What is authorised push payment (APP) fraud?

Authorised push payment (APP) fraud is one of the biggest areas of fraud in the UK, affecting both individuals and businesses and costing millions each year. On the upside, new measures introduced in 2024 are improving compensation for those affected. However, not all forms of push payment fraud are covered by these new rules. In this article, we look at how you can recognise APP fraud and what the new compensation rules mean for victims.

Also known as a bank transfer scam, authorised push payment (APP) fraud is where a victim is tricked into sending money to a fraudster posing as a legitimate recipient. Every year, hundreds of thousands of individuals and businesses fall prey to these increasingly convincing scams.

APP scams take place as the victim is initiating a transfer of funds to another party. The key here is the word “authorised” – the payment is made willingly. In APP fraud, the scammer intercepts the funds before they reach the intended recipient, redirecting the transfer to their own account. They often gain the victim’s trust by impersonating a trusted authority, such as a police officer or bank representative, and convincing the victim to make a payment to an account under their control.

Because authorised push payment fraud exploits human trust, using psychological tactics and playing on victims’ emotions to manipulate them into authorising payments they believe are genuine, it often leaves a lasting emotional mark on the victim.

A key way to recognise APP fraud is the sense of urgency employed by the scammer to get you to act more quickly. They might use phrases designed to trigger anxiety, for example, claiming your account won’t be safe unless you take action immediately. If it were a genuine bank or organisation, you wouldn’t be pressured into rushing a payment or decision.

Here are some of the main types of APP scams to watch out for:

• Malicious payee. This is where a fraudster tricks someone into paying for goods, investments, or services that don’t exist or will never arrive. You might think you’re buying something real, but the fraudster takes the money and disappears.

• Malicious redirection. In this APP scam, a criminal pretends to be a bank employee and persuades the victim to transfer money to a supposedly “safe” account – which is actually controlled by the fraudster.

• Fraudulent bank transfers. Here, the scammer convinces the victim that they need to move their money to protect it from fraud. They may pretend to be from your bank, claiming you’re at risk and must act fast to “secure” your funds in another account – which, again, is theirs.

• Impersonating family or friends. Fraudsters sometimes pretend to be a family member or friend in urgent need of money. These requests often come via text, social media, or instant messaging, with a story designed to get you to send money without much thought.

• Invoice fraud. Scammers may create email addresses that closely resemble those of genuine businesses. They then send fake invoices to make it seem like a legitimate payment request. Victims often believe they’re paying a real supplier, only to find their payment went to a criminal’s bank account.

• Supplier impersonation. This is where a scammer pretends to be a supplier and informs a customer that they’ve changed their bank details. The customer then makes payments to the attacker’s account instead of the real supplier’s account.

Fraudsters are using increasingly convincing techniques, making it harder to tell if a request is genuine or not. By staying vigilant and double-checking any unusual payment requests, you can help protect yourself from falling victim to APP scams.

Authorised push payment fraud is a significant and growing problem in the UK, affecting around 200,000 people each year. 

In 2023, APP fraud resulted in losses of £341 million, according to the Payment Systems Regulator (PSR). More recent data from UK Finance, which represents over 300 banks and financial institutions, shows that in the first half of 2024 alone, £213.7 million* was lost to APP fraud. 

These statistics show just how prevalent and damaging these scams can be. However, the UK has brought in new measures to offer greater protection to consumers and businesses alike.

Until recently, recovery rates for losses due to APP fraud were fairly low. This was partly because banks were previously under no obligation to refund victims of APP scams. 

Because banks in the UK issue alerts, advising customers to be cautious about potential scams when making payment transfers, if these were ignored, the bank could argue the customer was partly responsible. There was a voluntary code the banks could follow, called the Contingent Reimbursement Model (CRM), which encouraged refunds but allowed refusals if those warnings were disregarded.

Now that push payment scams are becoming a growing area of concern, however, the Payment Systems Regulator (PSR) has taken action, introducing measures to protect consumers and guarantee swift reimbursement for eligible victims.

Victims of authorised push payment fraud now benefit from new protections. These new rules from the PSR cover payments made within the Faster Payments system, where most cases occur. 

Key measures include:

• Victims of APP scams, whether they are an individual, charity, or micro-enterprise, can now claim up to £85,000, with a potential £100 excess. Payment service providers are now required to provide reimbursement where applicable.

• Sending and receiving payment firms will split reimbursement costs evenly, giving both firms an incentive to combat fraud.

• Victims of APP scams can expect reimbursement within five business days, with additional protections for vulnerable customers.

Unlike before, refunds for APP scam victims are now mandatory, rather than being left to the discretion of individual banks. It’s worth noting that this new £85,000 claim limit is the same as the Financial Services Compensation Scheme’s cap on deposit reimbursements for cases where regulated financial firms fail.

These new rules aren’t designed to let consumers off the hook when it comes to keeping safe online. If the customer was negligent when making a payment, they may not be reimbursed the money lost under an APP scam. 

The new APP fraud measures are intended for payments made within the UK using Faster Payments after 7 October 2024. If you made the payment via debit or credit card or from accounts outside the UK, this transaction will not be considered for reimbursement.

Other situations where you may not be reimbursed for APP fraud include:

• The payment was sent to an account you control.

• You didn’t provide necessary details for the claim review.

• The payment was not authorised (these are covered by different rules).

• You acted extremely carelessly, such as ignoring warnings about a potential scam.

• There’s reasonable suspicion that you were involved in the fraud.

• You didn’t report the suspected APP scam promptly.

Now we’ve seen how sophisticated and damaging some of these APP scams are, it’s important to be extra cautious and have your wits about you when making payments online.

Here are some ideas to protect yourself from push payment scams:

• Be cautious with unexpected messages or calls asking for personal details. Verify the sender by contacting the organisation through its official channels before sharing any information with them.

• Avoid relying on email instructions, as these can be intercepted by scammers. 

• Only make payments through trusted online banking or payment apps, and make sure that they’re secure.

• Add an extra layer of security by enabling two-factor authentication (2FA) on your accounts.

• Treat unexpected offers with scepticism, especially if they ask for financial information or seem too good to be true.

• If you suspect an APP scam, report it to your bank or Action Fraud. Staying informed about current scams can help you spot fraudulent activity before it impacts you.

Raisin UK has a set of articles to help you keep safe online.

Our Customer Services team is on hand to help. If you’re a registered customer, the most secure way to contact us is by logging in to your Raisin UK Account and sending a secure message, but you can also get in touch using the following methods.

By email:

service@raisin.co.uk

By phone:

0161 388 2399

Monday to Friday (excl. Bank Holidays)

8:30 am to 4:30 pm

New protection measures are in place, but APP fraud remains a significant concern. At Raisin UK, we take your security seriously. We implement strict protocols to keep your money and personal details safe. Our website is protected by SSL Secure Sites Certificates, ensuring all data you share with us remains confidential.

We follow the latest security standards to provide:

• A robust firewall to block any unauthorised external access

• Advanced multi-level encryption and identity verification

• Password protection and automatic log-out after 15 minutes of inactivity

• Transactions restricted to your nominated account only

With these measures in place, you can save with confidence at Raisin UK.

*https://www.ukfinance.org.uk/news-and-insight/press-release/over-ps570-million-stolen-fraudsters-in-first-half-2024