The financial services industry has done a good job safeguarding consumers from third-party fraud — that age-old ruse in which bad actors steal personal information, card numbers or passwords to access victims’ bank accounts.
“They’ve needed the ‘next’ biggest return on investment,” said Excell. “Authorized pushed payments (APP) fraud is where they’ve focused their efforts.”
Social engineering and the great digital shift have given criminals the ways and means through which to disguise themselves as company or bank officials, and even as friends or family. They contact unwitting victims and trick them into using Zelle, Venmo or other options to send them money (and then, of course, disappear).
The consumers are logging into their bank accounts and are moving money — but as they are moving money under false pretenses, they do not get the goods or services that have been promised. For the fraudsters, the payoff is great and the schemes are effective. Instead of hacking into an account, they get the consumer to do the hard work as they push those payments out.
In the meantime, since the transactions have been authorized and are irrevocable, the window to address the fraud closes quickly, and the banks, by and large, bear no responsibility for the transactions.
To get a sense of scale, consider the fact that APP fraud in the United Kingdom amounted to £583 million (about $711 million) last year as financial fraud in the country increased 39% from the previous year.
APP is the fastest growing fraud trend, Excell said, in part because APP can be used as part of any number of scams, tricking individuals with the promise of romance, or duping delivery companies to release goods — or even promising to help individuals emigrate to new countries and cross borders.
“The scammers are just beginning to explore the space,” said Excell.
The lure is so great that more people than ever, faced with macro pressures and the threat of a looming recession, are joining the fraudsters’ ranks in a bid to make some quick money. One illustration comes with a scam that gained currency in the throes of the pandemic: Excell called it the “puppy dog scam.”
So many of us wanted some furry companionship. Scores of cyberthieves promptly went online, posted pics and details of non-existent litters designed to tug at our collective heartstrings — and get consumers to send money via push payments.
Inhibiting Decision Making
“These scams are designed to inhibit the decision-making that someone would normally embrace, and they realize only much later that they’ve been victimized,” said Excell.
To guard against APP, Excell said that more education is needed on the part of consumers. But the financial institutions (FIs), too, need to have the controls in place, via the right technology, to identify when transactions are “out of character” and prompt consumers to verify that a transaction/receiving party is indeed legitimate. Additional prompts can be critical in slowing down fraud.
Looking ahead, he said, the regulatory environment is likely to shift a bit to follow what’s been seen in the U.K., as banks have embraced a “contingent reimbursement model” that makes consumers whole in the event of APP.
At the moment, though, vigilance remains a key line of defense, as Excell told PYMNTS that text messaging will remain a favored channel of APP. Texts tend to gain an instant response, and the texters can spoof numbers and identities, send links and disappear in a hurry.
“There’s going to be a floodgate across all these channels and schemes,” he said.