APP Fraud: How best do we tackle it?

Cartoon showin someone committing fraud at a computer
(Image credit: Photo by Growtika on Unsplash)

Like many of you, I’ve had phone calls from scammers. They’re usually very easy to spot, even before I pick up the phone – invariably they are from an unknown mobile number, something a legitimate organization would never use. The caller then goes on to explain that they are calling from my phone provider – clearly a list of phone numbers associated with particular phone companies has been leaked at some point.

Despite their sophistication, I can get these scammers to hang up with five simple words: “who are you calling for?” They may have my number, but they don’t have my name or indeed any other personal details, so asking them who they are calling for, and repeating the question when they inevitably try to evade it, always causes them to hang up in a panic. I could, of course, end the call myself, or not take the call, but there is a small degree of satisfaction in letting criminals who exploit the most vulnerable people in our society know that they can be undone in only five words.

While typical scams can be easy to thwart, new fraud tactics are emerging every day and can fool the wariest of consumers. Even people who are well-informed can fall for what seem to outsiders to be pretty obvious scams all the time: you may recall a finance advice columnist being persuaded to hand over $50,000 dollars in cash in a shoe box to a scam caller claiming to be from the CIA. The demographic most likely to fall for scams isn’t the elderly, but digital natives under 25s.

Roger Alexander

Key Advisor to Chargebacks911’s Advisory Board.

Why is APP Fraud so prevalent?

The most common form of fraud by far is authorized push payment (APP) fraud. The definition is simple, but the ways in which it can be carried out are widely varied: at its most basic level, APP fraud is any fraud that makes use of the APP technology. Those of you who use banking apps will be familiar with the ability to send payments to friends or businesses through the app, and the multiple layers of warnings that you may be sending money to a scammer. You can also send push payments by calling a bank’s customer service line or in a branch, though these are less common, and fraudsters will try to steer you away from these solutions since bank employees are trained to look for evidence of scams.

The scale of the problem is staggering. In 2023 alone, £1.17 billion was stolen through various forms of fraud, and while APP losses decreased by 5%, the total number of APP cases rose by 12%​. Despite major efforts by banks to mitigate these losses—deploying increasingly sophisticated technology, partnering with law enforcement, and rolling out public awareness campaigns—criminals continue to evolve. In fact, 76% of APP fraud originated online, with an additional 16% coming from telecommunications​.

While financial institutions bear the brunt of combatting fraud through proactive measures, consumers are still being tricked into sending money to fraudsters. Even with layers of alerts, prompts, and security measures, scams continue to succeed, primarily because through generative AI and machine-learning tools, criminals have become expert manipulators. They exploit consumers' trust in legitimate platforms, making it harder to detect fraud until it's too late.

The hard truth about APP Fraud

So, what is the missing link? The answer is, unfortunately, consumers. No amount of regulation, no reimbursement policy, or sophisticated technology can fully replace the vigilance and awareness required at the consumer level. Banks can prevent unauthorized fraud—where payments are made without a customer’s consent—more effectively than APP fraud, where the customer themselves authorizes the transaction, albeit under false pretenses. In unauthorized fraud cases, banks are able to recover or prevent the loss of money in 64% of incidents​. APP fraud, by contrast, often sees a much lower rate of recovery, as criminals are adept at moving money quickly once they’ve gained access to an account.

APP scams often involve highly believable social engineering techniques. Fraudsters impersonate legitimate organizations such as banks, government departments, or even utility companies. In other instances, they exploit emotional vulnerabilities, like in romance scams, where victims are convinced they’re in a genuine relationship. These types of fraud play out over long periods of time, sometimes involving up to ten separate payments per case​. With such a personal touch, it’s easy to see how these scams bypass even the most robust security measures.

The financial industry has certainly stepped up, but the hard truth remains: criminals will always adapt to the latest technological advancements, meaning the fraud landscape will continue to evolve. The focus, therefore, must also shift towards empowering consumers with the skills they need to recognize fraud before it happens.

Consider the generational gap in fraud susceptibility. You might expect older adults, who are often seen as less tech-savvy, to be most at risk. Yet under-25s are statistically more likely to fall victim to online scams. This isn’t due to a lack of familiarity with technology; quite the opposite. Young adults, comfortable with digital environments, tend to be more trusting of online interactions​. They are also the demographic most likely to engage in behaviors that make them vulnerable to fraud, such as using insecure platforms for transactions or being lured by ‘too good to be true’ deals on social media.

Fighting APP fraud starts with consumers

To truly combat APP fraud, consumers need to develop a healthy level of scepticism when it comes to their digital interactions. Trusting that a bank’s warnings or anti-fraud systems will always intervene is misguided. Instead, consumers must be educated to recognize warning signs for themselves, as knowing which questions to ask could save them from falling victim to APP fraud.

Banks and fintech companies can continue to implement top-tier fraud prevention systems, and they should, but there will always be an inherent limitation to what those systems can achieve. Criminals are, by nature, opportunistic and constantly on the lookout for weak links. Unfortunately, the weakest link remains human psychology. To stop APP fraud, we must first get smart.

While the banking industry has undoubtedly made strides in combating APP fraud, it cannot be solely responsible for eliminating it. True fraud prevention will only occur when consumers become more informed, cautious, and empowered to question the legitimacy of their transactions. This is not just a financial challenge; it’s a societal one. And it’s only by working together that we can hope to turn the tide.

We've featured the best identity theft protection.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Roger Alexander serves as a key advisor to Chargebacks911’s Advisory Board.