Tackling Authorized Push Payment (APP) Fraud in the UK


Authorized Push Payment (APP) fraud, an advanced form of social engineering, has been on the rise globally. UK Finance’s 2020 report on financial fraud reported close to 150,000 incidents of APP fraud in the UK, a massive 22% increase over the previous year. Impersonation scams accounted for most of these incidents.

How Scamsters Execute APP Fraud

Fraudsters pose as authorized service representatives of trusted firms such as banks and trick unsuspecting consumers into transferring money into accounts under their control. The exponential rise in real-time digital payments has been a major driver fueling APP fraud globally. Since real-time payments cannot be revoked and the settlement is instantaneous, it has been the most attractive vehicle for criminals to execute APP fraud.

Red Flags to Watch Out For

APP fraud can be prevented by understanding the consumer’s digital behavior during the course of a transaction. Here are some risk indicators that point to a consumer being socially engineered into performing a fraudulent activity:

  1. Long calls while making an online financial transaction are a common indicator of the consumer being manipulated. As per various industry estimates by carriers in the UK, a high percentage of APP fraud events have an active call that overlaps the event.

  2. Network usage and call patterns that seem to match typical patterns associated with fraudulent activities could be a tell-tale sign of APP fraud.

  3. Device usage patterns, such as typing and handling the phone, that appear different from the typical usage patterns followed by the user are also a red flag.

The Contingent Reimbursement Model (CRM) code in the UK sets out the standards to protect consumers from APP fraud and reimburse them for financial losses. However, it does little to prevent the occurrence and repeat of the same fraud for a consumer. Therefore, the industry and participating organizations need to collaborate and leverage innovative technologies to beat APP fraud.

Steps to Tackle APP Fraud

Using behavioral biometrics in identity verification and authentication is an effective way to beat APP fraud. Apart from thwarting the most evolved forms of impersonation fraud, behavioral biometrics provides frictionless authentication without compromising on user experience.

As a high number of APP fraud incidents are associated with long overlapping voice calls, industry participants are now working together to track phone usage in real time at the time of a transaction or digital engagement.

Companies need to move away from legacy 2FA, such as SMS-based OTPs, and invest in technologies that can run strong possession checks. For example, instant links provide higher immunity to 2FA interception than OTPs and ensure the flexibility to check if the transaction is being completed where it began—a case often violated when the customer is socially engineered to share credentials with a criminal.


In the UK, there’s been a strong push to include financial fraud within the scope of the Online Safety Bill to ensure consumer protection, fight terror financing, and stop the exploitation of the vulnerable sections of the society. APP can only be tackled effectively if the government, technology providers, and online consumer entities collaborate.

This article is a synopsis of a blog published by Prove.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.