APP fraud is on the rise. According to Finextra, the total number of APP fraud cases was up 22% in 2023 compared to 2022. In fact, APP fraud is now the number one payments threat and are expected to reach $5.25 billion by 2026. In the UK, consumers lost over half a billion pounds to scams in the first half of 2023 alone. 

What’s more, the PSR has announced new mandatory reimbursement requirements that will come into effect this year, passing the liability from consumers to banks. 

That’s a problem. 

This type of fraud significantly undermines security, erodes customer trust, and costs banks reimbursement fees. 

The good news is sophisticated data analytics and robust prevention strategies can help. This month, we talked to industry thought leader, Ashley Beldham for his unique perspective. But first, let’s quickly recap on what APP fraud is. 

What is APP fraud?

APP fraud is a form of scam where victims are tricked into approving fraudulent payments. This may happen in two ways:

1. Authorised push payments fraud

Authorised push payments (APP) fraud is where scammers cunningly manipulate victims into authorising transfers to fraudulent accounts. Typically masquerading as trusted entities—be it a financial institution, a service provider, or a known contact—the fraudsters use sophisticated social engineering tactics to trick people into authorising payments. This type of fraud capitalises on the trust and speed when people are shopping online.

Of course, this poses significant challenges to financial security frameworks that rely on user authorisation as a line of defence. And while most banks will likely not offer consumers the ability to transfer such a large sum, the amounts they can transfer are still life-changing.

2. Mule fraud

Mule fraud takes a different yet equally damaging approach. In this scheme, fraudsters recruit people to use their bank accounts to process and transfer criminal proceeds, often under the guise of seemingly legitimate jobs or requests. These 'money mules' may be wittingly or unwittingly involved, but the outcome remains the same, making it challenging for banks to trace and tackle money laundering activities. This form of fraud implicates individuals in criminal activities and significantly complicates the financial ecosystem's integrity.

Ashley says that while liability has been on consumers banks often choose to reimburse victims; 

“While victims of APP fraud are liable for any losses, because 72% of fraud victims end up closing their account after a scam occurs, many banks opt to reimburse up to 80% of the losses rather than losing all future earnings of that account.”

But the rules for liability are about to change. 

In the UK, the PSR has announced new mandatory reimbursement requirements that will come into effect in 2024.

Here, creating customer profiles is key; and identifying customers who fall into the likely targets for APP fraud is hugely important i.e. which customers' profiles are changing beyond recognition, maybe a big out-of-character deposit for example.

Ultimately, all of this means, combatting APP fraud should be high on your agenda this year. It all starts with the right data. 

The power of data in detecting fraud

Ashley says it best; “High-quality data can significantly enhance the ability to preempt and prevent fraudulent activities. With the right data, banks can shift from reactive to proactive measures, identifying potential fraud before it occurs.”

The truth is, the quality of decisions made in fraud detection directly correlates to the depth and quality of data available.

With that in mind, here are some of the key data points or ‘fraud signals’ that Ashley recommends banks use to help detect fraud:

1. Transaction patterns: Unusual transaction patterns can be glaring red flags. For instance, a sudden high-value transaction, or a burst of small transactions that are atypical for a customer, can prompt immediate review. Advanced algorithms can analyse these patterns over millions of transactions to spot inconsistencies quickly and accurately. 

2. User behaviour analytics: By analysing how and when customers typically interact with their banking systems, banks can detect anomalies that may indicate fraud. For instance, changes in login frequency, transaction locations, and payment to new recipients are examples where user behaviour deviates from the norm.

3. Device and IP analysis: The origin of a transaction, in terms of the device or IP address used, can also provide critical clues. For example, a transaction request from a new device or an IP address from a high-risk location can trigger an alert.

4. Biometric data: While there is ongoing debate around the use of biometrics, verification like fingerprint scans and facial recognition, discrepancies in this data can indicate fraud attempts, particularly in identity theft.

In many instances, banks have a limited number of these types of data that can be considered in a fraud risk assessment. These may also be restricted to the specific customer and transaction under consideration. But widening the scope and introducing more data to the decision significantly improves detection accuracy.

Leveraging data for predictive analysis

Another important consideration is future threats. Because fraudsters often change their approaches, the signals for fraud can also change. So beyond detecting immediate threats, data can also be used for predictive analysis, allowing banks to forecast potential fraud hotspots and adapt their security measures. 

Ashley advises; “One of the best ways to forecast future threats is through sophisticated machine learning models. They can analyse vast datasets to predict where and how fraud might next occur based on current trends and historical data.”

