Minerva Studio - stock.adobe.com

Santander calls for cooperation to tackle APP fraud

New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud

Santander has urged organisations across the financial sector to come together to tackle the scourge of so-called authorised push payment (APP) fraud, calling for the imposition of consistent rules to prevent the practice, and new measures that could give potential victims a fighting change to “break the spell” of scammers.

In the whitepaper Tackling authorised push payment fraud, it also called for the government to take urgent steps to bring forward anti-fraud provisions in the long-delayed Online Safety Bill in a bid to tackle the issue, which costs the UK over £500m a year.

APP fraud is a type of scam in which the fraudster convinces their victims either to willingly transfer large sums of money directly to them (malicious redirection), or to hand over money for goods that are never received or do not even exist (malicious payee). This is generally done by impersonating someone from a bank or other trusted organisation such as an insurance company, a law firm or a conveyancer.

“The sheer scale and value of APP fraud can detract from the real impact of these crimes on individual consumers, who can lose more than just money – their confidence and mental health can also be significantly harmed,” said Enrique Alvarez, head of everyday banking at Santander.

“Unfortunately, we see this far too often, and it is time for us all to act together. The criminals who perpetrate these scams shouldn’t be getting away with it.

“As our report shows, there are changes that the banking industry can implement – but there are other changes that are clearly outside the banking industry’s control, such as how fraudsters often reach their victims in the first place. We must all come together and address the issue, because currently the only real winners are the fraudsters.”

Santander’s report outlines three steps that it believes the banking and payments industry should take:

  • Update payments systems to introduce new data-sharing standards developed by Pay UK as part of the New Payment Architecture, a planned infrastructure that will further support digital payments.
  • Ensure all payment service providers (PSPs) follow specific fraud rules, including mandatory confirmation of payee across all providers for new payments.
  • Provide a tailored approach to payments that PSPs can adopt, giving consideration to whether or not higher-value faster payments will need additional checks.

Meanwhile, said Santander, the government and other industries could be doing more to prevent fraudsters from getting to people in the first place, supported if possible by the Online Safety Bill; to cooperate with law enforcement, which must also be better resourced to tackle APP fraud; and to provide clear, accountable, effective and streamlined government leadership on the issue.

In particular, Santander said Westminster should be more focused on how it deals with fraud, and should consider a cross-departmental response from the Home Office, the Department for Digital, Culture, Media and Sport and the Treasury.

The report also called for big tech to play more of a role in preventing fraudsters from reaching consumers. Santander’s own data suggests that over 70% of malicious payee scams, for example, originate on social media platforms, with Meta’s Facebook and Instagram properties accounting for most of this.

ESET’s Jake Moore described APP fraud as the “pinnacle” of scams and said its prevalence was particularly worrying given how many banks already have sophisticated measures in place to ward off fraudsters.

“People can be so well duped by the stories and bypass the securities,” he said. “Far too often, people are convinced that they are helping a friend in need due to the amount of time invested by the scammers. This is rarely a quick scam as the cyber criminals need to spend months coercing their victims into being onside.

“Even with fraud prevention systems in place which confirm the name of the account, this can be bypassed when the criminal explains that a slight change may happen at that stage and gives a possible reasons for this.

“After increased awareness, time delays in payments are often the only answer, but this slowing down of transfers can also have a negative effect on legitimate payments. Holding money in escrow can protect victims’ and the banks’ money, but this time delay needs to be considered closely and unfortunately most potentially fraudulent situations need to be considered individually.”

Read more about fraud

  • Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report.
  • New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers.

Read more on Regulatory compliance and standard requirements

Data Center
Data Management