Authorised Push Payment (APP) fraud is quickly becoming one of the most prevalent fraud type attacks in the UK, with new measures from the Payment Systems Regulator coming into force in October to help address this.
Whilst policymakers are aiming to do their part, how can financial institutions help mitigate this surging APP fraud threat? Bluechain CEO, Tim Annis, believes that the Request to Pay payment method may provide an answer?
Annis writes for Payment Expert on how APP fraud has become such a glaring issue, the need for financial services to update their legacy systems to combat this rise, and why Request to Pay could be the ultimate solution.
With data revealing that losses from APP fraud will climb to a staggering $6.8bn in 2027 across several leading markets, and UK citizens reportedly losing £485m to APP fraud in 2022 – it is clear to see why it’s such a concern for regulators, fintechs and consumers alike.
In response to these losses, the UK held its first Global Fraud Summit in March this year, where the idea to slow down fast payments was proposed to combat APP fraud. This shocked the industry, with many experts expressing their concerns around what this would mean for progress and innovation within the sector.
The proposed new draft law means that bank payments could be delayed for up to four days if fraud is suspected to allow any suspicious transactions to be properly investigated.
With the UK being considered a birthplace for real-time payments, this is an ironic twist and an unnecessary step in the wrong direction – especially when existing solutions such as Request to Pay (RtP) already mitigate fraud risks. So, what are the current fears surrounding APP fraud and what tactics are cybercriminals leveraging?
APP Fraud: The tactics, trends and threats
APP fraud is a scam method used by criminals to trick individuals into authorising fraudulent transactions by pretending to be their bank or a trusted relative in an attempt to get an individual to send funds to them – which unfortunately many people do.
According to the FCA, there are two main types of APP fraud: malicious payee and malicious redirection. Malicious payee fraud involves tricking someone into buying certain goods or services that do not exist or are never received. Whereas malicious redirection involves a criminal impersonating a trusted authority in order to get someone to transfer funds out of their own bank and into the fraudster’s account.
Fraudsters are often opportunistic and rely on major events, like the cost-of-living crisis, to trick vulnerable individuals, and in some cases, target small businesses which have fallen on hard times.
With APP fraud continuing to pose significant threats, it is crucial for businesses to look at solutions to help mitigate this risk, including RtP, rather than enforcing major changes to payment cycles which will inevitably stifle innovation.
Unpacking B2B payment risks: From complexity to legacy systems
Due to the nature of B2B payments, there are many different reasons why this sector is vulnerable to fraud.
One key reason is due to the complexity and volume of B2B transactions. These transactions often involve large amounts of money, making them an attractive target. B2B payments also involve numerous different parties and each party adds an additional layer of complexity and vulnerability that fraudsters could exploit.
Another reason why B2B payments are vulnerable to fraud is due to the legacy technology that a lot of companies still utilise – with research revealing that a staggering two thirds of companies still leverage these technologies. This means that their systems and processes will be bound by weaker security measures and will most likely fail to utilise up to date security measures to help combat fraud, such as multi-factor authentication.
A final reason why B2B payments are susceptible to fraud is due to human error. With many businesses still processing payments manually, or relying on human intervention during the payment approval or execution stages, businesses are inadvertently opening themselves up to a realm of risks.
This manual intervention element means that fraudsters could easily impersonate an individual involved in this process and redirect payments to a fraudulent account – adding an unnecessary layer of risk.
Impersonation fraud cases have only worsened since the rise of Artificial Intelligence. Research has revealed that approximately 42.5% of detected fraud attempts use AI, nearly 29% of these attempts have been successful.
This AI boom has also led to an increase in chief executive impersonation fraud, which is when a scammer impersonates a senior staff member to convince employees to make an urgent payment into the fraudster’s personal account – with losses from this type of fraud reaching £12.9m in 2022 alone.
The UK APP fraud epidemic and the RtP cure
UK regulators have proposed drastic steps to address APP fraud, but these measures fail to consider the potential of RtP.
RtP is an innovative solution that complements existing bill payment methods and allows a payment request to be sent to a payee through a secure digital channel. By providing enhanced control and visibility for both the business requesting the payment and the payee, RtP is the solution required to mitigate APP fraud.
With RtP, both parties must be verified to take part. The business sending a request is verified by its RtP provider before inviting their customer to receive requests which are sent in a secure channel to prevent interception by third parties. The requests do not contain any sensitive financial data which means no financial information can be stolen or misused during the payment process.
By delivering payments in an environment requiring multi-factor authentication and biometrics, the risk of fraud is drastically reduced. For an added layer of security, all RtP requests use full line item level data to ensure the recipient is clear on what the payment is for and whether it is legitimate or not.
This added verification greatly reduces the risk of phishing attacks and mail interception fraud which is one of the most common tactics leveraged in APP fraud attempts.
It’s clear that RtP solutions have been overlooked by regulatory bodies as a solution to an ever growing and unrelenting threat businesses face. As a result, the sector – which has made strides towards faster and easier payments – could be slowed by not three, but four day waits for payments.
As the birthplace of real time payments, this isn’t a measure the UK should be taking lightly. It’s time to look for a real answer in Request to Pay solutions.