Scams at play and payment rails used in APP fraud
Issue 485 | 15 May 2023
Eye watering levels of payment fraud
UK Finance have published their annual fraud report stating that over £1.2 billion was stolen by criminals through authorised and unauthorised fraud in 2022, equivalent to over £2,300 every minute.
Fraud has a devastating impact on victims and over £1.2 billion was stolen by criminals last year. The banking and finance sector is at the forefront of efforts to tackle this criminal activity. The sector spends billions on detection and prevention and also refunds people who have fallen victim, even if the fraud originated outside the banking system.
David Postings, Chief Executive at UK Finance
In issue 484 of Payments:Unpacked the value and volume of each type of payments fraud - as well as some reflects on my time in The City for the BCCI scandal in 1991 when my role was to stop all outbound payments being sent to BCCI, in correspondent banking during the collapse of Barings Bank in 1995 and was involved in moving money around The City at the time of the “bearer bonds robbery” of 1990 - as well as my time in CHAPS with Ronnie Biggs.
If you missed issue 484 here’s a link: Eye watering levels of payment fraud.
Having looked at the value and volume of each type of payments fraud we now explore where fraud originates from, the impact of the APP voluntary code, the types of APP scams at play, the payment rails used to perpetrate fraud and the payment channels utilised to initiate fraud.
In an authorised push payment scam, a criminal will trick their victim into sending money directly from their account to an account which the criminal controls. Losses due to authorised push payment scams were £485.2 million in 2022. This was split between personal (£408.2 million) and non-personal or business (£77 million).
Typically, such deception and impersonation scams involve the criminal posing as a genuine individual or organisation and contacting the victim using a range of methods including via the telephone, email, and text message.
APP cases reported 2020-2022
Cases: The number of confirmed cases reported, one case equals one account not one individual - 6% greater in 2022.
Payments: Total number of payments identified as fraudulent in relation to case reported above - 8% greater in 2022.
Value: The total value of payments reported above - a reduction of 17% in 2022.
Returned to Victim: The total amount returned to the victim either through a direct refund from the victim bank or through recovery of funds from the beneficiary account - 5% greater in 2022.
Fraud origination
UK Finance’s report states that the vast majority of fraudulent activity starts outside the banking sector. They believe that key to tackling and ultimately reducing losses and the impact on consumers, is greater understanding on where and how fraud and scams originate.
UK Finance have found that1:
78% of fraud cases originate from online sources. These cases tend to include lower-value scams such as purchase fraud and therefore account for 36% of total losses,
18% of fraud cases originate from telecommunications, these are usually higher value cases such as impersonation scams and so account for 44% of losses.
APP voluntary code
The authorised push payment (APP) scams voluntary code was introduced on 28 May 2019, following work between the industry, consumer groups and the regulator. It provides protections for customers of signatory payment service providers (PSPs) and delivers a significant commitment from all signatory firms to reimburse victims of authorised push payment fraud in any scenario where the customer has met the standards expected of them under the code.
Ten Payment Service Providers (PSPs), representing 19 consumer brands and over 90 per cent of authorised push payments, have signed up to the code so far. A list of signatories can be found on the Lending Standards Board website.
In 2022, 190,675 cases were assessed and closed with a total value of £376.1 million. UK Finance’s latest figures show that £248.6 million of losses were returned to victims under the APP voluntary code, accounting for 66 per cent of losses in these cases2.
Types of APP scams
UK Finance collates enhanced data which provide further insight into APP scams.
This data covers:
Eight scam types: malicious payee (purchase scam, investment scam, romance scam and advance fee scam) and malicious redirection (invoice and mandate scam, CEO fraud, impersonation: police/bank staff and impersonation: other).
Six payment types: faster payment, CHAPS, BACS (payment), BACS (standing order), intrabank (“on-us”) and international.
Four payment channels: branch, internet banking, telephone banking and mobile banking. The data in the following sections provide a breakdown of the overall APP scam data detailed in the previous section and are not in addition to the total figures.
Included within each scam type is the data relating to the cases which have been assessed using the APP voluntary code.
Eight scam types
In an investment scam, a criminal convinces their victim to move their money to a fictitious fund or to pay for a fake investment. The criminal will usually promise a high return to entice their victim into making the transfer. These scams include investment in items such as gold, property, carbon credits, cryptocurrencies, land banks and wine.
Keep reading with a 7-day free trial
Subscribe to Payments:Unpacked to keep reading this post and get 7 days of free access to the full post archives.