Authorised Push Payment (APP) Fraud
Authorised Push Payment (APP) fraud is a scam where individuals are deceived into willingly transferring money to accounts controlled by fraudsters. It may simply involve an exchange of messages or have multiple vectors involving fake online banking sites and malicious apps. Unlike unauthorised transactions, where funds are taken without consent, APP fraud exploits the trust and authority perceived by the victim, making them complicit in the transaction. This form of fraud has seen a significant rise in recent years, prompting regulatory bodies and financial institutions to implement measures aimed at prevention and victim reimbursement.
Understanding APP Fraud
The Payment Systems Regulator (PSR) defines APP scams as situations where “someone is tricked into sending money to a fraudster posing as a genuine payee.”
APP fraud occurs when a scammer convinces a third party to authorise a payment under false pretences. Common tactics include impersonating trusted entities such as banks, government agencies, or service providers. The fraudster may claim that the victim’s account is compromised and advise transferring funds to a ‘safe’ account, which is, in reality, under the fraudster’s control. Other scenarios involve fake invoices, investment opportunities, romantic relationships or loved ones stranded overseas. There is often a sense of urgency introduced, such as a risk of jeopardy to the victim or their family.
Common attack vectors include a phone call, an email or a messaging service such as SMS, WhatsApp, Telegram or Signal. Contact may also be made via a dating site, social media platforms or through clicking an advert delivered via a browser.
It can also occur in the workplace (known as CEO fraud) where an employee receives what appears to be an internal email from a director, with instructions to make an urgent and confidential payment from company funds to a third party.
Prevalence and Impact
In 2023, APP fraud resulted in losses of £459.7 million across the UK, with 232,429 reported cases. This represents a 12% increase from the previous year and is believed to be the tip of the iceberg. Of these 72% commenced online. Despite efforts to obtain reimbursement, inconsistencies remain among financial institutions. While some banks like have achieved reimbursement rates of 95%, others have reimbursed the victim’s in only 3% of cases.
Regulatory Responses
To combat the rising tide of APP fraud, the regulator has introduced new measures to enhance consumer protection. As of 7th October 2024, a mandatory reimbursement regime requires payment service providers (PSPs) to compensate victims of APP fraud, with a reimbursement cap set at £85,000. The cost of reimbursement is shared equally between the sending and receiving PSPs. This initiative aims to standardise victim compensation and incentivise financial institutions to strengthen fraud prevention mechanisms.
Some Examples
A former solicitor was defrauded of £70,000 through a fake high-interest savings bond. He experienced significant emotional distress before media intervention led to a refund. Details can be found here.
Someone who has just suffered a life-changing or other traumatic event may be especially vulnerable. A recently divorced mother of four was advised to try online dating and was approached by a ‘wealthy businessman’ who showed interest in a relationship, then asked her to settle some bills for him. Having been convinced that he was a man of means by a fake bank web page, she was subsequently defrauded of £80,000. Now on a ‘suckers list’, she was then approached a short while later with a different scam. Details can be found here.
An RAF veteran lost £240,000 during a house purchase due to an email hacking scam. The Financial Ombudsman Service eventually facilitated a refund after reviewing the case. Details can be found here , along with other examples.
Challenges and Criticisms
Despite regulatory advancements, challenges persist. The reduction of the reimbursement cap from £415,000 to £85,000 has raised concerns about the adequacy of protection for victims of high-value scams. Consumer advocates argue that this move may leave such individuals particularly vulnerable.
Furthermore, victims may suffer profound mental health trauma, leading to anxiety and depression. The stigma and shame associated with being scammed can lead to feelings of guilt, worthlessness and can damage existing relationships with loved ones. In a survey by the Consumers’ Association in 2024, victims reported that their experience had a negative impact on their levels of stress (71%) and mental health (60%) than their financial situation (50%). Many respondents spoke of their subsequent trust issues or said that they still feel angry, both at the fraudsters and themselves.
The idea that fraud ‘only affects money’ or is a crime of ‘lesser impact’ is a demonstrable nonsense, for it can be shown to have a huge impact on health, especially in the elderly or vulnerable. Victims often need comprehensive support, both in a mental health support and investigatory capacity.
Opportunities
The financial institutions likely to be affected by claims have already started contacting customers to explain what may or may not constitute a valid claim for reimbursement. There is some concern that there is still too much of a grey area in definition of culpability.
Although the regulators have set a maximum claim of £85,000, investigators are aware that cases of APP fraud often involve moving money across the banking sector so it can be more easily manipulated by the fraudsters. In one case currently under investigation, the victim used his savings, current and business accounts along with Revolut and PayPal. It is likely therefore that there will be more than one claim per case.
Funds requested sent to a fraudster may be transferred via Fiat money, crypto currency or another vehicle, such as high value e-gift cards. Some of the most reported investment scams are promoted by fake celebrity endorsement, using names such as those of the financial advisor Martin Lewis or the TV celebrity, Simon Cowell.
These cases, and in particular fraud where crypto currency is the method of transfer, or the investment opportunity, require a very specific skillset to identify the locations of decentralised funds and elicit the information to freeze and recover it. This includes knowledge of buying crypto, exchanging crypto, the blockchain, ‘washing techniques’ and tools to analyse the money trails. Through use of experienced and trained crypto investigators, opportunities are afforded for both the victims and the banks to make progress in efforts of recovery. A properly constructed and detailed victim statement gives the best chance of commencing a recovery and compensation process, while also providing the banks the opportunity to utilise our services to recover their losses. It can also be hugely cathartic for the victim to tell their story to a non-judgemental, independent and experienced investigator.
Money that has been stolen via APP fraud, may end up in a money laundering operation, where efforts are made to conceal its source, it being ‘washed’ through further financial transactions that may involve individuals and/or imaginary or rogue businesses. This takes place through placement (moving the finds away from the ‘crime scene’) to layering (where the trail is disguised) and finally integration (where the money is made available to the fraudster from what seems like a legitimate source). Investigations therefore need to utilise routes of enquiry that at first may not seem obvious.
BGP’s approach
BGP has access to technology that enables a forensically sound examination of the victim’s devices, which not only safely retrieves and preserves messages, emails, screen shots, app usage and web activity, but can also determine if malware has been put onto the device. We can then investigate the source of the contact that the victim received and undertake analysis of Internet traffic data, with reference to the passage of funds. We have investigators trained in using Open-Source Intelligence (OSINT) which can assist in tracking people and assets.
Our investigators have a wide range of backgrounds in security and law enforcement, including specialist operations at New Scotland Yard dealing with international-level fraud and cybercrime. We have experience of working with various regulatory and enforcement authorities both in the UK and overseas and often are called upon to write expert reports for use in criminal and civil procedures. We have successfully assisted individuals, corporations and law firms in the identification of suspects in fraud cases and assisted in obtaining restitution of funds, involving both civil and criminal routes to justice.