Skip to content
All Blogs

Preventing authorized push payment (APP) scams to defy the odds

Author: Tiffany Staples


It’s tough to figure out what’s real these days. We are, after all, in the age of deepfakes and ChatGPT - where videos can be doctored, and journalistic-sounding articles can be written by bots. These technological advances make it harder than ever to recognize real human actions vs. machine-led events. Cyber and fraud attacks are growing more common and more intelligent, and it’s harder than ever to identify real customers from fraudsters. For example, an online purchase can look like it was made by a real customer when the transaction was actually completed by a bot.

Consumers today have more choice and flexibility than ever when it comes to how they pay for goods and services. Gone are the days when you had to carry cash or checks (or even physical credit cards) with you. Thanks to tools like ApplePay, Venmo, Zelle, and buy now pay later (BNPL) options, shoppers can pay by tapping a phone, diners can split checks with ease, and buyers can pay for goods in installments.

More flexibility, however, has brought with it more opportunity for fraudsters and scammers. Authorized push payment (APP) scams have skyrocketed to affect people and businesses around the globe.

In the UK alone, the banking and finance industry lost £609.8 million to fraud and scams in the first half of 2022, and that loss was due mainly to APP fraud. This problem is only expected to grow in the coming years. According to a report by payments software company ACI Worldwide and GlobalDataAPP, fraud losses are expected to hit $5.25 billion across the U.S., U.K., and India by 2026.

As a result, financial institutions and regulators in every country are working to come up with new, innovative ways to fight APP scams effectively. Currently, many governments are taking steps to hold banks and businesses responsible for protecting shoppers and account holders. This means financial institutions will likely be required to start reimbursing scam victims in the future — unless they significantly improve their fraud prevention strategies and prove they can successfully fight cyber and fraud attacks. Otherwise, financial institutions will end up paying high fees to cover consumer losses.

The major challenge facing banks and financial institutions is the unilateral design of legacy fraud systems which only address a specific type of fraud. There are solutions for RAT fraud, solutions for payment fraud, solutions for identity theft, etc. and each of these operate in a silo. Sure, some vendors may offer multiple solutions, but they come at additional cost and require multiple time-consuming models to be developed. That’s a blog for another day, but the biggest issue is that APP fraud doesn’t fall into ANY of these categories – and traditional fraud solutions can’t do anything about it. 

What are APP scams?

Simply put, APP scams occur when a person or business is tricked into sending money to a fraudster. In these instances, the victim or victim’s account initiates — or “authorizes” — the action to send money — or “push payment” — to the fraudster, as opposed to the fraudster initiating the transfer on their end. These payments can range from digital wallet payments to bank deposits and transfers, wire transfers, or direct pay using Venmo, Zelle, or other instant pay apps. Unfortunately, many thousands of people are tricked by APP scams every year.

Usually, the fraudster in APP scams will pretend to be part of an organization trusted by the victim, i.e., a bank, employer, or a known vendor. For example, a scammer pretending to be a bank official could send an email to an unsuspecting account holder, insisting there’s a security issue and the money in their account must be moved. The account holder, anxious to keep their funds secure, might then quickly transfer money to a new account — realizing too late the new account belongs to a scammer. This was exactly what happened to a 78-year old HSBC client who, thankfully, was protected by the bank’s proactive fraud detection and prevention solution.

In other cases, a scammer might create a fake account pretending to be a victim’s friend or acquaintance, then request money to help pay for medical bills, invest in a get-rich-quick scheme, or some other fictional reason. The victim, eager to help or collaborate with a person they know, might send money, only to discover the trickster wasn’t a person they knew at all.

Because the victim willingly authorizes the transfer of their own money (from a legitimate account) in an APP scam, these types of fraud are notoriously difficult for financial institutions and businesses to spot. They’ve also been essentially ignored, with banks and financial institutions taking a “not my problem” approach since the victim willingly sent the money.

In most cases, APP scams take advantage of innocent people’s confidence and trust. Victims of APP scams end up losing not only their money but can lose their sense of security in other people and institutions.

Types of APP scams

APP fraud can vary widely in method and complexity. Some common types of these scams include:

Fake business scams. Fraudsters may pretend to sell goods or services and convince the victim to send money to purchase them — but never actually deliver the products or services. Often, these goods and services are high-priced items that are difficult to obtain — and scammers insist the victim must send money quickly while supplies last.

Security scams. A scammer may pretend to be a representative from a bank or other financial institution and warn victims of a false security issue, convincing them to transfer money to an account. That illegal account ends up belonging to the scammer, who takes the money and disappears with it.

Romance scams. In these types of scams, fraudsters create fake online personas and build relationships with victims, who end up sending money as gifts, means of financial support, or travel funds.

