What is Authorized Push Payment (APP) Fraud?—Complete Guide (2024)

Authorized Push Payment (APP) is a new but alarming scam. According to Visa, one in three consumers have fallen victim to it. To help stay safe, Sumsub prepared this guide detailing what APP fraud is, the most common schemes, and how to mitigate the risks.

What Are Authorized Push Payments?

Authorized Push Payment (APP) is a type of transaction initiated by a payer, such as a  wire transfer, bank transfer, digital wallet payment, etc. In APP transactions, the payer has control over how much is sent to the payee (and when). By contrast, pull payments are controlled by the payee. This can be a recurring payment for a subscription, which is billed automatically on a monthly basis, for instance. 

What is APP fraud?

This is when fraudsters convince their victims to initiate  APP transactions under false pretenses. To do so, criminals may impersonate legitimate organizations, such as banks and government services, tricking victims into thinking that they’re sending money to a legitimate source. 

Most common APP fraud types (techniques)

There’s a variety of techniques used to commit APP fraud. Let’s go through some of the most common approaches: 

• Technique #1: Account takeover

This typically involves stealing people’s personal information and credentials to commandeer their accounts and authorize fraudulent push payments. 

• Technique #2: Social engineering

This is when fraudsters use manipulative techniques (phishing, romance fraud, etc.) to trick their victims into thinking that they’re sending payments to legitimate organizations or real people. In reality, they’re sending funds to well-disguised fraudsters.

• Technique #3: Targeting businesses

Typically, criminals target individuals for APP fraud, but businesses can also fall victims to these schemes. For instance, this can be done through phishing emails asking a company to change a business partner’s bank account details.

Suggested read: Account Takeover Fraud: Prevention and Protection

Common APP fraud schemes

Now that we’ve covered the fundamental techniques, let’s take a look at some of the most common APP fraud schemes:

• Impersonation — when fraudsters pose as an existing entity (company, government, etc.)
• Purchasing — when fraudsters make payer believe they are paying for actual goods or services
• Invoices — when fraudsters send invoices for services or goods that were never provided
• Romance — when fraudsters establish fake romantic relationships with the goal of manipulating their victim into transferring money
• Investment — when fraudsters convince their victim to invest in a fake business “promising guaranteed returns”
• Loan fee — when fraudsters charge a victim for a loan they never received

Suggested read: Detecting Romance Scams: A Guide for Dating Platforms and Their Users

APP Scams vs. Credit Card Fraud

Credit card fraud typically looks like this: A fraudster obtains someone’s credit card information to make fraudulent purchases on a delivery company. In this case, the payee (a delivery company) is pulling the funds from the victim’s account. As a result, the victim must then apply for a chargeback to recover the funds used in the fraudulent purchase. Since this sort of fraud is commonplace, both card issuers and marketplaces have long adapted fraud prevention techniques, such as two-factor authentication, to stop fraudsters from commandeering people’s accounts. 

By contrast, APP fraud is initiated by the payer (the victim) themselves, typically after being tricked by the social engineering tricks listed above. Therefore, the fraud prevention techniques that catch credit card fraud are less effective for APP fraud, since the true account holder is knowingly transferring money. This makes APP fraud much more difficult to detect and prevent.  

APP fraud losses

APP fraud has become a substantial issue in recent years. According to UK Finance, criminals stole over £459.7 million in the UK alone in 2023. The number of cases was also on the rise, increasing by 12% in 2023, totaling 232,429 fraud attempts. The most common type of APP scheme was purchasing, which amounted to 77,000 cases.

Besides loss of funds, APP fraud also leads to substantial reputational damage for businesses. If businesses fail to act in the face of increasing APP fraud, they will risk eroding the trust they’ve built with their clients.

Mitigating APP Fraud Risks

To mitigate the APP fraud, businesses need to take a holistic approach. This includes implementing more advanced security measures (e.g., transaction monitoring, behavioral monitoring) with built-in automation. This includes fraud detection and prevention systems that can monitor transactions for abnormalities, spot unusual behavioral patterns, and report suspicious activities. In addition, businesses should take  steps to educate their customers about the risks of APP fraud—particularly the social engineering techniques that are used to perpetrate it.