6 tips to stop authorized push payment fraud

Authorized push payment (APP) fraud is a serious problem. 

According to research, this scam accounts for 75% of all digital banking fraud. 

The effects of this attack on businesses are brutal. Besides incurring financial losses, the company can also hurt its reputation. If customers lose money while doing business with you, they lose trust. In most cases, you can never win that trust back. 

In other words, it is essential for you to protect your business from this attack. In this article, we will share practical tips on how you can secure your business against the risk of APP fraud. But first, let’s describe what it is and how it works.

What is authorized push payment fraud?

APP fraud happens when payments to a business are authorized by a customer either because they were deceived by a third party to do the same or because they themselves intended to deceive the business to gain profit. 

When a third party scams the customer, the scammer typically pretends to be a trusted entity and tricks the victim into transferring money to a bank account they control. 

The malicious actors might use different methods to gain the trust of their victims. For example, they may impersonate a legitimate company or use other social engineering techniques to persuade potential victims to send money.

Unlike other types of fraud, since the victim technically initiates the payment, most financial institutions refuse to issue a refund. 

A prominent example of this is the U.S. Congress’s probing of leaders of the top financial institutions. Companies like Zelle, J. P. Morgan Chase, and Wells Fargo have come under scrutiny for being hubs of APP fraud. So far, these institutions have refused to refund APP fraud victims who lost out to scammers. 

In some cases of APP fraud, it’s unscrupulous customers themselves who authorize payments to businesses to earn a profit. We’ll talk about this and other specific types of APP scams in the next section.

What are examples of authorized push payment scams?

Below are the most common APP scams that can affect both businesses and individuals: 

Impersonation scams: Impersonation or imposter scams occur when scammers pretend to be a legitimate business to request money from unsuspecting victims.

CEO fraud: This is a type of impersonation scam. In this form of fraud, a scammer pretends to be a high-level company executive. They ask an employee to transfer money to an account they control. For example, a scammer might impersonate a CEO and email a finance employee requesting an urgent bank transfer for a business deal. 

Tech support scams: In this type of impersonation scam, a criminal impersonates a company tech representative and tricks the victim into paying for fake or unnecessary technical support services. For instance, a scammer may claim to be from Microsoft and convince someone to pay for removing non-existent malware from their computer. 

Invoice fraud: In this type of scam, fraudsters send fake invoices to a business or an individual requesting payment for company goods or services that weren’t rendered. 

Investment scam: With investment scams, fraudsters promise a high return on investment and ask victims to send money to an account. A real-life example of this is the Ponzi scheme orchestrated by Bernie Madoff. Investors were defrauded of billions of dollars through false promises of consistently high returns. 

Account takeover fraud: In this type of scam, the scammer steals the bank account details, gains access to a victim’s account, and makes “authorized” payments themselves.

Romance scam: Posing as a romantic interest, a fraudster convinces the victim to send money or make payment for various reasons — for instance, travel expenses or medical bills. Widows or elderly people are usually the victims of this attack. 

Chargeback fraud: This type of APP fraud is committed by the actual account holder — not a third-party fraudster. Chargeback fraud usually happens when a buyer makes a legitimate purchase with their debit or credit card. Then they later dispute the charge by lying it was made fraudulently.

A common theme with many of these scams is the use of social engineering tactics. Fraudsters typically exploit human characteristics like trust, fear, or a desire to help others to achieve their goal.

How to secure your business against authorized push payment fraud?

As with other types of payment fraud, being proactive is your best chance at stopping authorized push payment fraud. 

The following are practical ways to accomplish this:

• Educate stakeholders: Train employees and educate customers on secure payment practices.
• Strengthen verification: Implement fraud checks for transactions, especially for unusual or unfamiliar requests.
• Share data intelligence: Stay informed about the latest fraud trends.
• Implement fraud prevention measures: Use tools like Helcim's Fraud Defender, anti-phishing filters, and time-of-click protection.
• Utilize behavioral analytics: Monitor user activity for suspicious patterns.
• Bolster security infrastructure: Strengthen your security with measures like cloud server, firewalls, and encryption.

1. Educate stakeholders

As a business, you have two key stakeholders — internal (employees) and external (customers). Creating awareness among them plays a vital role in preventing APP fraud. 

So, don’t just train employees on how to use your newest tool or platform. Regularly provide company-wide training on the different tactics fraudsters can use to commit APP fraud as well. This will enable them to spot these scams early and nip them in the bud. 

Through training, employees also develop psychological safety to raise concerns. An intern or junior employee might find it difficult to question a payment request from the CEO. However, when training emphasizes that they’re right to query anything that seems odd, they dare to do so. 

Now, for this to work, you must create a clear and defined process they should follow. Appoint a dedicated person to address their queries. 

For your customers, consistently tell them to use secure payment methods, like credit cards, which offer dispute options. Besides, warn them to be wary of scammers who might use the company’s name. Educate them on the importance of protecting their personal information. You can use the best business text messaging service to send your reminders directly to their phones. This will increase the likelihood that they’ll read your messages.

