How Advanced Technology is Driving Authorized Push Payment Fraud

The United States is poised to witness losses increase to $3 billion by 2027, up from $1.94 billion in 2022, facing a formidable opponent in the financial sector: authorized push payment (APP) fraud. A type of social engineering fraud that relies on deception to prompt voluntary payments to fraudsters, APP fraud poses an escalating threat due to the integration of cutting-edge technologies such as artificial intelligence (AI) and machine learning (ML). 

The rise in APP fraud shows fraudsters’ adaptability in using technology for broader impact. Though tactics aren’t more complex, their scale has increased, allowing larger scams. The financial sector, consumers, and businesses must adapt to this growing threat.

To compete against APP fraud’s uptick in volume and velocity – expected to double by 2026 – companies must embrace advanced solutions that are as agile and scalable as the threats they face. By leveraging AI, ML and other technologies like device intelligence, digital footprinting and transaction monitoring, companies can enhance automation, boost confidence in their security measures and make faster, more accurate decisions. In doing so, they can address the challenge of scale and turn the tide against fraudsters.

Adding Fuel to the Fire: Real-Time Payments

In the last two years, 77% of APP fraud cases originated from online sources, impacting roughly 85% of worldwide organizations. These frauds encompass various duplicitous practices that manipulate trust and authority. The end goal of APP fraud is the transfer of money to an account controlled by a fraudster for something that never existed—goods, services, or under the guise of “help.”

Fraudsters often use impersonation, romance scams, or other types of social engineering to achieve their goals. The result is always a victim-initiated money transfer to a fraudster’s account. Since victims unwittingly initiate these transactions, traditional fraud prevention measures fail to intercept self-authorized transactions, leaving a significant gap in current defenses.

The widespread adoption of real-time payments and regulations, including FedNow in the US and the European Union’s revised Payment Services Regulation (PSR) last summer, has further exacerbated this fraud. Favoring speed and the irrevocability of transactions, real-time payments inadvertently aid the operations of APP fraudsters, who rely on the instantaneous nature to launder their profits, cover their tracks and evade the risk of being traced. 

Earlier Fraud Intervention

To counter APP fraud, companies must be able to identify bad actors and stop fraud earlier in the customer journey. By examining patterns, behaviors and connections that cut across the digital landscape, companies can detect anomalies and red flags that suggest fraudulent intent before a transaction is even authorized – working to offset the speed of real-time payments.  

Digital footprinting examines information from online activities and real-time social signals to ascertain identification and behavioral validity. This data can then be used to empower financial institutions with deeper, data-driven insight into transactions to help inform lending risks and other services.

Device intelligence, another technology layer used to detect and prevent fraud at the earliest possible point, leverages thousands of real-time device signals from geolocation and IP information to behavioral device data such as typing speeds, battery life, phone orientation and more to combat attacks. For example, in phishing scenarios, device intelligence can affirm if someone is on their phone (whether on hold or an active call) or if a call is being recorded, screen mirrored or streamed to an additional display, an indicator that the user’s screen content is visible to someone else that suggests suspicious behavior at the same time a bank transaction is made.   

Transaction monitoring is another technological component that can monitor for anomalies or patterns – for instance, a sudden large sum being transferred to a new entity. Through a more holistic assessment of risk that considers not only the transaction details but also digital behaviors and patterns associated with it, companies can distinguish legitimate transactions from those orchestrated by fraudsters, especially in cases where the victim initiates payment under false pretense.

Meeting Scale with Scale

Since the problem of APP fraud isn’t one of complexity but one of scale, the same technologies fraudsters use to execute schemes must be harnessed to scale solutions for detection and prevention efforts. With the central challenge of APP fraud lying in the sheer volume of activities catalyzed by the proliferation of real-time payments, the integration of large language models (LLM), AI and ML into fraud prevention strategies is no longer a choice but a need.

AI Frees Valuable Time for High-Level Focus

Leveraging technology to automate processes and surface patterns and anomalies—such as unusual transaction volumes, geographic irregularities, inconsistent spending patterns, and atypical access types—at unprecedented speed and precision grants companies the power to prevent, detect, and analyze fraud while reducing manual workloads on risk and compliance teams.

Although manual intervention cannot be entirely eliminated due to the nuanced and sophisticated nature of certain fraud scenarios, the efficiency gains from automation allow human analysts to concentrate on more complex, high-risk cases. This strategic allocation of resources optimizes the fraud team, reduces bottlenecks caused by the overwhelming volume of cases, and enables more agile responses to APP threats.

Advanced technologies like AI and ML analyze vast datasets at speeds unattainable by humans. Blackbox machine learning provides rapid fraud detection scores but lacks transparency in decision-making. This obscurity can hinder fine-tuning and understanding of fraud alerts. However, combining it with whitebox machine learning, which offers transparent rationale, allows companies to refine decisions based on customizable risk thresholds, fitting their business needs to effectively combat fraud at scale.

Safeguarding Trust and Financial Assets

By understanding behavior and leveraging AI, APP fraud becomes combatable. Balancing customer convenience with security allows the financial industry to tackle APP fraud effectively. Implementing scalable solutions, adhering to new regulations, and ongoing customer education can mitigate risks. For example, the UK’s Confirmation of Payee (CoP) service cross-references bank details with account holder names, pushing banks and payment platforms to act against fraud.

Digital footprinting goes beyond basic checks, analyzing emails, phone numbers, online behavior, and historical data to assess transaction legitimacy. If a transfer is linked to suspicious activity, the system can trigger further investigation. Aggregating and analyzing data in real-time provides financial institutions with insights to intercept fraudulent transactions proactively.

Unifying a Defense Against APP Fraud

Countering APP fraud requires a dynamic and holistic fraud prevention strategy in which advanced technologies like AI and ML afford the speed and scale needed to counteract the tactics of fraudsters. Further technologies like digital footprinting, device intelligence and transaction monitoring augment and support the fight against APP fraud by delivering invaluable contextual insights into user behaviors and potential security risks.

In combination with technology, the strengthening of regulatory frameworks, along with the active participation of consumers through education and awareness, forms a multi-layered and effective defense mechanism. The journey toward a more secure financial environment is complex, but a safer future is within reach with continuous innovation.

Sources:

• Authorized payment scams climb in US – PaymentsDive
• APP fraud volumes expected to double by 2026, says report
• 2023 APP fraud trends and changing liability at a glance
• Percentage of organizations worldwide that experienced cyber attacks from 2021 to 2022, by attack type – Statista
• Federal’s Communications Comission
• The Federal Reserve
• New draft Payment Services Regulation: overview of the main differences from PSD2 – EY
• Combatting the next wave of AI fraud – Security Magazine
• Wearepay.com