Understanding Authorised Push Payment (APP) and Safeguarding Against Fraud

8 mins

Authorised Push Payment (APP) is a common and convenient method of transferring funds between bank accounts. However, with the rise of digital transactions, it has also become a target for fraudulent activities. In 2022, a payment systems company called ACI Worldwide conducted a global survey among consumers. The findings revealed that 20% of people around the world who participated in the survey shared that they had experienced financial losses due to fraudulent activities in the past four years. More specifically, out of those surveyed, 27% reported falling victim to scams involving authorised push payment.

In this article, we will delve into what APP is, how it works, various methods employed in authorised push payment fraud, real-life examples, the impact of such fraud, and crucial detection and prevention measures.

What is APP & How Does It Work?

Authorized Push Payment (APP), also known as bank transfer fraud, is a method of financial transaction where the person making the payment (the payer) takes the active role in initiating the transfer. This sets it apart from other transaction methods like direct debits or standing orders, where the recipient (payee) is responsible for managing the payment process.

In the case of APP, the payer instructs their own bank to transfer a certain amount of money from their account to another account. This type of transaction is frequently employed for various purposes, including online purchases, settling bills, or sending funds to family and friends.

The process begins with the payer providing specific details about the recipient to their bank. This typically includes crucial information such as the recipient's account number and sort code. Armed with these details, the payer's bank then takes the initiated payment request and facilitates the transfer of funds from the payer's account to the designated recipient's account.

This method offers a high level of convenience, allowing individuals to directly manage their payments without the need for intermediaries. However, this very convenience is what has also made APP susceptible to fraudulent activities. Fraudsters exploit vulnerabilities in this process, often tricking individuals into authorizing payments to accounts controlled by the criminals.

As the digital landscape evolves, so do the tactics employed by fraudsters. Therefore, it becomes essential for users to remain vigilant, employ secure practices, and be aware of potential risks associated with APP transactions. Now that you know what is authorised push payment fraud, let us discuss the different methods in APP.

New call-to-action

Different Methods Used in APP

APP fraudsters employ various methods to deceive individuals into authorising fraudulent payments. Here are some of the most common used by fraudsters.

1. Phishing Emails and Messages:

One common method employed by APP fraudsters involves the use of phishing emails or messages. In these scenarios, fraudsters craft messages that appear to be from legitimate sources, such as banks, government agencies, or reputable companies. These messages often contain urgent requests for payment or prompt recipients to click on malicious links that can lead to fake websites designed to capture sensitive information.

2. Fake Invoices:

Another tactic used in APP fraud is the creation and submission of fake invoices. Fraudsters may pose as vendors, service providers, or even acquaintances, sending fabricated invoices to individuals. These invoices often look convincing, containing logos, details, and payment instructions that closely resemble legitimate documents. Unwitting individuals may then authorize payments, thinking they are fulfilling legitimate financial obligations.

3. Exploiting Online Platform Vulnerabilities:

APP fraudsters are adept at exploiting vulnerabilities in online platforms. They may target weaknesses in e-commerce websites, payment processing systems, or even social media platforms to intercept payment instructions. By gaining unauthorized access or manipulating the digital environment, fraudsters redirect payments to their own accounts, leaving victims unaware of the fraudulent activity until it's too late.

4. Manipulation of Trust:

Some fraudsters take a more direct approach by manipulating the trust of their victims. This can involve building relationships online through social engineering tactics, creating a false sense of familiarity, trust, or urgency. Victims may then be persuaded to authorize payments, thinking they are helping a friend in need or engaging in a legitimate transaction. This method preys on human emotions and trust, making it particularly effective.

5. Impersonating Legitimate Entities:

In certain cases, fraudsters go to great lengths to impersonate legitimate entities. This could involve creating fake websites, emails, or messages that closely mimic those of well-known banks, government agencies, or reputable organizations. The goal is to deceive individuals into believing they are interacting with a trusted source, leading them to authorize payments without realizing the fraudulent nature of the request.


1. Invoice Scams:

Fraudsters send fake invoices to individuals, posing as legitimate service providers, contractors, or vendors. Victims, believing they owe money for services or products, authorize payments only to later discover that the invoices were fraudulent.

2. Impersonation of Authorities:

Scammers impersonate law enforcement officials, tax authorities, or government agencies, claiming that the victim owes fines, taxes, or fees. The victims, fearing legal consequences, may transfer funds as instructed by the fraudsters.

3. Property Rental Frauds:

Scammers advertise fake rental properties online, often at attractive prices. Prospective tenants are asked to pay a deposit or advance rent via APP. After making the payment, victims discover that the property doesn't exist, and they lose their money.

4. Business Email Compromise (BEC):

In the corporate world, scammers compromise email accounts of executives or employees. They then use these accounts to request fund transfers from colleagues or subordinates, who, thinking the request is legitimate, initiate the payments via APP.

Impact of APP

The impact of falling victim to APP fraud can be severe, both financially and emotionally. Individuals may lose significant amounts of money, and the process of recovering funds can be complex. Moreover, the emotional toll of being deceived and the breach of trust can be distressing.

