How Advanced Technology is Driving Authorized Push Payment Fraud

The United States is poised to witness losses increase to $3 billion by 2027, up from $1.94 billion in 2022, facing a formidable opponent in the financial sector: authorized push payment (APP) fraud. A type of social engineering fraud that relies on deception to prompt voluntary payments to fraudsters, APP fraud poses an escalating threat due to the integration of cutting-edge technologies such as artificial intelligence (AI) and machine learning (ML). 

The rise in APP fraud does not denote a leap in sophistication, however, but rather highlights the adaptability of fraudsters to leverage technology for broader impact. Advancements have not increased the complexity of fraud tactics but have significantly amplified their scale, making it easier for less sophisticated fraudsters to execute more significant scams with broader reach.
Facing this growing threat, the financial sector, consumers and businesses must adapt to meet a challenge of scale. 

To compete against APP fraud’s uptick in volume and velocity – expected to double by 2026 – companies must embrace advanced solutions that are as agile and scalable as the threats they face. By leveraging AI, ML and other technologies like device intelligence, digital footprinting and transaction monitoring, companies can enhance automation, boost confidence in their security measures and make faster, more accurate decisions. In doing so, they can address the challenge of scale and turn the tide against fraudsters.

Adding Fuel to the Fire: Real-Time Payments

In the last two years, 77% of APP fraud cases originated from online sources, impacting roughly 85% of worldwide organizations. Spanning a variety of duplicitous practices that rely on tactics that manipulate trust and authority. APP fraud’s end goal is the transfer of money to an account controlled by a fraudster for something that never existed in the first place – be it goods, services or under the guise of “help.” Often, the fraudsters enter through impersonation, a romance scam or another type of social engineering fraud scam. Still, the result is the same: a victim-initiated money transfer resulting in money in an account owned by a fraudster. And since fraud victims unwittingly initiate the transactions themselves, traditional fraud prevention measures aren’t designed to intercept self-authorized transactions, rendering a significant gap in current defenses.

The widespread adoption of real-time payments and regulations, including FedNow in the US and the European Union’s revised Payment Services Regulation (PSR) last summer, has further exacerbated this fraud. Favoring speed and the irrevocability of transactions, real-time payments inadvertently aid the operations of APP fraudsters, who rely on the instantaneous nature to launder their profits, cover their tracks and evade the risk of being traced. 

Earlier Fraud Intervention

To counter APP fraud, companies must be able to identify bad actors and stop fraud earlier in the customer journey. By examining patterns, behaviors and connections that cut across the digital landscape, companies can detect anomalies and red flags that suggest fraudulent intent before a transaction is even authorized – working to offset the speed of real-time payments.  

Digital footprinting examines information from online activities and real-time social signals to ascertain identification and behavioral validity. This data can then be used to empower financial institutions with deeper, data-driven insight into transactions to help inform lending risks and other services.

Device intelligence, another technology layer used to detect and prevent fraud at the earliest possible point, leverages thousands of real-time device signals from geolocation and IP information to behavioral device data such as typing speeds, battery life, phone orientation and more to combat attacks. For example, in phishing scenarios, device intelligence can affirm if someone is on their phone (whether on hold or an active call) or if a call is being recorded, screen mirrored or streamed to an additional display, an indicator that the user’s screen content is visible to someone else that suggests suspicious behavior at the same time a bank transaction is made.   

Transaction monitoring is another technological component that can monitor for anomalies or patterns – for instance, a sudden large sum being transferred to a new entity. Through a more holistic assessment of risk that considers not only the transaction details but also digital behaviors and patterns associated with it, companies can distinguish legitimate transactions from those orchestrated by fraudsters, especially in cases where the victim initiates payment under false pretense.

Meeting Scale with Scale

Since the problem of APP fraud isn’t one of complexity but one of scale, the same technologies fraudsters use to execute schemes must be harnessed to scale solutions for detection and prevention efforts. With the central challenge of APP fraud lying in the sheer volume of activities catalyzed by the proliferation of real-time payments, the integration of large language models (LLM), AI and ML into fraud prevention strategies is no longer a choice but a need.

