Authorised Push Payment Fraud – Who should pay?




In the first half of last year, criminals stole a total of £753.9 million through fraud, an increase of 30% compared to the first half of 2020. UK Finance

 

In previous years the largest losses due to fraud were as a result of unauthorised transactions using debit, credit, charge and ATM-only cards. Although card spending grew by 17% in the first half of 2021, there was a decrease of 9% on card fraud losses in the same period.

However, the same cannot be said for authorised push payment (APP) fraud, where a customer or account holder is persuaded by a fraudster to transfer money into an account controlled by a criminal. This type of fraud increased by 71% during the first half of 2021, surpassing the losses incurred through card fraud for the first time ever.

APP scams are schemes in which criminals contact account holders posing as banks and other trusted organisations such as the NHS (during Covid) and use a range of social engineering tactics including scam phone calls, texts, emails and fake social media posts to trick customers into sharing their personal details and passwords. For example, they may pretend to be from a bank or other trusted organisation, persuading the user to transfer money to a different account via bank transfer or another type of online payment. Once this type of payment has been authorised, it can’t be reversed, and the account holder will only realise they have been a victim of fraud when it is too late and the money has already left their account.

Total losses due to authorised push payment scams increased to £355.3 million in the first half of 2021, up 71% compared to the same period in 2020. The number of cases rose 60 per cent to 106,164. UK Finance

To encourage banks and other financial institutions to take the necessary steps to protect and reimburse their customers, a voluntary ‘Authorised Push Payment Scam Code’ was launched in the UK in 2019.

Banks or financial institutions signing up to the code agree to commit to educate, reimburse and take all necessary steps to protect their customers from this type of fraud. This includes steps such as providing customers with information on how to avoid APP scams, delaying or stopping payments where there are scam concerns and taking steps to stop fraudsters opening new bank accounts.

But the big question is where does the responsibility lie? Should the banks and financial institutions be left to handle this situation alone?

Unsurprisingly, the majority of scams originate outside of banking services, with a large proportion involving social media. Considering that there were more than 3.8 billion people using social media by the start of 2020, it’s not surprising that criminals use this arena to target individuals.

Social media-enabled crimes are generating global revenues of at least $3.25bn for the global cybercrime economy annually – Bromium & Dr. Mike McGuire

Criminals use social media to gain personal information about their targets in many ways, including the posting of quizzes and questionnaires that trick users into giving away personal details. These quizzes can often appear to be harmless fun, but the underlying intent is to collect personal information that can then be used to access passwords, take over accounts and commit identity theft.

Fraudsters can carry out criminal activity this way behind a veil of anonymity, with low-risk and very little chance of being exposed. Is it time that social media companies sent a strong message to scammers by setting out a duty of care for their users, including displaying on-screen warnings and reporting and removing suspected fraudulent material?

Ultimately, is it the responsibility of the financial ecosystem to compensate the victims of this type of criminal activity, or should the businesses that provide a forum for criminals to operate freely, such as the social media organisations, be forced to take on some of the financial responsibility for this fraud? The cost to business and society of these types of scams is increasing – do we need to take another look at who should pay?

 

To discuss the Sekura solution for fraud and scam prevention, please contact the team.