Addressing the Authorised Push Payment (APP) Fraud Problem

As fraudsters continue to focus on exploiting vulnerable people and small businesses to commit a wide range of APP ‘scams’, what can you do to address the problem? In response to the Which? super-complaint of 2016, the focus has moved to the responsibilities of financial institutions - with UK Finance and the Payment Services Regulator consulting with members to establish best practice.

In all such situations, prevention is better than cure. So is there a way that financial institutions can fight back against the growing problem of APP fraud?

In the first six months of 2018 alone...

A total of £145.4 million was lost due to APP scams, £92.9 million from personal accounts and £52.5 million from non-personal or business accounts.

There were 34,128 cases of APP scams - 31,510 personal and 2,618 non-personal.

Financial providers returned a total of £30.9 million of the losses

The Problem

Authorised Push Payment (APP) fraud occurs when a financial criminal dupes an innocent party into sending a payment under false pretences to a recipient bank account the criminal has control of.

This Modus Operandi is not new but it is becoming increasingly common. More and more financial institutions have placed greater emphasis, security and control on their transactional and online platforms to prevent unauthorised third parties directly accessing and transacting on accounts.

Unfortunately, the financial criminal is not easily deterred and has merely looked to negate these barriers by finding alternative methods with which to illicit fraudulent payments, in this instance by directly targeting and socially engineering customers.

This type of fraud can happen to both private individuals and businesses and, as payments are typically made in real-time, funds can be quickly moved on or directly withdrawn without revocation, and before an innocent party even realises they have fallen victim to a scam.

The Challenge

More and more alarming stories of authorised push payment scams are appearing in the press. The advancements in customer security technology and processes, combined with human susceptibility to social engineering, has made the current environment fertile land for APP fraud.

A recently widowed mother of three fell victim to a scam which cost her elderly mother- for whom she exercised power of attorney- all of her life savings. She was caught out by a scam phone call when she was just out of hospital, despite the call seeming genuine. She and her mother were liable for the lost £18,500. But that is about to change for many such victims.

In a 2016 customer survey, the consumer magazine Which? found that 60% of respondents were unawarethat APP transfers are unprotected. Following the super-complaint Which? made on behalf of the public, UK Finance and the Payment Services Regulators expect you to do more to protect your customers.

The burden of financial liability for APP fraud losses is moving from the victims to financial institutions. Those which have not taken adequate steps to prevent or identify fraud may very soon face further obligations to reimburse victims.

Changes In Regulation

The Contingent Reimbursement Model Code proposed by the Authorised Push Payments Scams Steering Group, set up by the Payment Service Regulator, sets out the circumstances when the victims of APP would get their money back and whether it might come from their payment services provider (the sending PSP) or the PSP that received the money on behalf of a fraudster (the receiving PSP).

It declares that firms should aim: 

• To reduce the occurrence of APP fraud. 
• To increase the proportion of customers protected from the impact of APP fraud, both through reimbursement and the reduction of APP fraud. 
• To minimise disruption to legitimate payment journeys.

It goes on to outline some specific requirements including:

• Firms should take appropriate action to identify customers and payment authorisations that run a higher risk of being associated with an APP fraud. 
• Firms should establish transactional data and customer behaviour analytics incorporating, where appropriate, the use of fraud data and typologies to identify payments that are at higher risk of being an APP fraud.

• Firms should take reasonable steps to prevent accounts from being used to launder the proceeds of APP fraud. 
• Firms should use available shared intelligence sources and industry fraud databases to screen customer accounts and apply industry typologies to identify accounts at higher risk of being used by criminals.
•  

Addressing The Problem

At the moment, there is no ‘silver bullet’ solution to APP scams. The regulators have cited collaboration and data sharing as key factors in mitigating the risk of APP fraud. Many bodies, from financial crime solution companies like Synectics Solutions to banks and trade groups, are working together to try to formulate better systems to combat the problem, including transactional controls and flagging up potential and actual victims - whilst providing an efficient real-time ‘on boarding’ service to genuine customers.

Achieving this will take a holistic approach, looking at both the application process and account lifecycle and offering a multi-layered set of provisions and solutions.

Synectics Solutions are well equipped to support the industry in meeting these challenges, hosting an established syndicated intelligence database of in excess of 250 million records across multiple sectors and with access to a variety of other public and private data sources. In harnessing this data our established SIRA and Precision services have a key role to play in the future of the fight against APP scams.

• SIRA is an all-in-one established financial crime prevention solution which leverages millions of data items from different sectors to identify and stop fraudsters working across industries, enabling providers to make quick and informed decisions. It works using a multitude of machine learning algorithms and comprehensive workflow management enabling point of application identification of fraud cases, whether these be identity frauds or money mules – key fraud types in the proliferation of APP fraud. In the first half of 2018 just over three quarters of all fraud identified within our syndicated database were either identity fraud or misuse of account (driven mainly by mule activity), the data related to which is available to match to as part of the syndicated intelligence pot.

• Precision, our predictive analytics solution, has the ability to process huge volumes of data and apply a combined array of algorithms and modelling techniques. It provides a predictive modelling platform capable of analysing the largest of data sets and producing actionable results in real-time. Increasingly it is being used to target specific types of financial crime activity.

These solutions may prove to be particularly helpful in:

• Profiling what a potential victim of APP scamming might look like, taking in factors like demographics, age, income, location and occupation.
• Identifying bank accounts applied for by first party and third party fraudsters where the account, if opened, has a high risk of being used for mule activity, namely being used to receive funds as a result of fraudulent activity elsewhere, account takeover or APP.

However, we appreciate this is only part of the solution. We are also taking an active role in this initiative, collaborating with customers and the industry to move the fight against APP fraud forward. We are co-ordinating shared knowledge through workshops and feedback from our clients – financial institutions which are in the ‘front line’.

We’re also tracking the voluntary Contingent Reimbursement Model Code currently being applied by many banks to compensate victims of APP fraud – and we will consult with our members when this code is ratified.

Whilst there is a lot of industry focus in this area, there is also some uncertainty on how best to combat it and the full implications of the PSR guidelines. What is certain is that financial institutions which fail to take up a positive and proactive position are leaving themselves open to potential damage, financially and reputationally.

To discuss the implications of APP fraud and how you might participate in the collaborative approach to combating it, please call 03332 343 418 or email info@synectics-solutions.com