What is authorised push payment (APP) fraud? Here’s how to protect your business and customers


Fight fraud with the strength of the Stripe network.

Learn more 
  1. Introduction
  2. What is APP fraud?
  3. Examples of APP fraud
  4. How can businesses protect their customers from APP fraud?
  5. How can customers protect themselves against APP fraud?
  6. Fraud detection and prevention with Stripe Radar

As the volume of online transactions continues to grow in every sector, businesses globally are increasingly concerned about the rising risk of authorised push payment (APP) fraud, which accounted for 75% of all digital banking fraud during the first half of 2022. This type of fraud can have severe consequences for businesses and their customers, including damage to a customer’s finances and damage to a business’s reputation and customer trust.

As the tactics of fraudulent actors constantly evolve, businesses are seeking effective strategies to mitigate APP fraud risks and safeguard their customers’ financial information. This involves not only implementing comprehensive security measures, but also educating customers on how to avoid becoming fraud victims.

We’ll cover what APP fraud is, different ways it can show up, and strategies that your business can implement to block fraudulent actors.

What's in this article?

  • What is APP fraud?
  • Examples of APP fraud
  • How can businesses protect their customers from APP fraud?
  • How can customers protect themselves against APP fraud?
  • Fraud detection and prevention with Stripe Radar

What is APP fraud?

APP fraud is a type of scam where criminals trick individuals or businesses into sending money to a fraudulent account. The fraudulent actors might use various methods to gain the trust of their victims, such as posing as a legitimate company or person, or using social engineering tactics to persuade a victim to transfer money.

Unlike other types of fraud, the victim voluntarily authorises the transfer of funds, often through online banking or over the phone. This makes it more difficult to recover the money and can leave the victim with significant financial losses.

APP fraud is a growing problem, with many banks and financial institutions implementing measures to try and prevent it. However, individuals and businesses must remain vigilant and take steps to protect themselves from scams, such as verifying the identity of the person or company that they are transferring money to and using secure payment methods.

Examples of APP fraud

APP fraud doesn’t just materialise in one way; there are a variety of common tactics and approaches fraudulent actors use:

  • Impersonation scams
    Posing as a legitimate business or person, fraudulent actors request money to be transferred to a fraudulent account. For instance, a scammer might impersonate a bank employee and call a customer to request a payment to fix a supposed issue with their account.

  • Invoice fraud
    Fraudulent actors send fake invoices to businesses or individuals, requesting payment for goods or services that were never provided. For example, a company might receive an invoice for a service that they never ordered or received, and the scammers request payment to be made to a fraudulent account.

  • Investment scams
    Fraudulent actors promise high returns on investments and request money to be transferred to a fraudulent account. A real-life example of this is the OneCoin scam, which lured investors into a Ponzi scheme by promising high returns on cryptocurrency investments.

  • Romance scams
    Online dating sites are used to build relationships with individuals and then request money to be transferred to a fraudulent account. A common example of this is the Nigerian prince scam, in which fraudulent actors pose as wealthy individuals and request money for various reasons.

  • CEO fraud
    Posing as a CEO or high-level executive of a company, fraudulent actors request money to be transferred to a fraudulent account. For example, a scammer may impersonate a CEO and send an email requesting an urgent payment to be made to a supposed supplier.

  • Tech support scams
    Fraudulent actors pose as tech support personnel and request payment to fix a non-existent computer problem. For example, a victim might receive a pop-up message on their computer warning them of a virus and requesting payment to remove it, which leads them to a fraudulent website where they are asked to enter their payment information.

How can businesses protect their customers from APP fraud?

Businesses have an obligation to implement effective security measures to protect their customers from APP fraud. This includes educating customers about the risks of fraud and how to avoid becoming a victim, as well as using fraud detection and prevention software and payment hardware to identify and block suspicious transactions.

There are several practices that businesses can use to protect their customers from APP fraud:

  • Educate customers
    Businesses should educate their customers on the risks of APP fraud and how to avoid becoming a victim. This includes providing information on common types of scams and how to identify them. It doesn’t necessarily tarnish a brand’s reputation to have fraud vulnerability inherent to their type of business, but it does require extra work to cultivate and maintain trust with customers. Proactively communicating with customers about how to spot and protect themselves from fraud is a strong way to turn a liability into a trust-building moment.

