Authorised Push Payment (APP) fraud: what it is and how to prevent it

Anybody that’s ever been a victim of fraud will tell you how horrible the experience is. 

It can arouse feelings of violation, anger and shame, and the costs to businesses are eye-watering (estimated to be roughly £219 billion a year). 

The key to stopping fraud and preventing this harm is, above all else, education. If we can all become more aware of fraud and how it can sneak up on us, we can stop it - acting as the last line of defence. 

In this article, we look at Authorised Push Payment fraud (a type of scam), its common forms, and strategies for intercepting and avoiding it.  

 

What is Authorised Push Payment (APP) fraud? 

APP fraud is when you’re tricked into sending money from your account under false pretences. Nobody has to hack into your account or pretend to be you to complete the fraudulent activity. 

It’s a particularly challenging type of fraud because, technically, you’ve agreed to make the payment. This can complicate the investigation process as you gave your explicit approval – even though it was because you believed the situation was legitimate. 

 

Examples of APP fraud and top tips for prevention 

APP fraud takes lots of different forms, but there are some you’re more likely to encounter than others – especially in a business setting.  

Impersonating your bank 

A scammer might pretend to be calling from your bank. They have sophisticated ways of making it look like a call is coming from an official bank phone number, so you might not suspect anything at first. 

We will never ask you to transfer your money elsewhere (or within the bank) or call you out of the blue. Those are immediate red flags you should watch for. 

Top tip: Tell the person on the phone that you’ll ring them back in a minute. Then, use a different phone to call the bank’s contact number as listed on their website or your app. You can then decide whether you think the call was legitimate. It’s wise to use a different phone as there have been incidents where individuals have remained connected to fraudulent callers, even when they believed they had hung up and redialled. 

Social media marketplaces 

If you’re buying something using an online marketplace, it’s possible that a fraudster could pretend to have an item for sale. 

After you make your payment, they’ll delete their account and remove the listing. 

Top tip: Never pay upfront for an item you haven’t seen. Anybody who asks you to pay in advance should put you on the defensive. 

Impersonating trustworthy organisations 

Fraudsters often exploit our trust in established organisations, pressing our psychological buttons to trick even the most cautious of us. 

Commonly impersonated organisations include HMRC, the police or utilities companies. 

Top tip: Don’t let yourself be pushed into urgent action. Take the time to contact that organisation away from the original conversation and independently verify information. 

Investment scams 

Promising huge payouts and guaranteed returns, investment scams tend to be pushed using social media. 

No investment can guarantee you a return and should only be made with Financial Conduct Authority (FCA) registered companies. 

Top tip: Search the FCA register to make sure the company is legitimate and remember that if an opportunity sounds too good to be true, it usually is. 

Fake supplier invoices 

A criminal could create a fraudulent invoice, either from you or for you. Either way, you or your customers could end up losing money if a fake invoice slips through the cracks of your invoicing process. 

Top tip: Use purchase orders and have a named contact attached to every invoice for an added layer of security. If you receive an unexpected invoice, double check against previous invoices from that supplier and contact them directly to check its authenticity. 

Impersonating an executive or senior figure 

Getting a message from your CEO with an urgent reason for you to transfer company funds is stressful. It’s exactly the kind of situation a criminal wants to exploit. 

This kind of impersonation plays on our psychological biases and how we tend to follow instructions from those in power, even if something doesn’t seem right. We don’t want to cause trouble for the person in charge, but a bit of discomfort is much better than accidentally participating in fraud.  

 

How to avoid APP fraud 

We’ve shared some specific tips for avoiding different types of APP fraud, but there are also best practices you can embed in your day-to-day activities that can help. 

Ideally, you’ll be fraud-aware at all times, without driving yourself to paranoia or excess worry. With the right grounding and knowledge, you’ll be able to confidently handle and avoid any of these unfortunate situations. 

Pause, think and get a second opinion 

In almost all APP fraud situations, the criminal will urge you to act quickly. They don’t want your rational brain to start working; they want you to feel panicked or pressured. 

In reality, there’s no reason a bank (or any other company) will call you up and demand action from you there and then. In a real situation, they should be fine with you stopping the conversation, taking time to think and verify the situation. 

It’s even better if you can talk to somebody you know and trust about the situation, as they can provide a valuable neutral perspective. 

Double-check the details 

If your alarm bells are ringing, your first step should be to double-check that they are who they say they are. 

Check the phone number or email address being used against your previous records and the details listed on the company’s website, email signatures and so on. Look out for the tiniest differences, down to single letters or numbers. 

As an example: firstname@alllica.bank looks fine if you skim over it but, looking closer, you’ll see there are three Ls instead of two. 

If you’re dealing with a phone call, it’s possible for a fraudster to stay on the line and make it seem as though you’ve disconnected. If possible, you should try to contact the company from a different phone to verify the call. 

