Banks must improve anti-fraud controls to fight APP scams.

Will the new rules be enough to tackle APP fraud, or will it simply cause more problems? Now, more than ever, banks need to innovate and educate to keep one step ahead of the fraudsters.

In a monumental move that has been applauded by consumer protection groups, the Payment Services Regulator (PSR) has mandated that from October 7, victims of Authorized Push Payment (APP) scams in the UK must be refunded (up to £85,000) by the account holder’s bank within a maximum of five days. 

This amount of £85,000 is significantly lower than the originally proposed £415,000, which was initially met with reservations by the UK Payments Association that it would “threaten the viability of smaller payment companies” . Other concerns were expressed by trade association, UK Finance, which feared the move would encourage more ‘complicit fraud’ and incentivize fraudsters to claim compensation money.  

However, for the customer, especially those who have fallen victim to APP scams, the move could not have happened sooner. 

This is positive news for UK victims of the APP scam, who for too long have often had to deal with the additional stress of attempting to have their money refunded.

Grigory Yusupov, Regional Director of UK at IDnow.

“This landmark decision should act as a reminder of the responsibility that banks have to their customers and a wake-up call to ensure their fraud-prevention and identity verification tool stack is fit for purpose, especially for social engineering-type attacks.”

It is hoped that the move will go some way to reducing the amount lost to APP scams, which in 2023 was estimated at a whopping £459.7 million.

A positive step forward – for the customer at least.

Before the recent ruling, there was no guarantee that victims of APP scams would be refunded, or who they should even turn to for help. For the unlucky few whose bank refused to refund, their last call was often to the Financial Ombudsman Service (FOS).  

From April to July 2024 there were 8, 734 complaints about fraud and scams, half of which were regarding APP scams. This was a significant increase on the same period of 2023 (6,094). 

The year on year rise in APP scam complaints can be attributed to; 

  • Increase of ‘multi-stage fraud,’ which sees funds pass through numerous banks, resulting in consumers submitting multiple claims.  
  • A growth in people inadvertently using their credit or debit cards to pay fraudsters, which are not covered by the Contingent Reimbursement Mode code or the new PSR rules. 
  • More online fraud cases submitted by professional representatives, including claims management companies.

Building trust through KYC in banking.

How can you set up a KYC process that satisfies your customers and meets regulatory requirements? Download now to discover:

  • grey square with four lines and checkWhat is KYC?
  • sign logo with check in itThe importance of KYC in the banking sector
  • justice logo with a paper logo at the back with white backgroundRegulatory impact on KYC processes

Read now

Thumbnail - KYC Banking 2024 EN

What is an APP scam?

While there are many different forms of APP scams, the end goal is always the same: to deceive individuals or businesses into sending money by fraudulent means. One of the most common forms of APP fraud is a romance scam. Read the story about how one British woman made it her mission to expose the romance scammers and even wrote a book about how she did it.

Other forms of APP fraud include: 

Purchase scams, where victims use a fake website or link in an attempt to purchase goods or services. 

Impersonation scams, where criminals pose as a well-known company or brand, such as a delivery firm, retailer or even HM Revenue & Customs and claim they have a parcel or bill that needs to be settled, for example. 

Investment scams occur when victims are duped into sending funds to a fraudster posing as someone with a ‘too good to be true investment.’ 

Read the story about how one man was contacted on Linkedin with ‘the offer of a lifetime,’ and proceeded to lose almost a million dollars.  ‘The rise of social media fraud: How one man almost lost it all.’ 

There are many others, including loan fee scams and lost pet scams. In fact, there are new APP scams created regularly, which is one of the reasons why APP scams are so dangerous and why the FOS is kept so busy. 

“Fraudsters’ methods are always evolving, and we continue to see that reflected in the complaints brought to our service,” said Pat Hurley, Ombudsman Director for Banking. 

“We are currently receiving – and resolving – around 500 fraud and scam complaints a week. In all the cases we receive, we’ll look at the individual circumstances and investigate whether a business did everything it was required to do. When we do uphold complaints, we expect firms to learn from our findings and apply them to any future interactions with their customers.”

What are banks currently doing to tackle APP fraud?

For banks, preventing APP fraud can often feel like a frustrating game of ‘Whac-A-Mole’; where after finally addressing and educating their customers on one form of APP fraud attack, a new variant suddenly springs up. This is why many banks employ AI to monitor transaction behaviors and cross reference historical spending patterns to flag potentially fraudulent activity. However, relying solely on AI can sometimes result in false positives or missed cases of social engineering. 