AI Frees Valuable Time for High-Level Focus

Leveraging technology to automate processes and to surface patterns and anomalies such as unusual transaction volumes, geographic irregularities, inconsistent spending patterns and atypical access types at unprecedented speed with precision grants companies the power to prevent, detect and analyze for fraud while reducing manual workloads on risk and compliance teams. Although manual intervention cannot be entirely eliminated – owing to the nuanced and sophisticated nature of certain fraud scenarios –  the efficiency gains from automation allow human analysts to concentrate their expertise on more complex, high-risk cases. This strategic allocation of resources ensures that the fraud team is optimized, reducing bottlenecks caused by the overwhelming volume of cases and enabling more agile responses to APP threats.

Offering many benefits, advanced technologies like AI, ML, and other innovations allow for analyzing vast datasets at a velocity and quantity unattainable by human capacity alone. Blackbox machine learning is efficient in churning through data to provide rapid fraud detection scores but lacks transparency in its decision-making processes. This obscurity can impede the ability to fine-tune or understand the basis of certain fraud alerts. But, when used in tandem with whitebox machine learning, an AI model that offers the transparent rationale behind AI decisioning, companies can refine choice-making based on customizable risk thresholds to fit their business needs at the scale required to thwart fraud today.

Safeguarding Trust and Financial Assets

Armed with a more nuanced understanding of behavior to inform transactional context and by harnessing the power of AI to meet the scale at which fraudsters are operating today, APP fraud is a combatable issue. By achieving the balance of providing customer convenience with security, the financial industry can address the problems posed by APP fraud in this era of emerging technologies. 

Incorporating solutions that address scale, new regulatory frameworks and ongoing customer education initiatives can mitigate risks. The implementation of specific measures, such as the UK’s Confirmation of Payee (CoP) service, which cross-references bank details with the account holder’s name during online transactions, is an example of how regulatory bodies and industry oversight can press traditional banks and payment platforms to take more decisive actions against APP fraud.  

Digital footprinting extends beyond the basic verification checks, like cross-referencing bank account details with account holder names; this type of confirmation isn’t enough. Financial institutions can leverage digital footprinting to scrutinize email or phone numbers associated with each transaction. Upon the initiation of a transfer, the system can analyze the digital footprint of the recipient, including their online behavior patterns, digital identity and historic transactional data to yield a risk score, providing an additional metric for assessing the transaction’s legitimacy. Suppose the account is suddenly linked to a phone number or email associated with previous fraudulent activities or a dubious online presence. In that case, the system can trigger further investigation before proceeding with the transaction.

By aggregating and analyzing vast amounts of data to provide real-time insights into the risk associated with specific digital identities, insights can inform the transaction approval process, allowing financial institutions a more granular understanding of potential risks and enabling them to intercept fraudulent transactions proactively.

Unifying a Defense Against APP Fraud

Countering APP fraud requires a dynamic and holistic fraud prevention strategy in which advanced technologies like AI and ML afford the speed and scale needed to counteract the tactics of fraudsters. Further technologies like digital footprinting, device intelligence and transaction monitoring augment and support the fight against APP fraud by delivering invaluable contextual insights into user behaviors and potential security risks.

In combination with technology, the strengthening of regulatory frameworks, along with the active participation of consumers through education and awareness, forms a multi-layered and effective defense mechanism. The journey toward a more secure financial environment is complex, but a safer future is within reach with continuous innovation.

Sources:

• Authorized payment scams climb in US – PaymentsDive
• APP fraud volumes expected to double by 2026, says report
• 2023 APP fraud trends and changing liability at a glance
• Percentage of organizations worldwide that experienced cyber attacks from 2021 to 2022, by attack type – Statista
• Federal’s Communications Comission
• The Federal Reserve
• New draft Payment Services Regulation: overview of the main differences from PSD2 – EY
• Combatting the next wave of AI fraud – Security Magazine
• Wearepay.com