  • Verify requests
    Businesses should verify any requests for payment, especially those that are unexpected or from an unfamiliar source. This verification can be done through phone calls, emails, or other methods of communication.

  • Use secure payment methods
    In addition to protecting customer transactions, businesses should use secure payment methods, such as card payments or bank transfers that require two-factor authentication, when conducting transactions on behalf of the business.

  • Monitor accounts
    Businesses should monitor customer accounts for any suspicious activity and notify customers immediately if any unauthorised transactions are detected.

  • Implement fraud prevention measures
    Businesses can implement fraud prevention measures, such as transaction limits, anti-phishing filters, and fraud detection software, to help prevent APP fraud.

  • Report incidents
    Businesses should report any incidents of APP fraud to the relevant authorities, such as the police or financial regulators, to help prevent similar scams in the future.

How can customers protect themselves against APP fraud?

While businesses have a responsibility to protect their customers’ financial information, customers also have an obligation to take their own steps to prevent APP fraud. By being vigilant and protecting their personal and financial information, customers can reduce their risk of falling victim to scams.

Here are some ways customers can protect themselves against APP fraud:

  • Verify requests
    Like businesses, customers should verify any requests for payment, particularly if they are unexpected or from an unfamiliar source. They should never rush to transfer money without first verifying the authenticity of the request.

  • Use secure payment methods
    Customers should use secure payment methods, such as card payments or bank transfers that require two-factor authentication. They should also avoid using cash or money transfer services that offer limited fraud protection. Given the dynamic nature of payment fraud and widespread use of electronic transactions, customers should ask questions about security to any business or financial institution that’s requesting funds.

  • Be wary of phishing scams
    Customers should be aware of phishing scams, in which fraudulent actors impersonate legitimate businesses or individuals to trick people into providing personal or financial information. They shouldn’t click on links or download attachments in suspicious emails, texts, or messages.

  • Protect personal information
    Customers should protect their personal and financial information, such as login credentials, payment card details, and Social Security numbers, by using strong passwords, enabling two-factor authentication and not sharing their information with anyone they don’t trust.

  • Keep software up to date
    Customers should keep their software and devices up to date with the most recent security patches and antivirus software to protect against malware and other cyber threats.

By taking these steps to protect their financial information, customers can reduce their risk of becoming victims of APP fraud. It’s also important for customers to report any suspicious activity to their bank or financial institution as soon as possible, as this can help prevent further losses and protect other potential victims.

Fraud detection and prevention with Stripe Radar

Fraud detection and prevention tools such as Stripe Radar, which is built into Stripe’s suite of online and in-person payment solutions, along with fraud-protected payment hardware such as Stripe Terminal can effectively help businesses protect themselves and their customers from APP fraud with:

  • Real-time transaction monitoring
    Stripe Radar can monitor a business’s transactions in real time to detect any suspicious activity, such as unusual transaction patterns or high-risk transactions. This is an important mechanism for helping businesses identify potential fraud and take action before any financial damage occurs.

  • Behavioural analytics
    Stripe gathers behavioural analytics related to customer payments, which can be useful in identifying anomalies in customer behaviour. These anomalies could include unusual login activity or payment requests from new devices or locations. This data can help businesses identify potential fraudulent actors and block suspicious transactions.

  • Two-factor authentication
    Payment hardware, such as secure card readers or biometric scanners, can provide an additional layer of security by requiring customers to provide two forms of authentication, such as a password and a fingerprint, before a transaction is authorised. You can learn more here about the three types of two-factor authentication available with Stripe.

  • Data encryption
    Payment hardware and software can use point-to-point encryption (P2PE) and end-to-end encryption (E2EE) to protect sensitive customer information, such as payment card details, from being intercepted by fraudulent actors. Stripe Terminal uses E2EE by default, plus tokenisation, providing businesses with incredibly strong protection against fraudulent actors.

  • AI-based fraud detection
    Advanced fraud detection, such as Stripe Radar, uses machine learning and artificial intelligence algorithms to identify patterns in large volumes of data and detect potentially fraudulent activity in real time.

While businesses and customers have different roles and responsibilities when it comes to preventing APP fraud, working together is important for effective fraud prevention. By staying informed about new and emerging threats and taking proactive steps to protect against fraud, businesses and customers can reduce their vulnerability.

Ready to get started?

Create an account and start accepting payments – no contracts or banking details required. Or, contact us to design a custom package for your business.