At a time when cybercriminals are constantly looking for new ways to target vulnerable people, automated push payment (APP) fraud is rapidly becoming one of the main methods used to scam. According to a new report by ACI Worldwide called Scamscope, APP fraud is forecast to double by 2026 across the UK, US and India to reach $52.5 billion.
Fraudsters pretend to be from a trusted company or financial institution and trick their victims into making often large bank transfers to a fake account. There are a range of different scenarios that scammers use to make people believe them. For example, a popular method is to say money must be moved quickly from one account to another due to fraud concerns or targeting people buying a house and saying they are a conveyancer who needs the money quickly.
Pressing challenge
Social engineering attacks like this are a major concern for financial institutions, with the rise of digital platforms and social media making it easier than ever before to target people. In the UK alone, APP scams totalled £582 million in 2021, an increase of 39% from 2020, indicating the growing problem this type of fraud is for banks and individuals alike.
Unlike other forms of fraud, where victims are entitled to a refund for their losses, as customers do authorise the transaction themselves, there is no legal responsibility for banks to refund the customer losses. There are many reports of APP fraud in the media, where banking customers report to losing thousands of pounds to cybercriminals after going through either password or biometric checks.
Addressing the problem
For banks, finding the right balance between blocking suspicious transactions and reducing friction is difficult to achieve. At the moment, warning messages are typically used to alert customers to the risk of APP fraud, but clearly more needs to be done if this threat is to be effectively reckoned with.
By employing advanced technologies, including behavioural analysis tools, banks can get a better understanding of when payments are more likely to be made under duress or be related to APP fraud. Educating banking users of what to look out for when making payments that seem dubious is also an essential part of the solution.
Data is the key to meaningfully reducing the level of APP fraud, as customer data be used to identify transactions that are outside of the norm. Closer collaboration between banks would enable these firms to gain a clearer understanding of where money is being sent and why it is being done. Once this is built, signs of fraud could be sent between the receiver bank and the originator bank.
So-called mule accounts, which are accounts that are used to move around money that is directly from criminal activities, also need to be focused on by banks, as these are regularly used during the APP fraud process.
With customers who fall victim to APP fraud often being massively impacted by these forms of attack, banks have a responsibility to engage with all the options available to them to combat the growth of such a damaging scam.
Written by Finbarr Toesland, Editorial Contributor, VC Innovations
______________________________________________________________________
The conversation on fraud prevention, cybersecurity and digital identity continues at the Future Identity Festival on the 11th – 12th November 2024 at The Brewery, London.
Whether your concerns are security, inclusion, privacy, inter-operability or offering customer seamless experiences, the festival will explore the key trends and technologies shaping the future of identity verification, risk management, fraud prevention and more.