Fergal Parkinson
Published on: October 9, 2024
It’s the single biggest category of fraud there is – and it’s catching more and more people out.
In the UK, where I’m based, it’s reckoned to have hit around 200,000 people and cost the economy some £459.7 million last year alone – and it’s still on the rise.
But many remain confused by so-called APP fraud – so here I want to break down what it is, how it works and how we can protect against it.
Starting with where the name comes from.
It’s become such a buzz phrase in online commerce and fraud prevention circles that many if they ever knew at all, will have forgotten what those initials, APP, represent. They actually stand for ‘Authorised Push Payment’ – which is such a mouthful that you can see why it’s usually abbreviated.
APP is an umbrella term for any scam which sees the victim deceived into somehow sending a payment themself – and then into authorising that payment. So rather than, say, hacking your way into their online profile to steal their money, the fraudster tricks the victim into giving it away.
As an aside, it’s perhaps unfortunate that in a digital world where apps are a cornerstone, the exact same term (except capitalised) has been adopted to cover the biggest category of fraud. But that’s where we are. An app and an APP are two different things. And as I’m sure you know very well what the former is, it’s on the latter that we will concentrate here.
There are numerous variations on the APP model – because all a scam needs to demonstrate to qualify is that the victim is the one who moves the cash. And as victims get wise to the more established scams, fraudsters are always inventing new spins to catch them out.
Here are some of the most common incarnations.
An unexpected call from an official-looking number tells you your bank account has been compromised and advises you how to respond quickly to keep your money safe. Except it’s not your bank. It’s a fraudster using number spoofing to make the call as it appears on your mobile screen look just like it comes from your bank when it doesn’t. And the ‘safe’ account you’ll be asked to transfer to is the fraudster’s own and you’ll never see your money again. Banks are the most common front here but the fraudsters use many variations of cover stories including tax bills, legal fees, and even parking tickets to hoodwink the unwary.
Online shopping scams This category is particularly prevalent on social media and linked sites – like Facebook Marketplace. The scammers offer something that’s otherwise unobtainable – Oasis reunion tickets, say – or something well under market price, like a supposedly discounted new-edition iPhone. The victim will be persuaded to transfer money into an account but then never receive the item they’ve paid for, while the ‘seller’ simply disappears.
Again this involves getting paid upfront for something that will never materialise – though in this case rather than a ticket or a phone, it’s some kind of service. This can be a job offer – modelling agencies who have spotted your beauty is one of the longest running cover stories – or access to a loan on good terms or similar. The most notorious fraud script of them all – ‘my uncle owns a diamond mine’ – falls into this category as the victim is paying a smaller amount to supposedly receive a much larger one.
Seemingly every week there’s a new heartbreaking tale of someone falling for one of these and losing a small fortune – and losing their dignity too. They woo you, then they screw you – and usually you never even meet them. Netflix’s The Tinder Swindler depicts the high-end version but there are thousands of low-end scammers out there too, haunting dating websites and social media, looking for someone to latch on to.
The most common version of this variation preys on the anxiety of parents whose older children are spreading their wings. It starts with a SMS or WhatsApp from an unknown number purporting to be from that child on a different phone from their usual one – and in some form of trouble which requires an immediate cash transfer. A sub-variant is scammers claiming to have found lost pets – and seeking cash up front to return them.
This is not seen as much as some others – as it requires a more targeted approach – but when it does occur, the losses tend to be the highest of all.
The simple version involves fraudsters advertising fake investment opportunities, usually with the promise of wildly unrealistic returns and little risk of losing your investment. This can happen on social media linking to professional-looking websites. Other scams may involve websites that impersonate real investment groups or ads that make it appear that celebrities are endorsing the company.
And if the scammers get any interest they will reach out to you in person.
The most money of all is still lost to those who are groomed in person in this way – in what are often known as Boiler Room scams. These see victims, often older people, persuaded to move their savings or pension pot into high risk or worthless stock. And it’s the most costly of all. According to data from UK Finance, more than three-quarters (76%) of APP fraud originates online – but that traffic accounts for just a third (30%) of APP-related losses.
If you spot any suspicious activity like this then you should do two things immediately: cease to engage and alert your bank. Do not share any personal data, particularly financial. The fraud departments of banks these days are highly responsive and can offer assistance – but remember that you must call them, not the other way around. Because callers saying they are from your bank can themselves be fraudsters using number spoofing.
If the scam attempt is particularly grave – if, for example, you discover an older relative has been targeted by a boiler room gang, then you should also alert the police.
Mobile Number Intelligence plays a crucial role in preventing Authorised Push Payment (APP) fraud by enhancing identity verification, especially for customers with limited credit history, often referred to as ‘thin-file’ customers. This approach goes beyond simply verifying the mobile number; it also authenticates the identity linked to that number and monitors the device in use throughout the customer’s lifecycle, so you know money is being sent legitimately.
The process begins right at the onboarding stage, where mobile number identity checks can prevent fraudsters from opening bank accounts. Combining traditional Know Your Customer (KYC) checks with advanced methods, like Online Presence checks, ensures a stronger verification process for those with thin credit files.
During high-risk transactions, mobile identity continues to play a key role by verifying the integrity of the mobile number. This includes ensuring the number hasn’t been recently recycled, detecting if porting or call forwarding features are active, and checking for SIM-swap activities. These measures significantly reduce the chances of fraud during payment transactions.
Beyond identity verification, mobile insights also offer situational insights by analysing real-time mobile behaviour. These are identifiers that you can usually spot when a victim is being scammed. Monitoring unusual device activity during transactions can help banks detect and prevent fraudulent activities as they occur, providing an additional layer of security against APP fraud.
The banks are also installing more and more safety mechanisms at the point of that critical authorisation of a financial transaction. Is the bank you’re sending money to a business or personal account? Have you transacted with them before? And so on. The idea is to give potential victims pause for thought before they commit to pressing the ‘confirm’ button. For larger transactions, some will now insist on speaking to you first in person before authorising, which is often used as a fallback when data insights suggest things aren’t quite right. Expect to see more of this unless or until fraud rates start to come down.
For those whose banks don’t use mobile data intelligence tools, then the single best means of prevention is…cynicism.
Don’t take anything at face value.
There are simply too many fraudsters practising too many kinds of frauds to be anything other than suspicious.
The number on your phone’s screen that appears to be calling you may be faked. The person who says they’ve found your missing cat could be a scammer from overseas who has never seen your pet. That guy you’re falling in love with may not even look like what his profile picture shows – let alone the rest of it.
We all need to cultivate this kind of instinctive suspiciousness. It’s always best practice to err on the side of caution…always.
What protections are available to APP fraud victims?
In the UK, where TMT ID is based, new rules mean that most APP victims will be guaranteed refunds by the bank they use to make the payment.
But in most other countries there is no mandatory rule forcing banks to do this – though many will discretionarily make refunds.
In practice, if a victim hasn’t acted recklessly or lost an astronomical amount – those life savings – then banks are often sympathetic and will cover their customers’ losses.
But rather than trying to cover losses the best practice is not to incur them in the first place – by following these steps.
Last updated on October 17, 2024
TMT's mobile insights can reduce the rates of APP fraud by 25% by highlighting suspicious transaction requests. Talk to an insights specialist about reducing APP fraud today.
Talk to a mobile insights expert"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
