How merchants can help to prevent APP fraud
Authorised Push Payment (APP) fraud has been on the rise, with scammers using increasingly sophisticated tactics to deceive individuals and businesses into authorising fraudulent payments.
Understanding APP fraud is crucial for businesses, as failing to prevent it can lead to financial losses, reputational damage, and increased scrutiny from payment providers.
What is APP fraud?
Authorised Push Payment (APP) fraud occurs when a victim is tricked into voluntarily transferring money to a fraudster, believing it to be a legitimate transaction. Scammers often impersonate banks, businesses, or trusted individuals to deceive victims into making payments. .
Common types of APP fraud include investment scams, impersonation fraud, purchase scams, and invoice fraud. Unlike unauthorised fraud, where criminals access accounts without permission, APP fraud victims approve the transaction, making recovery of funds more challenging.
The Payment Systems Regulator (PSR) introduced the APP Fraud Reimbursement Scheme in October 2024 to combat APP fraud, significantly affecting merchants, payment service providers (PSPs), banks, and consumers. These measures aim to protect consumers by ensuring that banks and payment service providers reimburse victims more quickly and fairly.
UK Finance reports that in 2023, there were 232,429 reported incidents of APP fraud, with losses of £459.7 million. The majority of cases involved online fraud (76%), accounting for 30% of reported losses. 62% of the total loss was returned to consumers (£287.3 million).
In the UK, under the new rules, which came into place on 7 October 2024, banks and PSPs are mandated to reimburse victims of APP fraud within five business days. This reimbursement is subject to a cap of £85,000 per claim. The liability for reimbursement is shared equally between the sending and receiving PSPs.
APP fraud regulation in the EU
In the EU, a proposed update to the EU’s payment regulations, the Payment Services Directive (PSD3), is set to include updates to address APP fraud. Key changes include the introduction of stronger customer authentication (SCA) requirements, and the Confirmation of Payee (CoP) and Verification of Payee (VoP) schemes. This aims to ensure that transactions are legitimate by requiring more rigorous verification processes.
PSD3 will also mandate greater transparency from payment service providers (PSPs), ensuring that customers are fully informed about the risks when initiating payments that could be vulnerable to fraud.
Additionally, the proposal introduces clearer rules on liability, shifting more responsibility onto PSPs to prevent fraud and protect consumers, which also improves the chances of reimbursement for victims of APP fraud. These changes are designed to strengthen security, reduce fraud, and provide better consumer protection in the digital payment environment.
Impact of the PSR APP fraud regulation on merchants
The PSR APP fraud reimbursement scheme indirectly impacts merchants by increasing scrutiny from banks and payment service providers (PSPs), which may result in stricter transaction monitoring, compliance requirements, and even potential account suspensions if a merchant is linked to fraudulent activity.
While merchants are not liable for reimbursing victims, their reputation can suffer if fraud occurs on their platform, leading to a loss of consumer trust, negative media attention, and an increase in chargebacks or disputes.
Financially, merchants may face frozen funds, higher chargeback costs, and additional expenses for fraud prevention measures such as enhanced customer verification and AI-driven fraud detection systems. To comply with the new rules, they may need to implement stricter identity verification processes, improve refund and dispute policies, and conduct regular fraud risk assessments.
The measures also encourage closer collaboration between merchants, banks, and PSPs to share fraud-related intelligence and strengthen payment security. Whilst the changes present operational challenges, merchants that proactively invest in fraud prevention can gain a competitive advantage by enhancing customer trust, reducing financial risks, and maintaining smooth relationships with PSPs.
Preventive measures for merchants to combat APP fraud
The liability for reimbursing victims of APP fraud rests with the sending and receiving PSPs, not merchants. However, merchants must remain vigilant, as facilitating fraudulent transactions, even unknowingly, can damage their reputation and customer trust.
1. Implement advanced fraud detection systems
Merchants should look to partner with PSPs with robust fraud detection tools that leverage artificial intelligence (AI) and machine learning to identify suspicious transactions in real time. These systems can:
- Analyse transaction patterns to detect anomalies.
- Flag unusual customer behaviour, such as multiple high-value transactions in a short period.
- Identify known fraud indicators, such as mismatched billing and shipping addresses.
2. Use strong customer authentication (SCA)
Strong customer authentication, as required under the Revised Payment Services Directive (PSD2), helps prevent unauthorised transactions by ensuring that payments are verified through multiple authentication factors. Merchants can:
- Require multi-factor authentication (MFA) for high-risk transactions.
- Implement biometric verification, such as fingerprint or facial recognition.
- Use one-time passcodes (OTPs) sent to customers' registered devices.
3. Educate customers on APP fraud risks
Merchants should actively inform customers about the risks of APP fraud and how to avoid falling victim to scams. This can be done through:
- Clear warnings on checkout pages about known and common scams.
- Email campaigns or blog posts explaining how fraudsters operate.
- Encouraging customers to verify payment details before making large transactions.
4. Monitor and verify transactions
To prevent fraudulent transactions, merchants should:
- Conduct enhanced due diligence for high-value orders.
- Monitor transactions from unusual locations or flagged accounts.
- Cross-check customer details against fraud databases.
5. Work with banks and PSPs to report fraudulent activity
Merchants should establish strong relationships with banks and payment providers to share fraud-related intelligence. This includes:
- Reporting suspected fraudulent transactions to PSPs.
- Collaborating on fraud prevention initiatives and industry best practices.
- Ensuring compliance with PSP fraud detection policies.
6. Secure online payment gateways
Merchants should ensure their online payment systems are secure and comply with industry standards. This includes:
- Using PCI DSS-compliant payment gateways.
- Implementing encryption protocols such as TLS (Transport Layer Security).
- Regularly updating security software to prevent vulnerabilities.
7. Implement transaction limits and verification steps
To minimise potential losses, merchants can:
- Set daily transaction limits for new customers or high-risk transactions.
- Require additional verification steps for first-time or high-value purchases.
- Hold funds for additional fraud screening before processing large payments.
8. Train employees to recognise fraud attempts
Staff should be trained to detect and handle fraud risks effectively. This can include:
- Recognising signs of fraudulent behaviour, such as customers rushing transactions.
- Following protocols for verifying customer identity before processing payments.
- Knowing how to escalate suspected fraud cases to the appropriate teams.
How can payment service providers support merchants in combatting APP fraud?
Ecommpay helps merchants combat APP fraud with its award-winning risk management platform, using AI-driven fraud detection, real-time transaction monitoring, and strong customer authentication (SCA) to identify and prevent fraudulent payments.
Our risk-based scoring systems flags suspicious transactions, and our graph analysis model detects patterns of bad actors to prevent fraudulent activity proactively. Additionally, our chargeback management solution assists in recovering funds from disputed payments.
Want to find out more about how our full-stack payment processing platform can help your business grow - while keeping you and your customers safe? Let’s chat!
