Vixio: Digital Payment Growth Fuels Global Rise in APP Fraud
The post-COVID surge in digital payments has created opportunities for both financial innovation and criminal activity, with authorised push payment (APP) fraud emerging as a particular challenge for regulators and payment service providers (PSPs) across global markets.
APP fraud, where users are manipulated into voluntarily transferring funds to criminals, differs from unauthorised fraud such as stolen card details.
The remote nature of digital transactions makes identity verification more challenging, creating opportunities for fraudsters to impersonate trusted entities on platforms like Facebook Marketplace.
The rise of social media and SMS has enabled sophisticated phishing schemes where criminals deploy social engineering tactics to trick victims into transferring funds, often using urgency to prompt immediate action.
Real-time payment systems such as the UK's Faster Payments make halting these transactions difficult once initiated.
Regulatory approaches vary significantly by region
The UK has established an advanced regulatory framework for APP fraud with measures including Confirmation of Payee (CoP), a system that verifies recipient account names match the provided details before completing transfers.
From October 2024, PSPs must reimburse APP fraud victims up to £85,000 (US$109,000), reduced from an initial proposal of £315,000 (US$404,000) following industry consultation.
This reimbursement responsibility will be split between sending and receiving PSPs, with firms required to demonstrate gross negligence to deny claims.
New UK rules also permit PSPs to delay suspicious payments for up to 72 hours, though this has raised concerns regarding potential unintended consequences for legitimate transactions.
"Our multi-layered approach combines technological solutions with clear liability frameworks to create an environment where fraud becomes increasingly difficult to execute"
In the EU, the Instant Payments Regulation (IPR) mandates Verification of Payee (VoP) across member states, with compliance deadlines set for 2025 and 2027.
The proposed Payment Services Regulation (PSR) may introduce liability for APP fraud, requiring PSPs to refund customers unless consumer negligence can be proven.
The US lacks federal legislation mandating APP fraud reimbursement. While the Electronic Fund Transfer Act covers unauthorised transactions, it provides no protection for consumers tricked into approving payments themselves.
Senator Richard Blumenthal introduced the "Protecting Consumers from Payment Scams Act" in 2024, though its passage appears unlikely given the current Republican-controlled Congress.
US regulatory responses have instead emerged through agencies such as the Consumer Financial Protection Bureau (CFPB), which recently fined Cash App's parent company US$175m for inadequate fraud prevention measures.
At the state level, New Hampshire and Wyoming have led initiatives allowing PSPs to delay suspicious transactions, with protections focused primarily on elderly and vulnerable consumers.
Asia demonstrates alternative prevention strategies
Singapore has intensified its anti-fraud efforts through multiple initiatives. The Singapore Police Force's Anti-Scam Centre (ASC), established in 2019, works with banks, telecommunications companies and online platforms to freeze accounts and recover stolen funds.
Between 2019 and 2022, the ASC froze 40,900 bank accounts and recovered over S$310m (US$332,000).
The Protection From Scams Act 2024 enables police to freeze victims' bank accounts without consent, issuing "restriction orders" to block scam-related transactions.
Singapore's Shared Responsibility Framework (SRF) holds banks and telecommunications providers accountable for phishing-related financial losses.
"Our multi-layered approach combines technological solutions with clear liability frameworks to create an environment where fraud becomes increasingly difficult to execute," says a senior official from the Monetary Authority of Singapore.
Japan implemented legislation in 2008 enabling banks to freeze fraudulent accounts, while South Korea's 2011 law allows victims to recover funds without initiating lawsuits. Both countries have strengthened financial institutions' fraud prevention responsibilities over the past decade.
Australia's Treasury introduced the Scams Prevention Framework (SPF) in September 2024 following A$2.7bn (US$1.6bn) in scam losses reported in 2023.
The framework targets banks, telecommunications providers and digital platforms, mandating prevention, detection and response measures.
Non-compliance carries fines of up to A$50m (US$31m), with enforcement by the Australian Competition and Consumer Commission (ACCC).
Name verification emerges as cost-effective prevention solution
Account name verification systems such as the UK's Confirmation of Payee (CoP) and the EU's Verification of Payee (VoP) represent potentially effective and economical APP fraud prevention tools.
These mechanisms flag mismatches between recipient names and bank account details, alerting users to reassess transactions before completion.
By requiring name matches, these systems create obstacles for social engineering schemes, as mismatched details trigger alerts. They establish accountability among consumers while reducing financial losses from APP fraud.
"The battle against APP fraud requires constant innovation in our prevention and detection capabilities"
Their universal applicability across payment infrastructures makes them globally appealing, potentially attracting attention from international organisations such as the Financial Stability Board (FSB) or Financial Action Task Force (FATF) for global standard development.
The emergence of artificial intelligence presents both challenges and opportunities in the APP fraud landscape. Advanced technologies like deepfake enable criminals to impersonate trusted individuals convincingly.
In one notable case, a finance worker at a multinational firm in Hong Kong transferred US$25m to fraudsters who used deepfake technology to pose as the company's chief financial officer during a video conference.
However, AI also provides tools for fraud detection through analysis of user behaviour, transaction patterns and anomalies. It enhances verification protocols and supports biometric authentication methods like facial and voice recognition.
"The battle against APP fraud requires constant innovation in our prevention and detection capabilities," states the CEO of a major European payment processor.
"While reimbursement frameworks provide consumer protection, the ultimate goal must be preventing these losses from occurring in the first place through technological solutions and improved customer education."
Explore the latest edition of FinTech Magazine and be part of the conversation at our global conference series, FinTech LIVE.
Discover all our upcoming events and secure your tickets today.
FinTech Magazine is a BizClik brand