Digital payments have changed the modern economy, giving businesses of all sizes the ability to become global players and take advantage of unparalleled growth opportunities. Digital payments are fast, accessible, and convenient.
But while we’ve gained in ease, we’ve also gained in risk. The days of face-to-face cash transactions, where you knew your contact personally, are long gone. Now, with most payments done online – via email, telephone, and payment portals – you must verify your payees in other ways.
And this is where Authorised Push Payment (APP) fraud becomes a real risk.
What is APP fraud?
Picture this – you’re sitting at your desk when an email comes in from your manager, requesting you to make an urgent payment to a regular supplier. It’s nothing out of the ordinary, so you ready the funds and prepare to make the transfer.
But at the last minute, you notice something strange about the email address. Or the tone of voice. Or the time of day. You decide to check with your manager and, just as you suspected, they didn’t actually send the email.
That’s APP fraud in a nutshell – the attempt to trick you into making payments to a fraudulent bank account. These scams range from opportunistic attempts to sophisticated social engineering campaigns, and they can come at any time, in any format, from anywhere.
APP losses hit £459.7m in 2023, with cases up 12% to 232,429.
How does APP fraud work?
In essence, APP fraud payments are just like every other transaction you make. They leverage all the regular payment rails you are used to, like BACS or Faster Payments, and they provide all the relevant information, like bank account numbers and recipient names.
APP fraud is primarily an impersonation trick, where the fraudster pretends to be somebody they’re not – usually somebody you know and implicitly trust. Then they simply provide you with fraudulent bank account details, and hope that you’ll make the payment.
That’s a simple explanation; however, the actual scam can be quite complex and be made up of several layers of deception, including:
- Phishing: a communication that has been spoofed to look genuine, like an email with all your company’s branding and a convincing looking email address.
- Pressure: most APP scams will try to apply time sensitivity, asking for urgent and immediate payments to make you act without properly considering it.
- Impersonation: a staple in every APP scam, but it comes in different forms. Fraudsters may pose as multiple people in the course of one single scam – like your manager, your bank account manager, and/or your supplier.
- Prosecution: we are seeing more scams where the fraudster poses as a governing body, a collection agency, or even the police. Be particularly wary of requests to pay fines or settle outstanding debts.
- Purchase: online selling platforms, like eBay or even Facebook, are favourite haunts of APP fraudsters. Whilst this doesn’t usually involve impersonating somebody you know, it does involve impersonating a genuine seller. You pay for goods or services, but you never receive them.
The growing threat of APP fraud
Whilst recent years have seen banks and regulators clamping down on APP fraud, there are several areas where cases are rising.
And as businesses get more savvy to the danger, and fraudsters are unable to trick their victims into making payments, they are resorting to card ID theft. Using the information gathered in their social engineering attempts, combined with stolen card details – they can entirely take over accounts.
But the main driver behind the 12% rise in number of APP cases is purchase scams, which rose by 34% in 2023. Businesses must be particularly vigilant against buying goods and services online, as more and more listings are proving to be APP scams.
| Source | Volume of cases | Value of losses |
|---|---|---|
| Online | 76% | 30% |
| Telecommunications | 16% | 43% |
| 1% | 11% | |
| Other | 7% | 16% |
APP fraud: More than just a financial risk
Almost half a billion pounds was lost to APP fraud in the UK in 2023.
But besides the financial losses, there are several other damaging consequences of APP fraud:
- Reputation: loss of customer confidence can lead to churn
- Operational: investigating the case can carry a significant resource cost
- Team morale: fraud can cause internal stress and frustration within your business
- Regulations and compliance: businesses may face fines if they are deemed at fault for the scam (or not having taken sufficient precautions to prevent it), and payment services providers will also be subject to the new mandatory reimbursement scheme – meaning they will need to pay the victim back, too.
Whilst technological advances, systemic protections via banks and payment service providers, and greater business awareness are all helping to slow the rising tide of APP fraud – it remains a significant risk to UK businesses.
To find out how you can protect your business from APP fraud, download our guide:
Download our free guide
A finance leader’s guide to combatting Authorised Push Payment (APP) Fraud
What’s inside:
- How APP fraud works and the industries most at risk
- Financial and reputational impacts to watch for
- Proven prevention strategies and emerging trends in AI-powered fraud
- An overview of the evolving regulatory landscape