1. Financial Impact:

One of the most immediate and tangible consequences of falling victim to Authorized Push Payment (APP) fraud is the financial loss experienced by individuals. Fraudsters often target substantial sums of money, and victims may find their bank accounts significantly depleted. In some cases, victims may even face financial hardship, struggling to cover daily expenses, bills, or other financial obligations.

The financial impact extends beyond the direct loss of funds. Individuals may also incur additional costs related to legal fees, credit monitoring services, or other expenses associated with trying to rectify the situation and prevent further financial harm. The financial repercussions can have a long-lasting effect on an individual's financial stability and well-being.

2. Emotional Toll:

The emotional toll of falling victim to APP fraud can be profound. Deception and betrayal by fraudsters can lead to feelings of anger, shame, guilt, and embarrassment. Victims often blame themselves for not recognizing the scam or for being trusting in the first place. The emotional distress can be exacerbated by the realization that the funds may never be fully recovered.

The psychological impact extends to the stress and anxiety associated with financial uncertainty. Victims may worry about their ability to meet financial obligations, provide for their families, or maintain their standard of living. The emotional toll can have a ripple effect on various aspects of a person's life, affecting relationships, work performance, and overall mental well-being.

3. Complex Recovery Process:

Recovering funds lost to APP fraud is a complex and challenging process. Unlike unauthorized transactions on credit cards, where legal protections may be more robust, APP fraud often involves the unwitting authorization of payments. This makes recovering funds more difficult, as the legal and financial systems may provide limited recourse for victims.

Victims typically need to work closely with law enforcement, their bank, and other relevant authorities to investigate the fraud and attempt to trace the funds. The recovery process may involve navigating bureaucratic procedures, providing evidence of the fraud, and engaging in protracted negotiations with financial institutions. The uncertainty and lengthiness of the recovery process can further contribute to the emotional distress experienced by victims.

4. Breach of Trust:

Beyond the immediate financial and emotional impact, APP fraud results in a significant breach of trust. Victims may become wary of engaging in online transactions, sharing financial information, or trusting others, both online and offline. This erosion of trust can have long-term consequences on an individual's willingness to participate in the digital economy and can lead to a more cautious approach in future financial interactions.

AML Software Guide

Detection and Preventive Measures for APP

Detecting and preventing APP fraud requires a combination of awareness, vigilance, and technological safeguards. Some key measures include:

1. Continuous Education and Awareness:

Staying informed about the latest scams and developing a strong awareness of potential threats is a fundamental step in preventing Authorized Push Payment (APP) fraud. Regularly educate yourself on evolving scam tactics, phishing schemes, and common fraud patterns. Awareness can empower individuals to recognize red flags, question suspicious requests, and take proactive measures to protect their financial information.

2. Verification of Requests:

Verifying the authenticity of requests for money is a crucial practice in preventing APP fraud. Before authorizing any payments, particularly those received unexpectedly or from unfamiliar sources, individuals should independently verify the legitimacy of the request. This may involve contacting the supposed sender through a known and trusted communication method to confirm the transaction details.

3. Two-Factor Authentication (2FA):

Enabling and actively using Two-Factor Authentication (2FA) adds an extra layer of security to online banking and payment accounts. 2FA typically involves receiving a temporary code on a separate device or through a different communication channel, such as a text message or app, which is required in addition to the regular login credentials. This significantly enhances the security of accounts and helps prevent unauthorized access, even if login details are compromised.

4. Secure Communication Practices:

Ensuring that communication channels are secure is vital in preventing APP fraud. Avoid sharing sensitive information, such as account numbers or passwords, through unsecured channels like email or text messages. Use secure, encrypted communication platforms, especially when discussing financial matters. Be cautious about responding to unsolicited communications requesting personal or financial information.

5. Transaction Monitoring:

Regularly monitoring bank statements for any unauthorized or suspicious transactions is an effective means of early detection. Set up alerts on accounts to receive notifications for transactions exceeding a certain amount or occurring in unusual locations. Promptly reporting any discrepancies to the bank can lead to quicker intervention and potential recovery of funds. Regular review of financial statements also helps in identifying any irregularities that may indicate fraudulent activity.

6. Secure Password Practices:

Maintaining strong and unique passwords for online banking and payment accounts is a foundational aspect of preventing unauthorized access. Avoid using easily guessable passwords, and consider using a combination of letters, numbers, and symbols. Regularly update passwords and refrain from using the same password across multiple accounts to minimize the risk of a security breach.

7. Use Trusted Platforms and Services:

When conducting financial transactions, use reputable and trusted platforms or services. Be cautious about clicking on links or providing financial information through unfamiliar websites or apps. Stick to well-established and secure platforms, and verify the legitimacy of any new services before using them for transactions.

8. Regular Software Updates:

Ensure that devices used for online banking and payments are regularly updated with the latest security patches and software updates. Outdated software may contain vulnerabilities that could be exploited by fraudsters. Keeping systems up-to-date enhances overall security and reduces the risk of unauthorized access.


Authorised Push Payment is a convenient method for transferring funds, but its susceptibility to fraud requires individuals to be vigilant and proactive. By understanding the various methods employed by fraudsters, learning from real-life examples, and implementing effective detection and prevention measures, individuals can safeguard themselves against the potential financial and emotional impact of APP fraud.

Recent Posts