State of the Payment Scam: Banks Battling APP Fraud

bank cybersecurity

The world’s cybercriminals all share one thing in common: they understand people can be exploited.

After all, people make mistakes. They fall for scams, and frequently either ignore or fail to adhere to best practices when it comes to security — even around security-critical occasions like sending payments.

And scammers are finding new ways to take advantage of individuals’ preference for speed and convenience when completing transactions.

A Monday (March 11) report from the International Criminal Police Organization (INTERPOL) on the current state of global financial fraud highlights how the increased use of technology is enabling organized crime groups to better target victims around the world.

Per INTERPOL’s findings, the most prevalent global fraud trends are advance payment fraud, romance fraud, investment fraud, and business email compromise — each of which rely on social engineering’s deceptively simple lure of behavioral exploitation.

But outside of the global arena, in specific geographies like the United Kingdom (U.K.), Europe (EU), and the U.S. where real-time and instant payment rails are increasingly prevalent and popular, another type of behavioral fraud is on the rise: authorized push payment (APP) fraud.

That’s why, as regulatory and policy changes, like those being implemented by the U.K.’s Payment Systems Regulator (PSR) and HM Treasury, shift the liability onus for APP fraud to banks, it is becoming increasingly critical for financial institutions to both invest in their fraud fighting tools and upskill their employees.

If they don’t, they risk losing the long tail of benefits that 21st century payments innovations offer.

Read more: UK Wants to Turn Faster Payments Into Four-Day Payments

Faster Payments Require Faster, Better Fraud Prevention

Authorized push payment fraud, like advance payment scams, involves a consumer instructing their bank to transfer funds to another account, often for what they believe to be a legitimate purpose like paying bills or making purchases. Only, of course, the payment is a scam and the recipient on the other side of the transaction a criminal, likely from an organized crime group or “scam factory.”

But that doesn’t matter — once the funds have been authorized, the transfer is irrevocable and the bad actors walk away with the money, leaving the victim empty handed.

Historically, the victims of APP fraud — the banking customers — have been liable for any losses incurred by the scams, unless their accounts have been hacked or account information has otherwise been compromised.

But, as the U.K. is set to require banks and other payment firms to reimburse victims of authorized push payment fraud up to 415,000 pounds ($529,671) per incident, as well as implement a policy delaying payments for up to four days if fraud is suspected, there is an urgent need for banks to modernize the effectiveness of the fraud-fighting tools they employ or risk seeing their payment systems and networks sent back to the 20th century.

Admittedly, the U.K.’s policies put banks and payment firms in a tough spot. The new liability placed on them incentivizes them to take measures to minimize the occurrence of such fraud, and to protect themselves from potential losses, banks might opt to revoke or restrict the option for consumers to make authorized push payments — inconveniencing their customers and restricting their ability to make payments at the same speed as their peers in other countries.

By limiting the options for faster, irrevocable payments, banks can essentially reduce their exposure to fraud-related losses. But there is a better way, one that doesn’t inconvenience customers and set back the clock on payments innovation: fighting APP fraud with better prevention.

See also: Banks Say Better to Be Proactive Than Reactive When Making Payments Real Time

Winning the Fraud Game With Better Technology and Smarter Tactics

Fraud-fighting tools typically encompass a range of technologies and strategies used by banks to detect and prevent fraudulent activities, such as transaction monitoring systems, authentication methods, and fraud detection algorithms.

“It is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity. What’s different now is that both sides are armed with some really impressive technology,” Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS. “On the automation side, it’s all about data. It’s all about organizing and connecting your data together, understanding the signals that you have so you can build a richer context and make better decisions. But you’ve got to have that information there, and you’ve got to connect it together. That’s step one.”

This is supported by the INTERPOL report, which found “an urgent need to strengthen data collection and analysis in order to develop more informed and effective counter strategies” when fighting fraud.

And the situation isn’t hopeless. Banks can both protect against scams like APP fraud while at the same time offering their customers a competitive suite of real-time and instant payment innovations.

PYMNTS Intelligence in “How Fraud Fears Impact FIs’ Adoption of Faster Payment Solutions,” a collaboration with Hawk AI, finds that 81% of financial institutions (FIs) report they can provide secure real-time payments.