Authorized Push Payment (APP) Fraud

Businesses small and large depend on digital banking services to manage their transactions. One of the services that is used extensively is Authorized Push Payment (APP). In an Authorized Push Payment, a vendor or merchant presents an invoice with their account details and the customer uses the details to make a payment directly to the merchant account. 

Push payments are favoured as merchants get their dues faster and customers don’t have to give away their personal information or account credentials. The drawback is that getting a refund may be difficult if the customer falls for APP Fraud. As push payments are sent willingly in most cases, banks are known to refuse reimbursements. 

What is Authorized Push Payment (APP) Fraud

APP Scams occur when scammers trick businesses into sending money into their accounts instead of the actual merchant. This is done using the following tactics:

• Impersonation: The scammer may call up an organization’s payments department pretending to be an existing vendor and convince an employee to change the account details for push payments. Subsequent payments will be sent to the fraudsters until the organization or vendor realize that there is something wrong.
  
  In other instances, the scammers may impersonate a high-ranking member of the organization, such as the CEO, via email and coerce an employee who is authorized to make payments to send them funds ASAP. The employee may neglect to cross-check the request or might simply not want to question their higher-up and end up paying the scammer.
  
  
• Phishing: The organization may receive an email designed to appear to be from a legitimate vendor. The email may request an urgent payment under pretences such as a previous payment having failed. The email might also be slipped in at an opportune time when the organization is already expecting an invoice.
  
  
• Hacking: The fraudsters might be able to gain access to the organization’s computer network even if a single device is compromised with a virus. This would enable them to modify vendor data and financial documents to insert their own account details.

Signs of Authorized Push Payment (APP) Fraud

APP Fraud is carried out through sophisticated tactics. Scammers go to great lengths to learn about the organization so that they can make the scam as convincing as possible. Therefore, APP Fraud is not always easy to detect but there are a few signs that are likely to indicate a potential fraud:

• Unexpected or strange requests, such as adding or altering beneficiaries, or payments in a different currency
  
  
• Urgent and confidential requests containing instructions to make vendor account information changes or process a payment immediately without consulting other organization members
  
  
• Changes in the vendor or merchant’s email address, contact number or contact person
  
  
• Signs of tampering in documents like payment orders, contracts and invoices or information that contradicts previous communications

Sophisticated APP frauds can go undetected for days or weeks while the vendor continues to request payments for uncleared invoices which the business believes have already been paid.

If you believe that your organization may have been affected by this scam, it is crucial to contact your own bank and the bank where the funds were sent at the earliest. Formal complaints will also need to be filed, along with reporting the incidents to law enforcement. The UK organization Which? has created the template ‘Letter to complain to your bank about APP fraud’ to make filing a complaint easier.