Authorised Push Payment (APP) fraud is spiralling in the UK. Every year, thousands of individuals and businesses suffer significant financial losses because they have no idea of how to protect themselves against it. £583.2m was lost to APP fraud in 2021 according to the latest figures1.
As criminals become more sophisticated, and we spend longer online, we become more susceptible to this type of scam.
Here, we explain just what APP fraud is, and share our top tips on how you can protect yourself and your small business against it.
What is APP Fraud?
Authorised push payment (APP) fraud is a scam. It occurs when a criminal deceives a victim and coerces them into transferring money to their account. They use comprehensive social engineering tactics to get targets to move money into their bank account via a real-time payment scheme. Payments made in this way are irreversible, so once you realise what has happened, there is no way of reversing a payment or retrieving the money.
APP fraud is one of the fastest-growing types of cybercrime. The amount lost to APP fraud reached £583.2m in 2021, a 39% increase compared with 2020. £271.2m was returned to victims, accounting for 47% of total losses. . The stakes are high, so it’s important to protect yourself against this type of crime – especially online.
The most common types of APP Fraud.
There are two main types of APP Fraud scams. These are either:
Malicious Payee – where victims make a push payment, typically in return for promised goods or services to people they think are legitimate.
Malicious Redirection – when a criminal contacts a victim via phone, text, email, social media accounts, and fake websites. They impersonate a member of an established organisation, such as a bank or the NHS and get someone to transfer funds out of their account into that of the criminal.
Within these two categories, there are several types of APP fraud. They include property purchase scams, investment scams, romance scams, CEO fraud, and refund scams.
How to protect your small business against APP Fraud.
1. Stay Alert.
It is wrong to assume that only large organisations or unsuspecting individuals are targets of APP fraud. Anyone can be a target, so it is vital that you stay alert and remain vigilant to emerging tactics.
2. Stop, think, and challenge.
If someone contacts you out of the blue and claims to be from a trusted organisation, you are right to be suspicious. Stop and think before sharing personal or financial information, or making a financial transaction.
3. Test and Check.
When you make a new payment to a new account it is wise to test its validity. Transfer a small sum of money first, then check with the company (using published contact details), to confirm the payment has been received.
If you implement an agreed method of payment at the beginning of a business relationship, you protect both yourself and your customers.
4. Train staff and encourage a good cyber security culture.
Your team is your best form of defence when it comes to cyber security. Training your staff and encouraging a positive cybersecurity culture with data protection governance is key.
5. Protect yourself online.
Criminals use sophisticated tactics to acquire passwords and financial details. Investment in cyber-security helps to prevent both attacks and breaches. Ensure you have up-to-date anti-virus software, and appropriate cybersecurity processes in place to help you stay safe online.
6. Have a process in place to report fraud.
If you are unlucky enough to become a victim of fraud, the best thing you can do is to quickly begin the recovery process and report it.
Speed is of the essence, so have a plan in place to contact your bank and Action Fraud if you think you have been a target. You can also report suspicious websites and scam emails to the NCSC and they will investigate them on your behalf.
It is important to report fraud to stop criminals and prevent others from falling victim to the same scam.
The Takeaway
New scams appear all the time. Criminals will stop at nothing to persuade you to part with your money. They take advantage of charities, businesses, and government organisations to convince you they are genuine.
The adage “prevention is better than cure” is applicable here. The more effort put into preventative measures, the more you will protect your business and customers.
Being proactive in your data protection and security practices will protect yourself and your business most effectively. If you need assistance with this, please make contact today.