Front line defensive tech: The role of software in keeping your business safe from Authorised Push Payment fraud

Social engineering and the tricking of employees will always play a key role in

Authorised Push Payment (APP) fraud, but technology is becoming the difference maker for more sophisticated criminals.

Its traditional use – like mass phishing and email spoofing – is already beginning to look primitive compared to some of the more technologically advanced campaigns launched by scammers in the past few years.

In this article, we’re going to look at the future of APP fraud and which technologies (both offensive and defensive) are going to be key.

(If you would like an introduction to APP fraud and how it works, read this article.)

How AI is being used on both sides of APP fraud

For criminals, artificial intelligence (AI) has been a gamechanger. APP fraud is essentially an impersonation game, where a fraudster poses as somebody they’re not – to trick an organisation into making a fraudulent payment.

The more convincing their impersonation, the more likely their fraud will be successful.

Deepfakes (the AI creation of highly convincing imagery, audio, and video content) has made it almost impossible for the average person to determine whether something is real or fake. This is particularly dangerous when there are individuals involved who have a strong online presence, as the more data (like online videos or social media presence) is available, the better the deepfake will be. It is easily possible for criminals to create deepfakes of voice messages, phone calls, and even video calls.

Machine learning (algorithmic analysis of personal data to create highly personalised content) is also making phishing much more difficult to detect. Coupled with automation, criminals can now conduct mass phishing, at extremely high-quality levels, at relatively little effort.

Fraud detection is also using machine learning to predict, detect, and counteract AI-powered APP fraud. By leveraging complex algorithms to spot suspicious patterns and anomalies, AI can react far more quickly than any humans and can halt fraudulent transactions before they leave company accounts.

Predictive analytics, whilst still in early adoption phase, are set to become a key defence against APP fraud in the very near future. By analysing historical data and identifying patterns, predictive analytics will be able to forecast potential fraud events before they occur – especially by using behavioural analytics to uncover new and emerging types of fraud.

Fraud-as-a-Service (FaaS)

As financial fraudsters increasingly turn to technology, cybercriminals are rising to meet their needs. Many cybercriminals are strategic and intelligent, and we are already seeing a new emerging industry of providing sophisticated fraud tools as a service.

Utilising the same tactics as legitimate businesses, like subscription models and software updates, the barrier to entry for aspiring fraudsters has never been lower. It empowers those with minimal technical expertise to launch sophisticated attacks, much like the iSpoof website, which allowed scammers to disguise their phone numbers in order to impersonate somebody.

Blockchain technology

The principal feature of blockchain and distributed ledger technology is its ability to create transparent records, immune from tampering.

Cyber security and fintech firms are exploring whether this can be used to form a secure chain of transactions that guarantees accuracy and is easily auditable – which would provide a reliable system for tracking financial trails.

The same goes for smart contracts – which could be automated and self-executed via the blockchain.

Programmed with predefined rules that auto-activate when contractual agreements are met, the lack of human interaction would enhance the security of payments and remove any vulnerabilities in which APP fraudsters could impersonate either party – or any middlemen.

Biometric authentication

Biometric authentication (using fingerprints or facial recognition to verify one’s identity) is increasingly becoming a standard for preventing impersonation.

This is especially true for multimodal biometrics (which, like two-factor authentication, requires multiple biometric verifications). For a criminal to spoof both a fingerprint and a facial scan would be almost impossible.

Behavioural biometrics are also being feted as a potential defensive technology – which measures the patterns in an individual’s typing patterns or mouse movement patterns to identify who’s using any given system.

The future of fraud prevention technology

Technology will play, and is already playing, a primary role in the prevention of fraud.

And whilst the benefits of technological advancement are also the drawbacks – because both sides will inevitably gain access to the same systems – we simply have to stay one step ahead.

By leveraging multiple tech solutions, in tandem with greater awareness and education of your employees, you can make your company simply too much effort to defraud.

For a deeper dive into the other types of technology being used in APP fraud, plus a list of defensive tactics and strategies you can employ, download our free guide: