Authorized push payment (APP) fraud is rampant, impacting millions of individuals and businesses every year. In the UK alone, APP fraud increased 22% in 2023 compared with the same period in 2022.
Let's learn more about APP fraud. In this article, we'll cover:
- What is authorized push payment fraud, and how does it work?
- Tactics to carry out authorized push payment fraud
- How to identify and protect against authorized push payment fraud
What are push payments?
Push payments occur when the payer initiates the transaction, pushing the funds to the payee. Think of it as a digital equivalent of handing over cash. The payer takes control, directing the money to its destination in bank transfers.
Conversely, card payments work like a pull mechanism. The payer provides information to the merchant, who then pulls the funds during settlement through their payment gateway.
The fight against APP fraud goes on
Fraudsters will not stop trying to defraud businesses and their customers, that's for sure. And while APP fraud is increasingly widespread among fraudsters, it's not the only threat merchants must concern themselves with.
Look at our ultimate guide to payment fraud prevention to learn more about the different types of fraud. And then see how Primer gives merchants the tooling to prevent payment fraud.
Social engineering scams
Scammers manipulate individuals by impersonating trusted entities. For example, they might pose as an online retailer to dupe customers.
Let's look at an example of how a fictitious individual called John fell victim to APP fraud.
Everybody, apart from the criminal, loses. John has lost several hundred pounds to the fraudster. And the merchant, despite not playing any role in the fraud, will never receive John's custom again. That's because research shows that individuals will still hold a merchant accountable—even when they did not know about the fraud occurring.
Romance scams, app scams, and tech support scams are other common examples of social engineering fraud. Criminals use a wide variety of techniques to launch these attacks. These include email, cold calling, pop-up messages, hacked websites, and incorrect search engine results.