The number of real-time payments has risen dramatically in recent years, and APP fraud has grown alongside it. Fraudsters utilizing these schemes rely on tactics such as phishing and impersonation scams to trick customers and businesses into sending payments or payment details, and their use of real-time rails can enable them to make off with the funds before customers catch on. The nature of these payments means that, once they have been made, consumers cannot reverse them.
Bad actors typically perpetrate APP fraud in several ways. They can use fraudulent invoices to scam unsuspecting businesses and consumers or hijack legitimate email correspondence during property transactions to divert funds into the bank accounts of their choosing, for example. Some of the most invasive APP schemes involve account takeovers (ATOs), which enable cybercriminals to take over individuals’ or even merchants’ accounts and make payments to designated payees — often the fraudsters in question.
The following Deep Dive outlines the schemes bad actors use to swindle customers and businesses out of their funds as well as how financial institutions (FIs) and eCommerce marketplaces are working to catch and prevent these illicit acts.
APP Fraud Ramps Up
Instances of APP fraud around the globe have continued to rise as real-time payment rails extend their reach. London-based financial services trade association UK Finance found that there were 34,129 cases of APP fraud in the U.K. targeting both individuals and merchants during the first half of 2018, hitting £148 million ($191 million USD) in losses. This number significantly increased during the same period in 2019, with the association identifying 57,549 instances of APP fraud that hit £208 million ($268 million) in losses. Consumers bore the brunt of these attacks during the first half of last year, representing 65 percent of lost funds, while there were 4,077 schemes targeting non-personal accounts such as those used by merchants. FIs were able to return £39 million ($51 million USD) to victims, however.
These figures may seem sizable, but consumers’ and merchants’ reluctance to report such schemes suggests that they have lost much more money. A European Commission survey from earlier this year revealed that only 21 percent of those who were scammed reported it, and that share rises to 44 percent when stolen amounts exceed €50 ($59 USD). Most of the victims who did report such fraud contacted their banks, credit card companies or the police rather than regulatory authorities.
The pandemic is only deepening these existing fraud issues, with one recent survey finding that 22 percent of Americans have been targeted by pandemic-related fraud scams. Another report from the Federal Trade Commission determined that U.S. consumers have experienced 121,466 instances of pandemic-related fraud, totaling $77 million in losses, as fraudsters prey on consumers’ financial vulnerabilities and health concerns during the crisis.
Fighting Back Against APP Fraud
FIs and merchants are rolling out numerous initiatives and technologies to tackle APP fraud. The Payment Systems Regulator, a subsidiary of the U.K.’s Financial Conduct Authority, launched the APP Scams Steering Group two years ago. The panel has since introduced a voluntary code intended to repay consumers victimized by unauthorized push payment schemes.
FIs are also revamping their fraud-fighting approaches as cybercriminals’ schemes become more advanced, leveraging tools such as behavioral biometric authentication to ensure that those initiating payments are who they say they are. These technologies can monitor consumers’ payment habits to determine whether they deviate from the norm and warrant further investigation. FIs can also combine these insights with robust data analytics operations to better profile their customers’ payment habits, making fraudulent activity easier to distinguish.
eCommerce merchants are also leveraging behavioral biometrics to reduce cybercrime methods such as APP fraud. These systems have been found to strike a balance between ironclad security prevention and a seamless customer experience, as all security checks occur behind the scenes rather than requiring customers to complete extra steps to secure payments. This additional friction can be kryptonite for customer loyalty, as 53 percent of customers have reported abandoning transactions due to frustrating experiences.
APP fraud has been growing for some time, and this trend is likely to continue as more consumers flock to real-time payment methods and digital channels during the pandemic. FIs must leverage robust fraud-fighting measures while ensuring that customers, merchants and other victims stay vigilant to keep it in check.