Nov 2018 | Fraud Prevention | Fraud

Authorised Push Payment fraud costs individuals and businesses £236 million in 2017

The good news is that you can start protecting your customers today with bank account verification technology, says Darryl Warner, Payments Product Manager, Experian.

In 2017, there were nearly 44,000 reported cases of Authorised Push Payment (APP) fraud, where account holders are tricked into paying money into fraudsters accounts, rather than sending funds to legitimate payees.

This kind of fraud is so prevalent, and so damaging for customers, that it has become one of the payments industry’s hottest topics. Data from trade body UK Finance indicates losses of £236 million in 2017 alone. What’s more, per-transaction losses are extremely high with this type of fraud, with targeted individuals losing an average of £2,784 (rising to £24,355 for businesses).

Even more worrying is the sharp rise of reported APP incidents, with new cases reported in the press almost daily. In one of the biggest recorded losses, a couple in London sent £120,000 to a fraudster who managed to highjack a payment meant to cover a relative’s inheritance tax.

Customers have been left to foot the bill (or most of it)

Although most recognise that Authorised Push Payment fraud is a major issue, many institutions are still unsure about exactly how to respond.

Authorised Push Payment (APP) transactions to fraudsters’ accounts are initiated and authorised by the customer, which has led some institutions to accept no, or only very limited, liability. Often claiming that customers have been negligent, banks have only reimbursed £60.8 million of the total £236 million lost to APP fraud in 2017 – leaving customers to foot the bill for the remaining £175.2 million.

“We … often hear from banks that their customers have acted with ‘gross negligence’ – and this means they’re not liable for the money their customer has lost. However, gross negligence is more than just being careless or negligent. And as our case studies show, the evolution of criminals’ methods – in particular, their sophisticated use of technology and manipulative ‘social engineering’ – means it’s an increasingly difficult case to make.” – Caroline Wayland, Chief Ombudsman, Financial Ombudsman Service (FOS)

Doing nothing is no longer an option

The APP fraud epidemic prompted Which? to lodge a super-complaint with the Payment Systems Regulator (PSR) and the Financial Conduct Authority. Which? argued that victims of Authorised Push Payment fraud do not get the same level of protection as victims of other types of fraud, including card or direct debit fraud.

In collaboration with the Chief Financial Ombudsman Caroline Wayland, the Payment Systems Regulator published an interim industry code in September 2018, including a contingent reimbursement model. This applies to cases of APP fraud where customers have acted appropriately, and sets guidelines around whether or not their funds should be returned to them in some cases.

Ultimately, this work will culminate in a new set of Payment Systems Regulator best practices for both sending and receiving banks that will help to mitigate APP fraud risks and, ultimately, to protect customers and their funds.

Don’t wait! Take action on Authorised Push Payment fraud today

While the Financial Ombudsman, the Payments Systems Regulator, the New Payments Service Organisation and others continue to resolve the details of how APP fraud should be handled, the list of victims continues to grow daily. The question is, what can your organisation do to protect customers from fraud, starting from now?

One measure is to deploy bank account verification technology. This works by cross referencing payee account details with the name of the account holder. In this way, any discrepancies between the account details and the account holder’s name can be flagged to the person making the payment before they hit send.

From the customers’ perspective, this provides an extra level of protection. If the name of the account holder doesn’t seem to match the other details – including the account number – the bank can send a red flag. This gives the customer the opportunity to check the account details directly with their payee, potentially preventing money being sent inadvertently to an account controlled by a fraudster.

Stay ahead of any upcoming regulation

The real beauty of bank account verification technology, is that it is likely to support future regulatory initiatives around Authorised Push Payment (APP) – helping you to stay ahead of the game.

Not only does this approach support best practices for better reporting of suspected APP cases, and for better collaboration and case handling between sending and receiving banks. It also helps you to demonstrate to your customers and the regulators that you are taking all reasonable measures to protect customers against APP risks – which could well be a requirement of the new rules when they come into force. Moreover, demonstrating to customers that you’re doing your upmost to protect will build trust and a positive brand affiliation which will benefit both you and the customer moving forward. Some businesses are concerned that an additional bank account verification check may cause added friction to the customer journey, however Experian research shows that some fraud prevention measures are valued by customers as they feel safer when logging into or managing accounts.

Find out how

Experian is a leader in bank account verification solutions, and we are already helping a number of leading banks to protect their operations and customers against Authorised Push Payment fraud risks

For more information about our offering and the benefits for your business, visit