2. Strengthen verification process

Authorized push payment fraud typically happens when you least expect it. So, it is important to develop a strong and secure procedure for payment processing. With a robust verification process, you can protect customers from fraudulent activity by confirming the account holder actually wants to make a purchase.

One way to do this is to implement rigorous identity checks via phone calls or emails before approving transactions — especially if the request is unexpected or from an unfamiliar source.

All this isn’t to say you should no longer have a plan in place to help customers who still end up becoming victimized by fraud. Deploy intelligent virtual agents who can route such urgent customer concerns to human staff. Make sure your human agents are trained on your anti-fraud processes so they’ll know what to say and do once they encounter customers in those situations.

3. Share data intelligence

Fraudsters are always coming up with new ways to strike, and frankly, you can’t know them all. However, when you collaborate with others in your industry, you can exchange ideas and keep up with the latest fraud trends. This enables you to be proactive and prevent attacks. 

Sharing data intelligence also helps ensure a unified defense against bad actors who often target multiple businesses in the same sector. 

Leverage collaboration solutions. They facilitate data-sharing by giving fincrime teams across multiple organizations real-time access to relevant data on identity fraud and false claims, among others.

4. Implement fraud prevention measures

Here’s another way to prevent authorized push payment fraud: Put processes in place that make it harder for scammers to win. This includes setting limits for business transactions and using advanced fraud detection systems. 

For example, payment service providers like Helcim offer a Fraud Defender tool that helps you identify fraudulent transactions using various metrics such as shipping location, transaction size, and more. Additionally, if you encounter chargeback fraud, Helcim provides a tool to help you gather evidence and dispute fraudulent claims, ensuring better protection for your business.

You can also use anti-phishing filter tools to detect and flag malicious emails sent to your company. These filters use various techniques to look for signals of phishing. Additionally, you can use Gmail's "Report Phishing" feature to report suspicious messages to Google, helping them prevent similar emails in the future.

Time-of-click protection tools analyze URLs contained in emails and stop recipients from clicking through to harmful websites. Other filters use AI technology such as Natural Language Processing (NLP) to tell the difference between an authentic message and a clever phishing email that mimics a genuine sender’s style.

In addition to these preventive measures, get insured. On rare occasions where preventive measures fail, you can still recover losses and maintain business continuity. 

5. Utilize behavioral analytics

Behavioral analytics allow businesses to collect and analyze data from actions performed by users. Then, they can use this data to make informed business decisions. For instance, if a company finds a specific product that gets many user clicks on its website, it can conclude that the product fills a customer need and make the business decision to sell more of it.

You can use customer intelligence software to gather behavioral data for fraud prevention. When the data you gather shows suspicious activity by a user, you can raise concerns about a potential fraud attempt. Your company can then activate its anti-fraud processes.

Let’s say after transcribing your customer support call recordings made in a single month, your customer intelligence software finds similar customer excerpts asking for a refund due to alleged unauthorized payments by credit card. Upon checking, your team finds that multiple excerpts made in separate instances are attributed to a single individual.

As a precaution against potential chargeback fraud, your team might then decide to blacklist that customer, and prevent them from making future transactions with your company.

6. Bolster security infrastructure

This goes without saying. If you want to prevent fraud, your security must be able to withstand the punches that APP fraudsters throw at it to gain access to critical data. Believe it or not, migrating to a cloud architecture can give your business access to enterprise-grade security that can easily counteract threats. 

You should still carry out basic security measures such as firewalls, secure network access, and software updates, of course. 

In addition, implement advanced security measures like encryption technologies and secure payment systems.

Prevent APP fraud with Helcim

Authorized push payment fraud is a serious concern for businesses. It can lead, not just to financial losses, but also to reputational damage.

As such, it is essential to avoid being on the receiving end of this scam. Implement the tips above to safeguard your company against APP fraud and you’ll help secure your business’s future.

Our Fraud Defender tool helps you identify potentially fraudulent transactions by analyzing critical data points, such as shipping locations and transaction sizes. In the unfortunate event of chargeback fraud, Helcim also provides the resources to gather evidence and dispute false claims.

FAQs

Can I get my money back from an APP fraud?

Sadly, getting your money back from an APP scam is tough. Because you authorized the transfer, especially if you willingly shared your bank account details, banks often deny refunds. Still, it's crucial to report any suspicious transactions to your bank immediately. They might be able to offer guidance, and you should also report the scam to the authorities.

How do I stop authorized push payment fraud?

The best defense against APP fraud is being alert. Watch out for any unexpected payment requests, particularly those that pressure you to pay upfront fees. Be especially careful of purchase scams and invoice fraud. Always double-check the sender's identity before sharing any sensitive information or sending money. If something feels off, trust your gut and don’t send the payment.

Can an authorized push payment scam transaction be reversed?

Generally, APP scam transactions are irreversible. Since you authorized the payment, even if you were tricked, it's difficult to get the money back. However, if you notice suspicious transactions very quickly, there might be a slim chance your bank can help, depending on their policies and the specific details of the situation.