In general, banks tend to rely on specific risk signals, which are used to ascertain if a) the transaction is valid and authorized by a trusted account holder or b) the flagged activity is a genuine risk. However, as APP scam payments are authorized by the account holder, a regular bank’s defense systems do not necessarily flag such transactions as anomalies.  

From October 7, banks will be able to pause transactions for up to 72 hours when there are “reasonable grounds to suspect a payment is fraudulent.” Previously, banks had to either process or refuse a payment by the close of the next business day.

UK Fraud Awareness Report

Learn more about the British public’s awareness of fraud and their attitudes toward fraud-prevention technology.

Read now

thumbnail fraud awarness report

Can customers do anything to protect themselves against APP scams?

Of course, new regulations like October 7’s ruling may go some way to lessening the impact of APP fraud, by forcing banks to be held responsible, but as APP fraud appeals to human naivety, it can be particularly difficult to protect against. However, there are steps customers can take to protect themselves:

  • Too good to be true? If the offer or investment sounds too good to be true or is too cheap to be true, then there’s a good chance it probably is.
  • Is that really you? Is the bank, delivery company or even Keanue Reeves really contacting you? Fraudsters will impersonate anyone. If you’re unsure that the real company is contacting you, get in touch via official channels to check!
  • I beg your pardon? Fraudsters know that it’s often only a matter of time before people cotton on to the deception, which is why they tend to pressurize people to authorize payments as soon as possible.
  • How do you want to pay? If a company or person you have dealt with before is asking you to transact via a different payment method, then this is a red flag. 
  • Why do they want that? Do not give passwords or addresses or any other Personal Identifiable Information out over the web.

Why are APP scams so common?

The main reason why APP scams have become so commonplace and pose such a threat to the public isn’t because they are particularly sophisticated – after all, APP scams are essentially just social engineering. According to Lovro Persen, Director of Document and Fraud at IDnow, it is the sheer scale of attacks that people are subjected to that makes APP scams so dangerous. 

It’s a numbers game. We know that if fraudsters send 10 APP scam messages, they are unlikely to catch anyone, but if they send 10,000 messages, statistically there will be people who bite.

Lovro Persen, Director of Document and Fraud at IDnow

More must be done to raise awareness of the dangers of APP scams, especially with the more vulnerable groups like the elderly or the desperate.On paper, the decision to make compensation compulsory is positive, however, I do worry that banks may need to raise interest rates on loans and other services to make up for the loss of profit. In this regard, the financial compensation will affect the bank’s bottom line even more than it currently does.”

So, will compulsory compensation stop APP fraud?

Clearly, the fight against APP fraud is one that will not simply end on October 7. In fact, according to UK Finance, it may even make it worse: 

“We continue to express the opinion that the PSR’s approach may encourage more complicit fraud and exacerbate the APP risk as fraudsters capitalize on a reimbursement model which requires minimal consumer evidence, nor demonstration of consumer caution and a limited opportunity for payment service providers to investigate and challenge the consumer claim. This will inevitably increase the attractiveness of the UK to criminal entities.” 

The battle against APP fraud will not be won overnight. It will require regular regulatory updates to protect the industry. It will need a commitment from banks to educate their customers on the dangers of different forms of APP fraud. It will also require banks to innovate with new methods of fraud detection to not only protect their business bottom line and their customers but also ensure the customer journey is not too dramatically impacted.

How video identity verification can add an additional layer of protection against APP fraud.

While there will always be fraudsters on the lookout for new and inventive ways to deceive unsuspecting members of the public, banks have a responsibility to make it as difficult as possible for them. 

As APP fraud relies so heavily on real-time social engineering, a hybrid approach that combines automated detection with real-time human verification can provide an extra layer of defense and help to spot potential coercion. For example, when certain high-risk triggers are detected, such as unusually frequent payments to a new payee or a large, unexpected transaction, a live video verification session can be initiated to verify the transaction before it proceeds. 

This allows the agent to ask specific questions to verify the legitimacy of the transaction and identify potential fraud tactics, such as: 

“Can you explain the purpose of this payment?” 

“Have you been in contact with this payee before?”

“Is there any urgency pushing you to authorise this payment?”

VideoIdent Flex is designed to detect fraud at critical touchpoints, offering seamless real-time video verification for high-risk transactions. This solution is not only effective for onboarding and authentication but also plays a vital role in preventing APP fraud at the point of transaction. By combining AI risk scoring and live agent verification, banks can ensure that suspicious transactions are flagged and reviewed before being authorized.

Interested in more information about VideoIdent Flex? Check out our recent blog, ‘How video identity verification can help British businesses finally face up to fraud.’

By

Banks urged to improve anti-fraud controls as APP scam compensation becomes compulsory. 1

Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn