Tackling APP Fraud in the US: Behavioral Intelligence as a Tool
Authorized push payment (APP) fraud is among the most common types of financial deception encountered in the US today.
In these schemes, fraudsters persuade victims to authorize the transactions themselves. This is a significant challenge for banks and credit unions tasked with detecting such fraud. What measures can these institutions implement to combat this escalating threat?
APP fraud typically involves a fraudster getting their victim to make an authorized payment under false pretenses. APP fraud takes many forms but it is often the result of social engineering and the widespread increase of schemes ranging from impersonation to romance and investment scams. Although the term ‘APP fraud’ itself, as a separate classification of fraud, has been established mainly in the UK and consequently in Europe, the problem is being tackled by financial institutions around the world. The Fraud Classifier Model, a useful guide to fraud categorization used in the United States, also divides fraud into authorized and unauthorized.
APP fraud in the US: Data and challenges
The growing threat of APP fraud is confirmed by the data. According to a 2023 ACI Worldwide report, APP fraud was the number one fraud tactic globally. In the UK, for example, APP fraud accounted for a full 40% of fraud losses in 2022—specifically £485.2 million in damages. It’s safe to assume that APP fraud is also responsible for a significant portion of the $10 billion lost by US consumers due to fraud in 2023, especially given that imposter fraud was the most common type of fraud reported.
APP fraud is particularly rampant in countries with a developed real-time payments (RTP) market, as fraudsters take advantage of the speed and simplicity of transactions. European countries have experienced this firsthand. In the UK, instant payments have been available under the Faster Payments system since 2008. Sweden and Poland also became early adopters in 2012. Additionally, the EU introduced a unified system, SEPA Instant Credit Transfer (SCT Instant), in 2017.
The United States should be particularly vigilant in this regard. The US real-time payments market is in its relative infancy and is expected to grow dynamically after the US Federal Reserve launched FEDnow—an instant peer-to-peer payment service—in the summer of 2023.
Zelle and the real-time scam
American consumers have already encountered the issue of APP fraud related to real-time payment rails in the case of the peer-to-peer (P2P) payment service Zelle. This largest P2P payment network in the US enables instant payments to customers of major US banks and credit unions. By partnering with large financial institutions, Zelle has given many users the impression that payments through the app are just as secure as payments that are backed directly by a bank. Unfortunately, many of these users have fallen victim to fraudsters—a lawmakers’ investigation estimated that by 2021, Zelle users lost up to $440 million to various types of fraud.
Until recently, however, Zelle offered no protection against authorized payments made due to scams. It was only after the number of fraud victims increased—and along with it, pressure from lawmakers—that banks in the Zelle network began to compensate victims of impersonation scams.
Regulators addressing APP fraud
Compensating victims of impersonator scams that sent money through Zelle sets an important precedent in the US. With the growth of real-time payments, it is expected that the number of victims of APP fraud will continue to increase. The UK has already experienced a similar situation, providing a model the US could follow. APP fraud is the most common fraud in the UK, and a full 90% of incidents occur through instant payments rails, based on UK Finance data. Therefore, the regulator has ordered UK banks to compensate victims of APP scams effective October 2024.
In the US context, reimbursing APP fraud victims would represent a big step. Currently, banks, credit unions, and other institutions only must compensate victims of fraud if the payments are unauthorized. Regulation E, also known as the Electronic Funds Transfers Act, directs them to protect customers in the case of unauthorized fraudulent transactions, but that does not apply to APP fraud.
As Zelle’s example demonstrates, the change in liability for fraud conducted through authorized payments is a topical issue. With the UK leading the way, we can expect increasing pressure from regulators to shift liability for APP fraud damages from defrauded individuals to financial institutions in many other countries including the US.
Read more about the liability shift
How to fight APP fraud
Given the current wave of successful frauds in the US, as evidenced by the all-time high fraud losses in 2023, shifting liability to banks and credit unions is logical. Financial institutions have a much larger arsenal — i.e. financial, expert, and personnel resources—to successfully combat the surging fraud.
However, preventing authorized payments made by customers under the influence of a fraudster is a specific discipline where many traditional detection mechanisms based on traditional approaches fail. Since the customer initiates the payment themselves, it is very difficult for the bank to detect that the payment is fraudulent. Everything appears normal; the customer passes authentication, uses their device, is in the same place as usual and the system does not detect any malware either.
For a bank’s anti-fraud system to effectively detect the risk associated with APP fraud, it needs to utilize the most advanced technology, backed by artificial intelligence and real-time detection. Especially in a world where more and more transactions are completed in seconds.
Utilize the power of behavioral intelligence
Behavioral intelligence-based systems, such as ThreatMark’s Behavioral Intelligence Platform, are particularly effective in the fight against APP fraud. Their key advantage is the ability to establish a user’s normal behavioral baseline—that is, to define what is normal given a wide range of factors. This includes transactional habits, device usage, location, or even interactions within a banking interface. Based on this data, behavioral intelligence systems can then effectively detect anomalies that specifically point to APP fraud.
This is because even though the user authorizes the fraudulent payment themselves, from a behavioral intelligence perspective their behavior changes. An uncommon sum, an unusual transaction time, a payee from a foreign country, a call occurring simultaneously with a transaction, and a large number of other biometric, transactional, device, or other anomalies may indicate APP fraud. Behavioral intelligence can detect all of these in real time and stop the transaction before the money leaves the victim’s account.
ThreatMark’s solution is also highly reliable and as a result, reduces the number of false positives more than any other solution on the market. There is no need to worry that implementing behavioral intelligence will negatively affect customer retention as the system is highly pro-customer and reduces the need for two-factor authentication by up to 90%. This improves the user experience while also increasing protection against APP fraud.
What this means for financial institutions
The upcoming shift in liability for APP fraud places direct financial impacts on banks and credit unions, necessitating robust anti-fraud mechanisms. These systems are essential not only for mitigating losses but also as a competitive advantage that enhances customer trust and retention. Effective fraud prevention protects the institution’s assets and bolsters its reputation, making it a preferred choice for consumers wary of fraud. In turn, this trust helps retain customers and attract new ones, supporting the institution’s growth and sustainability in a competitive market.
By prioritizing advanced fraud detection, financial institutions can transform the challenge of APP fraud into an opportunity for differentiation and improved customer service.