The APP Scam Epidemic: Behavioral Intelligence as a Game-Changer
Authorized push payment (APP) scams are taking the world by storm, leaving victims vulnerable and damaging trust in the financial ecosystem.
What’s fueling their rise, and how can banks fight back?
Understanding the context behind the rise of authorized push payment (APP) scams is essential. But first—what exactly is an authorized push payment? Simply put, it is a monetary transaction initiated by the payer, who willingly authorizes the transfer of funds to a recipient. This includes transactions made through online banking, mobile apps, or peer-to-peer payment platforms like Venmo, PayPal, Revolut, or Zelle.
With the widespread adoption of the Internet and mobile banking, push payments are now accessible to most bank customers 24/7. While they offer convenience, they have also become a primary target for a specific type of fraud dominating global statistics: authorized push payment fraud, also known as APP fraud or APP scams.
What is authorized push payment fraud?
Authorized push payment (APP) fraud is a type of fraud in which victims are manipulated into making authorized payments to fraudsters, typically through social engineering attacks. Examples of APP scams include impersonation scams, investment scams, purchase scams, and romance scams, among others.
Globally, APP fraud resulted in $4.38 billion in damages in 2023, according to ACI Worldwide. In the United Kingdom alone, losses totaled £459.7 million, while in the United States, damages reached $2.16 billion in the same year.
Global data shows that purchase scams, investment scams, and advance payment scams each account for 18% of APP fraud cases, making them the top three types. They are followed by impersonation scams (15%) and invoice scams (11%).
Instant payments driving APP fraud
The worrying trend of APP fraud is exacerbated by another technological development: the rise of instant payments, where funds are received in 10 seconds or less, and payment confirmation is provided within a minute.
This, of course, has huge benefits for consumers and businesses, and instant payments are often hailed as the future of transactions. According to a new study by Juniper Research, the instant payments market is projected to grow by 161%, rising from $22 trillion in 2024 to over $58 trillion globally by 2028.
Unfortunately, the increasing prevalence of instant payments is also benefiting scammers. A key element of most social engineering tactics is to pressure the victim, creating a sense of urgency that prevents them from thinking rationally or critically evaluating the situation. Instant payments amplify this pressure, as fraudsters exploit the demand for speed. By the time the victim recovers and realizes they have been scammed, the money has usually already disappeared—lost in a chain of transactions through the accounts of money mules.
It is therefore not surprising that the proportion of APP scams involving instant payments is increasing. According to ACI Worldwide, instant payments accounted for 63% of APP scam damage between 2023 and 2024, but by 2028, this share is projected to climb to 80%. This would result in an increase of more than $3.3 billion, bringing the total to $6.1 billion lost in APP fraud over real-time payment rails.
Discover how to scam-proof the future
The problem of APP fraud reimbursement
Considering the huge—and rising—losses that APP scams cause, it is unsurprising that this type of fraud has quickly become a topic of debate and a major driver of change in fraud-liability frameworks.
Until recently, most regulators mandated banks to compensate customers for unauthorized fraud, such as the compromise of account credentials. APP scams were often overlooked because the fraudulent payment is initiated by the customer themselves—albeit under deception by the fraudsters.
However, 2024 brought significant changes in this respect, addressing a common consumer question: “Can I get my money back from an authorized push payment fraud?” In the UK, the mandatory reimbursement regulation came into force, representing a bold step in protecting consumers from APP fraud. The PSR’s new rules, which took effect on 7 October 2024, require all UK banks, building societies, payment providers, and e-money firms to reimburse victims of APP fraud up to £85,000.
It is likely that other regions will closely monitor progress and draw on the UK’s outcomes to shape their own local policies, including the highly anticipated final proposal of the EU’s Payment Services Directive (PSD3).
However, one thing is quite clear. Although imposing new costs on banks, compensating scam victims mitigates the major negative consequence of fraud—losing customers. Data supports this: while globally, 1 in 4 victims chose to leave their financial institution following an APP scam, in the UK, the majority of consumers chose to stay with their existing provider. Only 13% of UK victims ended their relationship with their financial institution.
On the other side of the Atlantic, in the US, where victims of APP fraud have no legal protection and the decision to compensate rests entirely with the banks, more than 30% of victims chose to leave their existing financial institution.
Learn more about the news in fraud liability
How to mitigate APP fraud
Given the profound impact APP scams have on customers and the fact that a significant number of victims opt to switch banking institutions, detecting and preventing APP fraud is critical for banks.
In addition, fraudsters have recently begun using artificial intelligence in APP fraud, taking their schemes to a whole new level. AI is leveraged to automate attacks, enhance scam content, expand scope and reach, and drive more effective social engineering techniques. Moreover, cybercriminals are reaping rewards more easily by using synthetic identities to set up receiving accounts that bypass traditional controls.
To protect both customers and reputation from increasingly sophisticated APP scams—especially in a world where payments are completed in seconds—financial institutions (FIs) and payment service providers (PSPs) must keep pace with fraudsters by leveraging artificial intelligence. Advanced AI technologies are uniquely equipped to detect and prevent fraud, including complex schemes such as social engineering, deepfakes, SCA manipulation attempts, and synthetic identity fraud.
APP scams vs. behavioral intelligence
An example of a technology that leverages AI to successfully prevent fraud is behavioral intelligence. This approach uses artificial intelligence and machine learning to establish a user’s normal behavioral baseline—defining what is typical based on various factors, such as transactional habits, device usage, location, and interactions within a banking interface.
Behavioral intelligence addresses a problem faced by many banks and PSPs with outdated systems: how to detect APP fraud when a payment is initiated by a legitimate customer, from a regular location, using their own device that is not infected with malware. This is an almost impossible task for legacy rule-based anti-fraud systems.
However, behavioral intelligence can detect even small deviations from normal behavior, which—when combined with other indicators—can reliably uncover fraud. This includes unusual activity within the banking interface, an ongoing phone call, frequent switching of the banking app between foreground and background, an unfamiliar payee, or other anomalies.
Based on these subtle yet telling indicators, behavioral intelligence can effectively detect signs that specifically point to APP fraud—all in real time, an essential feature in a world increasingly dominated by payments processed within seconds.
Behavioral intelligence (such as our Behavioral Intelligence Platform) can thus protect bank customers from fraud effectively without disrupting their customer experience. This is crucial for banks not only due to the shift in fraud liability but also because APP fraud leaves an indelible wound on customer trust. It’s worth reminding that up to 30% of US APP scam victims choose to switch financial institutions.
In an increasingly competitive environment, banks and PSPs cannot afford to lose customers due to their inability to prevent fraud. Investing in behavioral intelligence will therefore result in long-term gains.
Learn more about behavioral intelligence
Related Articles
-
March 21, 2025
Norway’s Wake-Up Call from an $80M Crypto Scam
Norwegian authorities recently charged four men in connection with an $80 million cryptocurrency fraud.
What does this case...
-
February 7, 2025
Why Underreporting Holds Back Fraud Prevention
Underreporting of digital fraud is a well-known global issue—but just how widespread is it?
The answer isn’t simple,...
-
January 29, 2025
Authorized Fraud: A Growing Challenge for Italy’s Fraud Prevention
Despite Italy’s robust cybersecurity infrastructure, the country hasn’t been immune to the rising tide of digital fraud.
In recent...