Incidences of authorised push payment (APP) fraud have increased in both volume and value, according to UK Finance’s annual fraud report - despite a decrease in unauthorised fraud. The number of cases increased by 27% from 2020 to 2021, with the £583.2m losses representing a 39% increase.

APP fraud involves a victim being tricked into authorising payment from their bank account to a criminal-controlled account. As underlined in the report, the fraud can take many forms, including:

- Invoice scams: funds intended for a legitimate invoice are diverted to a criminal account, for example by impersonation of the correct payee and a false claim that bank account details have changed.

- CEO fraud: employees may receive an email purportedly from a senior colleague requesting that an urgent payment be made or that the organisation’s bank details be changed. The criminal will have used spoofing software or have gained access to the senior person’s email account to send what appears to be a legitimate email.

- Impersonation: victims are contacted by a fraudster claiming to be a representative of their bank, suggesting that their funds are under threat and should urgently be transferred into a “safe” account.

The impact of APP fraud has been starkly illustrated in recent case law, including Philipp v Barclay [2022] EWCA Civ 318, on which we reported here. It is the subject of much industry attention, with efforts to tackle it including the 2019 Contingent Reimbursement Code; the introduction of Confirmation of Payee; and a Payment Systems Regulator consultation.

UK Finance has identified the “…use of social engineering tactics through deception and impersonation scams…” as central in the increase in APP fraud, highlighting that the pandemic provided criminals with ample opportunity to employ such tactics.

As the tactics being used become increasingly sophisticated, and industry continues to debate how best to address the issue, payment service providers will need to remain aware of the threat APP fraud poses and to consider what steps can be taken to mitigate risks both to themselves and their customers.

This update was co-authored by Caroline Brown and Amy Broddle