bloomicon - stock.adobe.com
Losses to authorised push payment (APP) fraud will double across the UK, India and the US in the next four years, hitting $5.25bn (£4.44bn), with a compound annual growth rate of 21% across the period, according to a report produced by ACI Worldwide, a supplier of payments software, and GlobalData, an analytics firm. In the UK specifically, APP fraud volumes in 2021 were $789.4m, with the potential to rise to $1.56bn by 2026.
APP fraud is defined as a type of scam in which the victim is convinced to transfer money to the fraudster or hand over money for goods that are never received or never existed in the first place.
APP fraud is reaching epidemic levels thanks to the growth of real-time payments, the prevalence of which makes it much easier for fraudsters to get away with it. This is because payments made in real time are transferred instantly and cannot be reversed by the victim. Fraudsters can further exploit this feature to launder their profits, moving payments through other accounts to cover their tracks and lower the risk of being traced.
Fraudsters will go to great lengths to appear convincing in their social engineering attacks, impersonating banks, insurance firms, law firms, conveyancers, retailers, vendors on auction websites, and even people looking for romantic connections. The report found that 37.8% of instances of APP fraud related to products, 18.4% to romance and 16.3% to investments.
Last year, losses to APP fraud amounted to $2.7bn, accounting for 0.047% of the total value of real-time payments across the three markets studied. By 2026, losses will account for 0.0025% of the total value of real-time transactions. This shows that real-time revenues for financial institutions are growing faster than the risk of loss, and may suggest that such institutions are starting to tackle the problem.
“APP fraud is on the rise, and despite many banks stepping up their fraud prevention efforts, this is an issue they can no longer solve on their own,” said Cleber Martins, head of payments intelligence and risk solutions at ACI Worldwide.
“APP fraud does not happen in silos. To contain and stop this kind of fraud, a detailed and holistic view of all payment activity is needed. Financial institutions, social media giants and telco companies need to work together to stop fraudsters in their tracks before the fraudulent transactions take place,” he said.
Cleber Martins, ACI Worldwide
Sam Murrant, senior payments analyst at GlobalData, added: “Although there are indications that banks are taking the necessary steps to combat the new fraud threat, they must not be complacent regarding these risks. Aside from the direct cost of fraud losses, the lack of regulatory protections around reimbursing consumers for APP fraud losses means there is a potential loss of trust, and thus customers, from APP fraud.”
The report outlines four changes that financial institutions should make to drive down APP fraud volumes:
- Strengthening and optimising processes and technology to account for future regulatory changes.
- Improving how customer data – particularly behavioural data – is collected and used.
- Improving collaboration and intelligence sharing with peers and regulators.
- Doing more to disrupt the networks of “mule” accounts used by fraudsters during the money laundering process.
ACI and GlobalData’s guidance mirrors, to some extent, a recent call to action from banking group Santander, which in October called on the financial sector as a whole to come together and work collectively to tackle the scourge of APP fraud.
Santander urged UK-based financial institutions to update their payment systems to introduce data-sharing standards developed by Pay UK as part of the New Payments Architecture; to ensure all payment service providers (PSPs) follow specific fraud rules, including mandatory confirmation of payee across all providers for new payments; and to offer tailored approaches to payments for PSPs, giving consideration to whether or not higher-value faster payments will need additional checks.
Separately, a report released today by the National Audit Office found that the government “does not know the full scale” of the threat to individuals and businesses from digital fraud – which accounts for 80% of fraud in the UK – and is failing to lead an effective cross-government strategy to tackle it.
Despite sounding the alarm on the issue over five years ago, the NAO said the number of offences resulting in criminal charges or summons had fallen even as fraud soared to become the largest category of crime, accounting for 41% of crime against individuals in England and Wales in the 12 months to 30 June 2022, up 12%. Of the 3.8 million instances recorded in that period, just 4,816 of resulted in a charge or summons.
The NAO said there were still “significant gaps” in the Home Office’s understanding of the threat, with the department having no reliable estimate of the cost of fraud and a limited understanding of who was committing it and who was, by action or inaction, enabling it. It said the Home Office had “limited influence” over the organisations and lamented a lack of progress towards a coherent national anti-fraud strategy.
Rocio Concha, Which?
“The Home Office has taken limited action to improve its response to fraud. Its approach has lacked clarity of purpose, it does not have the data it needs to understand the full scale of the problem, and it is not able to accurately measure the impact of its policies on this growing area of crime,” said NAO head Gareth Davies.
Rocio Concha, director of policy and advocacy at consumer rights organisation Which?, said: “The UK is in the grip of a fraud epidemic. Billions of pounds are lost to this crime every year and it takes a devastating financial and emotional toll on the lives of victims.
“The lack of an effective joined-up approach between the government, banks, tech firms and telecoms companies is holding back efforts to prevent fraud. Improvements to the way businesses share vital data on scams should be a priority in the government’s forthcoming fraud strategy.
“The government must take a crucial step in the fight against fraud by ensuring the Online Safety Bill is not delayed any further. If this opportunity is missed, we will likely be waiting years for alternative action to tackle the scourge of online fraud infiltrating search engines and social media platforms.”
Read more about fraud
Read more on Hackers and cybercrime prevention
Prime minister Rishi Sunak faces pressure from banks to force tech firms to pay for online fraud
TSB calls on Meta to intervene and protect users from fraud losses of £250m this year
Payments regulator makes APP fraud reimbursement mandatory
Lloyds Bank calls on tech companies to control social media ‘wild west’