The APP Scam Epidemic: Behavioral Intelligence as a Game-Changer
Authorized push payment fraud (APP fraud) is taking the world by storm, leaving victims vulnerable and damaging trust in the financial ecosystem.
With scammers evolving faster than banks can respond, and instant payments making scams harder to stop, the epidemic is growing. But what’s fuelling the rise in authorized push payment fraud? And more importantly, how can financial institutions fight back?
What is Authorized Push Payment Fraud?
Authorized push payment fraud occurs when a scammer tricks a victim into willingly authorizing a payment under false pretenses. These scams aren’t about stolen credentials or malware—they’re about manipulation. The victim thinks they’re sending money to someone legitimate, when in fact they’re being deceived.
Push payment fraud can happen through online banking, mobile apps, or platforms like Zelle, PayPal, or Revolut. And because the transaction is authorized, banks often struggle to detect it or reimburse the loss.
With the widespread adoption of the Internet and mobile banking, push payments are now accessible to most bank customers 24/7. While they offer convenience, they have also become a primary target for a specific type of fraud dominating global statistics: authorized push payment fraud, also known as APP fraud or APP scams.
Globally, APP fraud resulted in $4.38 billion in damages in 2023, according to ACI Worldwide. In the United Kingdom alone, losses totaled £459.7 million, while in the United States, damages reached $2.16 billion in the same year.
The Most Common Types of APP Scams
Fraudsters tailor their scams to hit victims where they least expect it. The top types include:
- Purchase Scams – Victims are tricked into buying goods or services that never arrive.
- Investment Scams – High-return promises lure victims into sending money to fake ventures.
- Romance Scams – Scammers build online relationships to gain trust before requesting money.
- Impersonation Scams – Victims are contacted by someone pretending to be a trusted figure—like a bank rep or law enforcement officer.
Global data shows that purchase scams, investment scams, and advance payment scams each account for 18% of APP fraud cases, making them the top three types. They are followed by impersonation scams (15%) and invoice scams (11%).
Instant Payments Driving Authorized Push Payment Fraud
The worrying trend of APP fraud is exacerbated by another technological development: the rise of instant payments. Real-time payments are great for consumers. But for scammers? They’re a dream. Transactions complete in seconds, leaving no time for second thoughts or reversals.
This, of course, has huge benefits for consumers and businesses, and instant payments are often hailed as the future of transactions. According to a new study by Juniper Research, the instant payments market is projected to grow by 161%, rising from $22 trillion in 2024 to over $58 trillion globally by 2028.
Unfortunately, the increasing prevalence of instant payments is also benefiting scammers. A key element of most social engineering tactics is to pressure the victim, creating a sense of urgency that prevents them from thinking rationally or critically evaluating the situation. Instant payments amplify this pressure, as fraudsters exploit the demand for speed. By the time the victim recovers and realizes they have been scammed, the money has usually already disappeared—lost in a chain of transactions through the accounts of money mules.
It is therefore not surprising that the proportion of APP scams involving instant payments is increasing. According to ACI Worldwide, instant payments accounted for 63% of APP scam damage between 2023 and 2024, but by 2028, this share is projected to climb to 80%. This would result in an increase of more than $3.3 billion, bringing the total to $6.1 billion lost in APP fraud over real-time payment rails.
Discover how to scam-proof the future
The Problem of APP Fraud Reimbursement
Considering the huge—and rising—losses that APP scams cause, it’s not surprising that APP fraud has quickly becoming a major driver of change in fraud-liability frameworks.
Until recently, most regulators mandated banks to compensate customers for unauthorized fraud, such as the compromise of account credentials. APP scams were often overlooked because the fraudulent payment is initiated by the customer themselves—albeit under deception by the fraudsters.
However, 2024 brought significant changes in this respect, addressing a common consumer question: “Can I get my money back from an authorized push payment fraud?” In the UK, the mandatory reimbursement regulation came into force, representing a bold step in protecting consumers from APP fraud. The PSR’s new rules, which took effect on 7 October 2024, require all UK banks, building societies, payment providers, and e-money firms to reimburse victims of APP fraud up to £85,000.