Only deal with FCA-regulated businesses 

The FCA is an independent body that makes sure any business offering financial services meets their high standards for responsibility, risk management and communication. 

You should only deal with FCA-registered businesses, as their regulations are designed to help keep consumers safe. 

Trust your gut if something feels wrong 

Human instinct counts for a lot. If you’re not sure about a call, email or request you’ve received, follow that feeling. 

It’s better to act with an abundance of caution than it is to be reckless. 

 

Steps Allica takes to prevent APP fraud 

We take fraud incredibly seriously at Allica, as any financial services company should. Some of the steps we take to protect our customers include: 

• Confirmation of Payee (CoP) – if you’re setting up a new payment, we use CoP to verify the name of the account against the name you’ve entered. If the two don’t add up, we’ll alert you so you can check again. 

• Payment-specific checks – if you’re making a larger payment than normal, or there’s some other reason that a payment seems out of the ordinary, we’ll ask you some specific questions to verify the situation before releasing the payment. 

• Anti-fraud team – we’ve got a dedicated team of anti-fraud specialists who are using the latest technology to intercept fraudsters and intervene if they do reach you. 

Those are just three of the ways we protect you from fraud but there is a lot more we do behind the scenes to keep you and your accounts safe.

 

Your rights as a victim of APP fraud 

If the worst happens and you do fall victim to APP fraud, you may be eligible for reimbursement.  

The new rules apply to consumers using Faster Payments and CHAPs, including payment service providers (PSPs) that offer accounts in the UK. Consumers are:  

• Individuals.  

• Charities (whose income is less than £1 million per year, and is a charity as defined by the Charities Act 2011, Charities and Trustees Investment (Scotland) Act 2005 or the Charities Act (Northern Ireland) 2008). 

• Micro-enterprises (fewer than 10 employees and/or has a turnover or annual balance sheet that does not exceed £2 million).  

Each claim is assessed on a case-by-case basis, but the maximum claim limit is £85,000 across all linked claims. 

To make a claim with us, you must meet the eligibility criteria of a consumer set out above, be an Allica customer with a business current account or savings account, and the fraudulent payment must have been made to a UK account using Faster Payments or CHAPS. However, here’s what is not covered:  

• international transactions. 

• any claim reported more than 13 months after the final APP fraud payment. 

• payments that were made for an unlawful purpose, such as for the purchase of an illegal item. 

• payments using a credit or debit card. 

• payments to another account you control. 

• payments where you have been involved in the fraud. 

• payments where you have made a false claim. 

• private civil disputes (for example, a payment for a product or service that you are not satisfied with). 

• payments through credit unions, municipal banks and national savings banks. 

• payments where you haven't taken steps to protect yourself from the scam. 

How to make a claim after APP fraud 

If you’ve been pushed to make a fraudulent payment from your Allica Bank account, you should tell us by contacting us at scams@allica.bank or by calling us on 0330 094 3333. 

Under the consumer standard of caution, when you make a claim, we expect you:  

• to have been mindful of warnings or interventions made either by Allica, or by a competent national authority, for example the police. 

• to promptly report the scam to us upon learning or suspecting of falling victim to a scam. 

• to comply with appropriate information requests from us to support the assessment of the claim. 

• to report to the police.

We will: 

• acknowledge your claim by email within one business day. 

• inform you if we require any further information to assess your claim. 

• aim to inform you of a final decision within five business days, explain whether we have accepted or rejected your claim and, if it has been rejected, our reasons for doing so.  In some circumstances, it may take longer while we investigate. 

• pay any approved reimbursements into the same Allica account from which the fraudulent payment was made. 

If at any point during your APP claims process you aren’t satisfied with our response, you can register a complaint with us. If you’re dissatisfied with our response to your complaint, you may be able to complain to the Financial Ombudsman Service (within six months of the date of the final response).

 

You can never be too safe 

When it comes to financial fraud, it’s always best to default towards overcautiousness. If you’re not 100% convinced about a request you’ve received, step back and do all the precautionary work you need to feel comfortable. 

There’s almost no instance when a financial services provider will rush you to make a decision or put pressure on you to act in a certain way. These are immediate red flags and should set your anti-fraud processes into action. 

You can be confident that, as your bank, Allica is doing everything possible to keep you safe. Criminals are unfortunately very dedicated and constantly trying to find ways past anti-fraud systems. 

You are your own last line of defence, which is why it’s so important you create and maintain a strong fraud-aware culture within your business. 

Further reading and useful links: 

• Allica Bank - customer security page 

• Take Five - UK Finance’s scam education campaign 

• FCA Register – useful for checking whether an organisation can legitimately provide financial services 

• Companies House – useful for cross-referencing UK company information