One thing is certain, whether leveraging data for immediate threats or potential future threats, data sharpens the accuracy of fraud detection systems and enhances the speed of response. This is key because seconds can mean significant financial loss. The ability to rapidly interpret and act on data insights is invaluable.

We’ve covered quite a few techniques here, so let’s now pull all this together into some key steps that you can use to mitigate APP fraud. 👇

Key steps to mitigate APP fraud

As APP fraud evolves and becomes more sophisticated, so must the strategies to counteract these threats. Here are some of the key steps you can implement to strengthen your defences against this type of fraud:

Step 1: Use the right data to capture ‘fraud signals’

As we’ve already touched on, high-quality data can significantly enhance the ability to preempt and prevent fraudulent activities. This includes transaction patterns, user behaviour, device and IP addresses, and more. With the right data, you can identify fraud before it occurs.

Step 2: Leverage advanced data analytics

AI and machine learning enable real-time analysis of transaction data, flagging anomalies that deviate from typical customer activities. Plus, by leveraging predictive analytics, banks can anticipate fraudulent actions before they occur, setting up automatic blocks or alerts where necessary.

Step 3: Improve customer verification processes

Due to the ever-changing nature of fraud, customer verification processes are never a set-it-and-done job. It’s important to continually enhance the verification processes to ensure that all transactions are authenticated and that they originate from genuine sources. This might include advanced multi-factor authentication, biometric verification, and real-time transaction confirmation requests. 

Step 4: Customer education

It sounds obvious, but educating customers about the risks and signs of app fraud is crucial. Regular updates, information sessions, and straightforward communication about the latest scam tactics can empower customers to recognise and avoid fraudulent schemes. For example, Barclays has a dedicated microsite to help educate consumers.

Step 5: Collaborative efforts

Fraud detection and prevention are more effective when banks and financial institutions work together. Sharing information about fraud trends, attack vectors, and effective countermeasures can help the entire financial ecosystem stay ahead of fraudsters. 

Step 6: Continuous improvement

As you know, digital fraud is constantly evolving. Keeping abreast of the latest developments in fraud detection technologies and regularly updating systems and strategies are a necessity for maintaining a robust defence against new and emerging threats. This includes regular training for staff, updating software and systems, and adopting innovative solutions that enhance fraud detection capabilities.

While we can’t name who this bank is, here’s an example of this multi-layered approach in action. 

Real-life example: Proactive approach to APP fraud prevention

A major financial institution recognised the escalating threat of Authorised Push Payment (APP) scam fraud and devised a multilayered approach.

The bank began by upgrading its data collection and analysis capabilities. It integrated advanced systems to monitor transaction patterns, user behaviour, device logs, and IP addresses in real-time. This enabled them to capture crucial 'fraud signals' early, identifying potential fraud before it occurred.

By leveraging AI and machine learning, The bank could analyse vast amounts of transaction data instantaneously. The system flagged anomalies and, through predictive analytics, anticipated fraudulent actions, allowing the bank to block suspicious transactions automatically and alert customers.

Understanding the dynamic nature of fraud, the bank then continuously enhanced its customer verification processes. They implemented the latest in multi-factor authentication and biometric technologies, ensuring all transactions were thoroughly authenticated and originated from verified sources.

The bank also launched an extensive customer education program, regularly updating customers through digital channels and in-branch sessions about the latest fraud risks and prevention tactics. This initiative empowered customers to recognise and respond to fraud attempts proactively.

Finally, the bank created a culture of continuous improvement within its fraud prevention teams. They regularly updated their fraud detection technologies, trained staff on the latest fraud prevention strategies, and adopted innovative solutions that further enhanced their capabilities.

Through the implementation of this multilayered approach, the bank significantly reduced incidents of APP fraud, safeguarding their customers' assets and maintaining their trust. 

Strengthening defences against APP fraud

Due to its complexity, the battle against app fraud is not won by a single measure, but through a coordinated and integrated approach that encompasses technology, education, and collaboration. As fraudsters become more cunning, the financial sector must advance its strategies accordingly. Banks and financial institutions play a critical role in this effort, not just in protecting their own assets, but also in safeguarding the interests of their customers.

The combination of using the right data, sophisticated data analytics, enhancing customer verification processes, and educating customers creates a multi-layered defence system that is tough to breach. 

Final takeaway: We urge all financial institutions to intensify their use of data-driven strategies and adopt an integrated approach to fraud prevention. It is imperative to stay ahead of the curve by continuously updating and refining fraud detection and prevention mechanisms.