As most banking and payments moved online, the risk of payment fraud has increased dramatically, posing significant threats to businesses and individuals alike. Our recent report sheds light on the two main types of payment fraud: Unauthorized Fraud and Authorized Push Payment (APP) Fraud, emphasising the importance of vigilance and protective measures.
Unauthorised Fraud occurs when criminals exploit payment cards, online banking, or cheques without the consent of the account holder. Despite the substantial volume of this fraud, victims benefit from strong legal protections, with an impressive 98% of fraudulent losses refunded.
In contrast, APP Fraud has surged in prevalence since the pandemic and has emerged as a critical risk for businesses and financial institutions. Unlike unauthorised fraud, where liability rests with the financial institution, the burden of APP fraud losses traditionally fell on users. A significant turning point was set for October 2024 in the UK, when new regulations will protect retail customers and micro-enterprises, shifting the responsibility for preventing fraud to banks and financial institutions.
Unfortunately, similar protection is not available to larger businesses, who instead will soon have to do more internally as new legislation introduces the concept of failure to prevent fraud. “Failure to prevent fraud” occurs when an organisation does not implement adequate measures to detect or stop fraudulent activities its employees or associates commit. This lack of oversight can result in significant financial losses and damage to the organisation's reputation.
As regulators and financial institutions build more robust defences against domestic APP fraud, fraudsters refocus their efforts on cross-border payments, which remain more vulnerable and have limited end-user protections.
According to an EBA study, fraud rates are about 22 times higher for cross-border bank transfers than domestic ones. While most transfers are domestic, 43% of fraudulent value was related to cross-border transfers. Most importantly, the overwhelming majority is caused by APP Fraud, leaving most of the losses born by the payment users.
APP Fraud occurs when criminals deceive individuals into authorising money transfers to accounts they control, often through convincing scams. Criminals employ a variety of tactics, including fraudulent emails and phone calls, to manipulate victims into believing they are making legitimate payments. This type of fraud can have dire consequences, significantly impacting cash flow and jeopardising business operations.
Examples of prevalent fraud schemes include the "CEO Scam", where fraudsters impersonate senior executives to request urgent payments, and Invoice Fraud, where hackers pose as suppliers to change payment details. Such tactics can leave businesses vulnerable, leading to financial losses that may disrupt operations and damage reputations.
The repercussions of APP fraud extend beyond immediate financial impacts. Victims often face increased insurance premiums, damaged credit ratings, and a loss of trust from customers and suppliers. Additionally, the fallout can diminish employee morale, creating an atmosphere of insecurity within the organisation.
Financial institutions are not immune to these challenges. With APP fraud, payments are authorised by the victim, complicating detection and prevention efforts. Once executed, retrieving funds can be complex, leaving victims and institutions at a financial loss.
As we navigate this evolving payment fraud landscape, awareness and proactive measures are essential. Businesses and individuals must prioritise security protocols and stay informed about the latest fraud tactics to safeguard their finances effectively.
Discover how HedgeFlows industry experts can help you identify and quantify FX risks with tools to manage them.