their accounts, and people who are conducting normal transactions can do so without interference.

Learn more

As more and more people’s financial lives move completely online, the risk of APP fraud grows. Banks, payment processors and other financial institutions can take steps to stay ahead of push payment scammers by implementing real-time fraud detection technology.

To learn more, have a look at the video from one of our customers, Contis, a leading provider of end-to-end banking, payments and processing services.

We began working with Contis in 2018 to deploy our ARIC Risk Hub, which now gives the company a full, real-time view of customer transactions. With that deployment, Contis has been able to reduce instances of fraud by more than 80 percent. It now has one of the best rates of fraud prevention in the industry.