Authorized Push Payment Fraud is rising at alarming rates
Fraudsters no longer use just one tactic to trick their victims in order to access personal details and money. They have built up an arsenal of different approaches to scam people, loosely summarized under the umbrella term ‘social engineering.’ One type of fraud that has seen an alarming 50 percent year-on-year rise in the UK, along with significant increases in other parts of Europe and beyond, is the so-called Authorized Push Payment (APP) fraud, where cybercriminals trick consumers or businesses to send them money from their account. According to the March 2019 UK Finance Report, fraudsters stole £1.2bn last year, £354m of this total was through APP fraud.
Fraudsters will often use complex and convincing scams to lure their victims into transferring money. One tactic APP fraud scammers are favoring at the moment is SMSishing: the scam involves sending a text message to their target, pretending to be from a bank, and asking them to either call urgently regarding a security issue or update their personal details. Another tactic employed by fraudsters is ‘spoofing,’ which makes the SMS appear as part of an existing thread of genuine messages from the bank to make them look more convincing.
This year we’ve seen a number of European banks become victims of Vishing and SMSishing attacks, with customers losing up to tens of thousands of pounds. The problem with APP fraud is that once the victim has been tricked into transferring money to a fraudster, it will almost be impossible to get the money back because the transaction is instant and the cybercriminal can move on to the next target without being caught.
Detecting the fraudster and protecting the customer
With APP fraud on the rise and scammers using more sophisticated tactics to lure their targets, businesses must evolve their fraud strategies to combat security threats. Utilizing specific APP detection technology combined with layers of behavioral biometrics capabilities can help detect APP fraud much quicker.
Behavioral biometrics technology can identify a wide range of cyberthreats in real-time, by analyzing more than 2,000 behavioral parameters of online banking users in real-time, for example the way users interact with online applications and devices. It will also use subtle tests known as “invisible challenges” into online banking sessions. Users subconsciously respond to these challenges, without sensing any change in their experience. The responses provide additional behavioral data that can be used to distinguish a real user from an imposter, whether human or robotic.
These profiles identify a user based on their unique behavior. How a consumer interacts within a session differentiates them from any other potential user, including hackers and automated attacks. The technology can also recognize a range of human and non-human, malware, remote access trojans (RATs) and robotic activity in order to flag and catch fraudulent behavior in real-time.
In order to effectively detect and prevent APP scams, the latest behavioral biometrics analysis extracts powerful insights that suggest a genuine customer is under pressure to complete a payment which the fraudster is directing them to do on the telephone.
Positively profiling the customer
Armed with behavioral analytics to detect fraud, businesses should use positive profiling – a combination of consortium intelligence and big data analytics. Positive profiling allows businesses to separate legitimate customers from the fraudsters. It means building comprehensive customer profiles based on detailed behavioral data from multiple businesses and externally confirmed fraud intelligence, so organizations can screen the customer rather than just the transaction.
By producing more accurate results, positive profiling will enable businesses to tailor the customer experience, improve conversion rates and maximize revenue and, most importantly, block fraud.
Prevent future scams
While it’s critical to implement the right fraud prevention solutions, there is no doubt that fraud tactics will continue to evolve. But, so is the banking industry’s capability of stopping a threat. The advent of open APIs means financial institutions will be able to use overlay services such as ‘Confirmation of Payee’ to pre-empt and prevent fraud before a transaction happens.
Industry efforts to solve these issues are underway in the UK, for example, by creating a facility to cross-check the account name with the account details and give the payer certainty. There is recognition in the industry that real-time fraud monitoring needs to be an essential part of the payments processing solutions that a bank employs.
Banks are also working with telecom organizations to block text messages that spoof their identities and block numbers that have been linked to fraud. Ultimately, it’s vital that organizations take a multi-layered approached to prevent fraud – implementing one solution without other defenses will simply prove ineffective. Effective APP fraud strategies should combine both intelligence-driven tools and systems that provide greater assurance that a customer is transferring money to a legitimate recipient, while also addressing standards and guidance provided by institutions.
This article first appeared in SC Magazine.
Want to improve customer service and reduce fraud? Download our guide: The Six-Step Guide to Leveraging Machine Learning for Payments Intelligence
ACI Fraud Management for Merchants 
