The Modern Financial Landscape Fosters Authorized Push Payment Fraud
The contemporary financial sphere has become fertile ground for authorized push payment (APP) fraud, where victims unwittingly transfer funds based on false premises. The demand for real-time banking and instantaneous settlement means transactions are often completed in seconds—leaving little time for reversal. Cross-border payments have become commonplace, even for everyday purchases.
At the same time, advancements in artificial intelligence enable criminals to craft convincing scams more easily. According to the FBI’s Internet Crime Complaint Center, losses from investment scams alone reached $4.57 billion in 2023—up by 38% from the previous year.
Projected Global APP Fraud Losses
LSEG Risk Intelligence analysis suggests that global APP fraud could cost up to $331 billion by 2027.
Addressing APP fraud requires a comprehensive approach, including consumer education and advanced biometric solutions. In a PaymentsJournal webinar, Aravind Narayan, Global Director of Digital Identity and Fraud Proposition at LSEG Risk Intelligence, along with Jennifer Pitt, Senior Analyst of Fraud Management at Javelin Strategy & Research, discussed the tools available to financial institutions to combat this growing threat.
Why the Problem is Growing
Consumers are increasingly accustomed to making immediate payments, turning former red flags into routine transactions. In 2024, Same-Day ACH transactions exceeded one billion for the first time, a 45% increase from the previous year. Once funds leave an account, transactions can be irreversible—often completed in as little as ten seconds.
Digitally savvy consumers can buy and sell goods globally with ease, but this global reach complicates fraud detection. Each country has distinct regulatory frameworks, and cross-border transactions involve multiple jurisdictions, slowing investigations and delaying reimbursements.
The rise of AI enhances criminal capabilities, allowing for the creation of well-constructed, convincing emails that appear to come from executives or trusted contacts. Additionally, grandparent scams have increased, using voice clips and social media tools to create deepfakes.
“The CFO of a company in Hong Kong called an urgent meeting with his direct reports via Zoom,” said Narayan. “None of the six people on the call could detect that the individual posing as the CFO—someone they all knew—was not actually the real person. It was a deepfake live video call. He instructed them to send millions to his account, citing financial challenges.”
While this is an extreme example, similar intra-business attacks pose significant threats. Business Email Compromise (BEC) accounted for 21,489 complaints and $2.9 billion in reported losses in 2023.
Anytime an employee receives a message from someone claiming to be another employee requesting a large sum of money, companies must have clear procedures that encourage questioning the request. Implementing second-layer verification is recommended for large transfers, and obtaining sensitive information should trigger additional scrutiny.
Claiming Responsibility
In the UK, liability for these authorized transactions is shared among financial institutions involved. In the U.S., it has typically fallen entirely on consumers, but this may be shifting.
For instance, Nacha—overseeing the ACH network—is implementing new rules requiring all non-consumer ACH participants to monitor for fraud and return suspect payments by mid-2026. This signals a move toward shared responsibility, akin to existing models in regions like the UK.
“When a scam starts on social media, telecoms may be able to stop fraud before it reaches consumers,” said Pitt. “Maybe we should share some of that liability with banks or social media companies to build customer trust and help them out.”
UK banks place more emphasis than U.S. counterparts on consumer education to combat APP fraud.
Pushing Toward Stronger Identity Verification
Some businesses implement initial verification, like age checks, but the real opportunity lies in using identity and account verification intelligence to know who they are transacting with. Proactive verification can help prevent fraud before it happens.
“You want sufficient measures of fraud prevention to ensure you know who is entering your platform,” said Narayan. “Whether it’s Booking.com, Meta or Google, knowing who they are doing business with helps share relationship and behavior attributes with financial institutions for proactive fraud prevention.”
Too many financial service providers treat consumer education as a formality, simply posting content on their websites because regulators mandate it.
“A better approach is to avoid causing friction and losing customers,” said Pitt. “Scammers often create urgency; these few seconds of questioning will help someone avoid becoming a victim.”
Authorized, Not Voluntary
The key term in authorized push payment fraud is “authorized” rather than “voluntary.” Victims authorize the payment based on false beliefs that they are dealing with legitimate recipients.
“This terminology can significantly affect legal outcomes,” said Pitt. “A jury may find someone not guilty if ‘authorized’ is used, even when based on deception.”
Behavioral analytics could help detect coerced situations where victims might show signs of hesitation or unusual behavior.
“Imagine blocking a transaction because the bank sees an individual on the phone for longer,” said Narayan. “They can prevent payments by monitoring this coercion.”
In the future, identifying upcoming threats and understanding potential targets will be crucial. No single bank can do this alone; they need visibility into fraud elsewhere to anticipate internal risks.
A Layered Approach
Preventing fraud requires layering multiple authentication methods, including biometrics, to pinpoint both the individual and recipient of payments.
“Fraud prevention isn’t one-and-done; it’s not just detection,” said Narayan. “One data point won’t prevent all fraud.”
A strong program involves constant monitoring and a multilayered approach, especially in corporate treasuries where ongoing validation of beneficiary accounts is essential.
The layered approach ensures that entities fight fraud with advanced technology rather than manual spreadsheets. Automating solutions can help focus on business growth.