What is APP Fraud? Taking the fight to the fraudsters on the new frontline

Authorised Push Payment (APP) fraud is a financial crime that has become increasingly common in Europe. Unlike traditional scams that rely on stolen credentials or system breaches, APP scams manipulate victims into authorising instant payments to fraudulent accounts. Because these transactions are technically approved by the victims, they are more likely to evade standard fraud detection mechanisms. It echoes a wider shift in fraudulent trends that involve focusing on the weakest link in the payments chain: humans.

Real-time payments (RTP) are also a target for fraudsters because their very USP – speed. They can move money out of the recipient account within minutes, before the victim has realised they’ve been scammed, which makes it even harder to recover.

The emotions that come with falling victim to APP fraud are hard to bear – being tricked by a fraudster can fuel anger, confusion and even shame within individuals. And when people are embarrassed to admit they’ve been a victim, it unfortunately creates a rich playing field for scammers to operate.

The impact can be tough in different ways on victims, with Visa research¹ finding issues with money management, financial confidence and personal wellbeing, as well as financial loss. A third of those surveyed reported that their mental health suffered as a result of APP fraud, and almost half (45%) feel at risk of falling for the scam again.

The scale of the problem is significant - total losses due to APP scams exceeded £239 million in the first half of 2023 according to UK Finance, and 1 in 3 of those surveyed by Visa reported having fallen victim to APP fraud. This specific type of scam is a huge contributor to the overall impact of fraud across Europe, with the EBA and ECB revealing² last year that payment fraud in EEA reached €4.3bn in 2022, with an extra €2bn reported in the first half of 2023.

How are people being targeted by APP fraud?

Common forms of APP fraud include:

• Impersonation Scams: Where criminals pose as trusted entities such as banks, government agencies, or even family members in need of urgent help.
  
• Invoice Scams: Fraudsters intercept legitimate invoices, alter payment details, and redirect funds to their accounts.
  
•  Investment Scams: Victims are lured by promises of high returns on fake investment opportunities, leading them to transfer substantial sums.
  

How Do People Fall Victim to APP Fraud?

APP scammers can be highly convincing, employing tactics in their communications with victims to exploit their trust and create panic, uncertainty and above all, urgency. Amongst the most common of these tactics are:

• Fake Bank Alerts: Victims receive calls or messages impersonating their bank, claiming suspicious activity and urging them to transfer money to a "safe account."
  
• Fraudulent Sellers: Fraudsters advertise goods or services online, collect payments in advance, and never deliver the promised items.
  
• Romance Scams: Scammers develop online relationships with victims, eventually convincing them to send money under false pretences.
  
• ‘Hi mum’ Scams: Fraudsters pretend to be a family member in desperate need for cash, again playing on the emotional heartstrings. Here it’s important for families to establish simple defences, such as a safe word, a safe number or a safe hand signal.
  

How Can Consumers Protect Themselves?

Consumer education is critical. Primarily, education on the scale, impact and methods of APP fraud, but there are a number of simple things consumers can do to avoid it at the front line:

1. Verify the request: Always confirm payment instructions, especially if they seem unexpected or urgent. Contact the requesting party using verified contact information, using a different device to the one you were contacted on.
   
2. Fight the urgency: Fraudsters will create a sense of urgency to cloud judgment. Take time to assess the situation.
   
3. Enable Two-Factor Authentication: Use additional layers of security for online transactions where available.
   

Taking the fight to the APP Fraud scammers

In a pilot with Pay.UK, Visa trialled a new overlay service, Visa Protect for Account-to-Account (A2A) Payments, which allows all UK banks and building societies to analyse money flows and use predictive artificial intelligence to detect fraud and help prevent crime before it occurs. The result was that the tool correctly identified an additional 54% of fraud and APP scams beyond those spotted by the banks' prevention systems. This, when applied UK wide, has the potential to help save the UK economy over £330 million a year. We are working to roll this out globally, with partners in South America already seeing notable results for customers.

Visa Protect for Account-to-Account (A2A) Payments, which is in the early stages of being piloted with certain EU banks, will be a gamechanger in this battle. Deploying advanced AI, a multi-bank view and protection across multiple payment rails, it will give sending and receiving financial institutions a risk score and indicators to offer them a more holistic view of payments going through their systems. This will allow them to step in and protect their customers before the fraud takes place – reducing the chances of them going through the pain – both financial and emotional – of falling victim to APP fraud.

European banks and financial institutions are already employing various strategies to mitigate APP fraud. Confirmation of Payee (CoP) verifies that the recipient’s name matches the account details provided, reducing the likelihood of funds being misdirected. While not yet standardised across Europe, CoP has been highly effective in countries where it is implemented, such as the UK and the Netherlands.

To further consumer protection, the UK Payment Systems Regulator (PSR) has additionally introduced the 50/50 rule, which has been in effect since October 2024. This rule requires the sending and receiving payment service provider to equally split the cost of reimbursing consumers in cases of APP fraud.

Global bodies, businesses and institutions are fighting back to protect the payments ecosystem and individual consumers. Worldwide, Visa has invested over $11 billion in technology, including to reduce fraud and enhance network security, enabling us to create more solutions to help consumers avoid being scammed.

Collaboration is key. With continued efforts from payment schemes, industry bodies and banks, the fight against APP fraud will become even more effective, ensuring a safer financial landscape for everyone.