Prize and sweepstakes scams. Fraudsters send texts or emails to victims falsely claiming they’ve won money or prizes. Victims end up sending so-called collection or shipping fees in order to collect their winnings, which don’t actually exist.

Investment scams. Scammers present victims with a business opportunity in which they can invest money to turn a quick or sizable profit. Unfortunately, the business opportunity doesn’t actually exist, and the scammers run off with the “investment” made by the victim.

Fake invoice scams. This APP fraud can affect both consumers and businesses. The fraudster sends an invoice from a seemingly authentic source – a child’s school, adult’s gym, or a business supplier. The victim pays it, believing it’s a real bill, but they’re actually depositing funds directly into the fraudster’s account.

Money mule scams. Some victims of APP scams don’t actually end up losing their own money. Instead, they become unwitting helpers of fraudsters by transferring illegal money through their own accounts, effectively laundering those funds.

While fraud and scams have existed for centuries, technological advances have dramatically transformed the ways these illegal activities are carried out. Mobile payment apps such as Venmo and Zelle, for example, have made it easy for scammers to trick people into sending them money quickly — and difficult to get that money back once lost. Unlike a credit card which provides fraud protection, instant money transfers are just that – instant. Which means once the money is sent, it’s gone. For the same reason, getting money back from an APP scam is extremely difficult. However, the explosion of Zelle fraud cases in recent years has prompted government officials to push banks to do more to protect consumers.

How can businesses prevent APP scams?

Consumer education to help people spot and avoid scams is essential, but it can’t be relied on alone. Banks and businesses also have to step up to combat APP scams and protect customers, especially as more countries pass legal regulations requiring financial institutions to take more responsibility for fraud by requiring them to reimburse victims 

Fighting APP scams effectively requires a sophisticated and comprehensive approach to fraud detection and prevention. The most effective fraud defense platform unites first-party data capture and real-time identity resolution that includes behavioral biometrics.

An end-to-end fraud solution brings together the full suite of defensive measures needed to protect banks and businesses against APP scams. First-party data capture collects and analyzes all the interactions a customer or visitor has with an organization, building a complete profile of every user that includes behavioral biometric data, browsing history, activities, and more.

Comprehensive customer identity profiles empower organizations to assess whether an activity is legitimate or not, comparing “me vs. me”. Leveraging behavioral biometrics ensures everything from how a person types to how they use a mouse or touch their phone is unified into one inclusive ID graph. These subtle details enable financial institutions to figure out when an account holder may be under the sway of a fraudster, for example when the actions and movements are rushed and following abnormal patterns. The account holder might authorize larger-than-normal transfers, unexpected transfers to unfamiliar accounts, or try to make a lot of transactions at the same time. They might also use devices they don’t normally use, follow pathways that aren’t their norm, or use online shortcuts or features they’ve never taken advantage of before. Real-time identity resolution complete with behavioral biometrics can quickly and accurately detect — and stop — any behavior that’s out of the norm for an individual user.

A modern fraud prevention solution can also track and identify compromised identities and set up trigger alerts on affected accounts. As soon as one of these accounts is noted, this Sense and Trace feature can either shut the transaction down, preventing victims from making transfers or transactions and losing their money, or track the activity (while protecting the initial victim) to uncover larger fraud networks.

A comprehensive fraud defense solution that leverages first-party data capture and real-time identity resolution also offers other unique advantages. First, it acts as a single source of truth, compiling all an organization’s data in a single, enterprise-wide, platform. This means fraud-related data can be easily and securely shared across the organization, without the latency and gaps of traditional silos, allowing for better-informed decisions. A true first-party data capture solution also sits within a bank or business’ own infrastructure and firewalls, allowing full control and ownership of the information without the need for black boxes or other data protection measures required by external systems.

Perhaps most importantly, an effective fraud solution based on first-party data capture works in real-time - which means it can stop fraudulent transactions before they go through. Real-time is key. The ability to capture, monitor, and detect behaviors that are common to victims of fraud and scams must happen in the blink of an eye. But to actively prevent fraud you must also be able to instantly decision the insight, and act on it. The entire process must happen in milliseconds, or it’s too late.

Patchwork measures aren’t enough to prevent today’s complex and varied APP scams. Celebrus’ innovative live-time fraud detection and prevention solution leverages first-party data capture and behavioral biometrics to inform industry-leading identity resolution. It enhances existing fraud management and identity authentication systems, connecting all these tools and applications seamlessly while filling data gaps that lead to missed signals and costly fraud losses. This holistic approach helps banks and businesses deliver frictionless, uninterrupted customer experiences while guarding against APP scams and fraud.







Subscribe to our blog for regular updates!