How to Protect Your Business From Authorized Push Payment Fraud

From the beginning of 2020, over 40 percent of businesses fell victims to Authorized Push Payment Fraud (APPF). And the next year was no better. In the first couple of months of 2021, the number of reported cases doubled and businesses lost more than $215 million due to APPF.

Although it might seem like there is currently no way to fully protect your business, there are things you can do to prevent the fraud from happening. 

Authorized Push Payment Explained: How Dangerous Is It?

Since the beginning of the pandemic, global finance encountered a serious disruption. People are much more used to online payments now than ever before. On the one hand, this brings a lot of convenience and faster transfers. On the other hand, unfortunately, online payments pose a serious threat to individuals and businesses.

A push payment is a payment where the provider of services doesn’t ask for money (“pull”). Instead, the payer injects the amount directly into the provider’s account (“push”). This type of payment is facilitated by a bank’s app or third-party billing software

The Con Artists

APP fraud is a very refined and cunning form of cyber-criminal. First, the crooks hack into an individual or business's private accounts (social media, email address, or similar). Once there, they keep communicating with the business’s unsuspecting previous clients as if nothing happened.

The criminals are true con artists, as are able to spend a lot of time skillfully pretending that they are genuine and that the business goes on as usual. 

Then, they will start asking clients and individual customers for payments. While this is a red flag for most users, the criminals are very convincing, and a lot of people and businesses don’t manage to see through their web of lies. It is because criminals have access to all of the previous information and communication, and heavily rely on such data to construct lies and schedule their demands.

Additionally, these criminals engage in phishing, creating false emails that look exactly like genuine invoices. Also, they can even call the company’s accounts payable department, manipulating the employee to change push payment account details.

There is even a black market of stolen usernames and passwords on the dark web. Criminals buy and use them to break into mobile banking apps.

The APP fraud is only one side of the story. The entire world is disturbed by expanding cybercrime, especially in the investment and crypto industries. Also, many users of self-directed IRA accounts had very unpleasant encounters with cybercriminals as well. Some studies show that people between 40 and 60 years old reported the highest losses due to fraud in 2021. 

The Cost of Being a Victim of a Fraud

If you are starting a business in 2021 or 2022, you should be very careful about APP fraud, because falling victim to it can be costly. According to some reports, APP frauds stole more than $658 million in the UK alone.

What Is the Authority's Response to APP Fraud?

At the moment, the legal treatment of APP fraud is unsuitable and largely unfair. On the one side, banks have no legal responsibility to refund money lost because of an APP scam. On the other, the victims of the scam are often blamed for negligence and carelessness. 

However, because the amount of APP fraud reports keeps growing, the authorities seem to start changing the way of looking at things. 

Many consumer groups and firms have been filing complaints, asking for the banks to take more responsibility for real-time bank transfer scams. There have also been cases of various national financial bodies, such as the Payment Systems Regulator (PSR) in the UK, recognizing the problem and promising to take action to protect businesses and individuals from this kind of fraud in the future.

How to Protect Yourself From APP Fraud?

Until proper regulation is created, there are things you can do to protect your business from APP fraud. 

Change Passwords Frequently

Although hackers can attack at any time, you can outmaneuver them by changing passwords to your social media accounts every couple of months. Also, make sure to have strong passwords, using numbers and special characters.

Also, you should have different passwords for each platform (email, Facebook, Instagram…). 

Finally, avoid accessing your business accounts through public WiFi (cafes, trains, bus stations, etc.).

You Can’t Be Too Careful

Always double-check if your client is who they say they are. If they ask you for payment, give them a call to check if it’s genuine.

Also, instead of using the contact details directly from the email, check if the address and other information match those from their official website.

Another way to do it is to transfer a small amount first, just to check if the bank details match the company’s name and other credentials. 

In the long run, make sure to have a mutually respectful and trusting relationship with your clients and customers. If you know who you are working with, it will be easier to detect fraud.

Also, you should notify your customers if you feel you might be a target of APP fraud. They couldn't advance if they notice any suspicious activity from your accounts.

Train Your Staff

Update your business process and train employees to recognize fraudulent activities on time and how to report them. 

Cyber Security

Finally, it is probably a good time to invest in strong cyber security and data protection systems. Some businesses are even buying cyber insurance that covers the costs of data losses and privacy breaches.

What to Do If It Happens?

Usually, the moment when it becomes clear that something happened is when the payee continues insisting on payments even though the client claims to have paid. It soon becomes clear that both parties lost their money, and are victims of APP fraud.

Although it is very hard to recover the lost money, it is still very important to report the fraud to the authorities. It is the only way to alarm the public and contribute to raising awareness on the issue. 

According to the Motley Fool rule breakers’ estimations, only 62% of cybercrime victims are reporting scams to the authorities. 

The first thing to do if you think you have been scammed is to let your bank know of what happened. After that, you need to report it immediately to Action Fraud or any other relevant financial institution in your country.

Technology   Legal   Security   Business