• Tim Annis, CEO at Bluechain


• 12.08.2024 09:30 am
#APPFraud #FraudMitigation

Authorised Push Payment (APP) fraud has become a huge concern for consumers and fintechs across the UK - with recent data revealing that losses from APP fraud will reach $6.8 billion by 2027 alone. In response to this, UK regulators proposed a four day hold on payments where fraud is suspected - a decision that will inevitably stifle innovation and stall business operations.

With the UK often being considered as a birthplace for real-time payments, this is an ironic and unnecessary step in the wrong direction - especially when existing solutions such as Request to Pay (RtP) already mitigate fraud risks. 

So what are the current fears surrounding APP fraud and what are the most common tactics being leveraged by cybercriminals?

What is APP fraud?

APP fraud is an increasingly common scam method used by fraudsters to trick individuals into authorising fraudulent transactions. This is achieved through criminals pretending to be an individual’s bank or even a trusted relative in order to get the victim to send funds to them.

The FCA has split APP fraud cases into two main categories: malicious payee and malicious redirection. Malicious payee fraud is when a criminal tricks someone into buying goods or services that are never received, or do not even exist in the first place. Malicious redirection involves a fraudster impersonating a trusted authority in order to get someone to transfer funds out of their own bank account and into the criminal’s account.

Sadly, fraudsters are often opportunistic and tend to rely on major events, such as the pandemic, to trick vulnerable individuals who have fallen on hard times. As APP fraud continues to pose significant threats to businesses, looking at solutions to help mitigate this risk, including RtP solutions, should now be considered a priority instead of enforcing major changes to payment cycles which will stifle innovation. 

The risks associated with B2B payments

There are many different reasons as to why B2B payments are vulnerable to fraud.

One reason why B2B payments are vulnerable to fraud is due to the complexity and volume of B2B transactions. B2B transactions often involve large amounts of money, which makes them an attractive target for fraudsters. These transactions also tend to involve multiple different parties and each party adds an additional layer of complexity and vulnerability that criminals could exploit.

Another reason why B2B payments are vulnerable is due to human error. With many businesses still approving payments manually or relying on human intervention during the payment processes, organisations are opening themselves up to a world of risks. The manual human intervention element opens the door for criminals to impersonate an individual involved in the payment process and redirect payments to a fraudulent account - adding another unnecessary layer of risk.

A final reason why B2B payments are vulnerable is due to many companies still leveraging legacy technology. Research has shown that two thirds of organisations still leverage legacy technologies. Legacy systems have much weaker security measures and likely fail to utilise security measures such as Multi-Factor Authentication which help combat fraud. This combination of legacy systems and outdated security measures means that businesses are even more vulnerable to fraud.

Introducing RtP solutions to combat APP fraud

The measures that UK regulators have proposed to address APP fraud are drastic and fail to consider pre-existing solutions such as RtP.  RtP is an innovative solution which complements existing bill payment methods and allows a payment request to be sent to a payee through a secure digital channel. This enhanced control and visibility for both the business requesting the payment and the payee makes RtP the solution required to mitigate APP fraud. 

RtP solutions have enhanced verification processes which involve the businesses requesting the payment to first verify their identity before then prompting the payee to confirm the payment request is legitimate and authorising the payment. This also acts as an added authorisation control as the payee must approve and authenticate the request before the payment is made, which further mitigates the risk of APP fraud.

On top of this, many RtP solutions allow businesses to create custom approval limits and set custom alerts for different types of payments. For example, if a payment request comes through which is higher than the default amount, it will alert a higher level member of the business who will need to verify the payment before it goes any further. As alluded to above, RtP requests are carried out through a secure digital channel which includes verifiable details about the business or individual that is requesting a payment. This verification will also reduce the risk of phishing attacks, which is one of the most common APP fraud tactics.

With regulators proposing four day holds on payments, RtP solutions have clearly been overlooked as a means to mitigate the persistent threat of APP fraud that businesses are battling with. The proposed measures will surely stifle innovation and disrupt normal business operations - which is not something that businesses or the UK economy can afford. To ensure that the UK’s birthplace of real time payments title remains intact, the UK should look away from four day payment holds and towards RtP solutions to help mitigate APP fraud once and for all.