It is likely that other regions will closely monitor progress and draw on the UK’s outcomes to shape their own local policies, including the highly anticipated final proposal of the EU’s Payment Services Directive (PSD3).
One thing is quite clear. Although imposing new costs on banks, compensating scam victims mitigates the major negative consequence of fraud—losing customers. Data supports this: while globally, 1 in 4 victims chose to leave their financial institution following an APP scam, in the UK, the majority of consumers chose to stay with their existing provider. Only 13% of UK victims ended their relationship with their financial institution.
On the other side of the Atlantic, in the US, where victims of APP fraud have no legal protection and the decision to compensate rests entirely with the banks, more than 30% of victims chose to leave their existing financial institution.
Learn more about the news in fraud liability
How to Prevent APP fraud
Given the profound impact APP scams have on customers and the fact that a significant number of victims opt to switch banking institutions, detecting and preventing APP fraud is critical for banks.
In addition, fraudsters have recently begun using artificial intelligence in APP fraud, taking their schemes to a whole new level. AI is leveraged to automate attacks, enhance scam content, expand scope and reach, and drive more effective social engineering techniques. Moreover, cybercriminals are reaping rewards more easily by using synthetic identities to set up receiving accounts that bypass traditional controls.
To protect both customers and reputation from increasingly sophisticated APP scams—especially in a world where payments are completed in seconds—financial institutions (FIs) and payment service providers (PSPs) must keep pace with fraudsters by leveraging artificial intelligence. Advanced AI technologies are uniquely equipped to detect and prevent fraud, including complex schemes such as social engineering, deepfakes, SCA manipulation attempts, and synthetic identity fraud.
Enter Behavioral Intelligence
An example of a technology that leverages AI to successfully prevent fraud is behavioral intelligence. This approach uses artificial intelligence and machine learning to establish a user’s normal behavioral baseline—defining what is typical based on various factors, such as transactional habits, device usage, location, and interactions within a banking interface.
Behavioral intelligence addresses a problem faced by many banks and PSPs with outdated systems: how to detect APP fraud when a payment is initiated by a legitimate customer, from a regular location, using their own device that is not infected with malware. This is an almost impossible task for legacy rule-based anti-fraud systems.
However, behavioral intelligence can detect even small deviations from normal behavior, which—when combined with other indicators—can reliably uncover fraud. This includes unusual activity within the banking interface, an ongoing phone call, frequent switching of the banking app between foreground and background, an unfamiliar payee, or other anomalies.
Based on these subtle yet telling indicators, behavioral intelligence can effectively detect signs that specifically point to APP fraud—all in real time, an essential feature in a world increasingly dominated by payments processed within seconds.
Why Banks Need to Act Now
Behavioral intelligence (such as our Behavioral Intelligence Platform) can protect bank customers from fraud effectively without disrupting their customer experience. This is crucial for banks not only due to the shift in fraud liability but also because APP fraud leaves an indelible wound on customer trust. It’s worth reminding that up to 30% of US APP scam victims choose to switch financial institutions.
In an increasingly competitive environment, banks and PSPs cannot afford to lose customers due to their inability to prevent fraud. Investing in behavioral intelligence will therefore result in long-term gains.
Learn more about behavioral intelligence
Related Articles
-
April 15, 2025
Account Takeover Fraud: Everything You Need to Know for Prevention
Account takeover is a fraudster’s holy grail.
John Fick, a fraud prevention expert on the Behind Enemy Lines podcast,...
-
March 21, 2025
Norway’s Wake-Up Call from an $80M Crypto Scam
Norwegian authorities recently charged four men in connection with an $80 million cryptocurrency fraud.
What does this case...
-
February 7, 2025
Why Underreporting Holds Back Fraud Prevention
Underreporting of digital fraud is a well-known global issue—but just how widespread is it?
The answer isn’t simple,...