Financial deception in its modern form
In the ever-evolving digital landscape, financial institutions are facing a significant challenge: the multi-stage Attempted Authorized Push Payment (APP) scam. This sophisticated scheme, responsible for billions in annual losses, combines technology and psychological manipulation to deceive unsuspecting victims.
The APP scam typically begins with a phishing technique, where the victim is contacted via email or text message, creating a sense of urgency with phrases like "A fraudulent transaction has been detected on your account." The victim is then guided step-by-step through adding a new fraudulent account as a payee and executing the transfer, while the transaction appears routine to the bank.
Traditional fraud systems often fail to detect APP scams, as they focus on credentials and transaction details in isolation, missing the manipulation that preceded the transaction. To combat this, financial institutions are investing in advanced analytics that can help detect manipulation by establishing a baseline of normal activity for each user, learning their typical sequence and timing of actions.
One such company specializing in the development of specialized technologies for fraud prevention is Veridas. Trusted by over 300 organizations worldwide, Veridas offers advanced end-to-end fraud defense technology. As part of a collaborative partnership, financial institutions can co-create a strategic roadmap, implement and fine-tune the right technology stack, and establish a framework for continuous monitoring and model improvement.
Modern fraud detection integrates various customer touchpoints into a single, cohesive identity graph, linking their primary phone, work laptop, home IP address, typical login times, session duration, and transaction history. Systems should also enrich raw transaction logs with internal and external intelligence, including the reputation of devices and IP addresses, association with VPN or proxies, device history, payee account number history, and recent transactions to other customers.
A comprehensive defense against APP scams requires a unified approach that considers data, identity, and context throughout the customer's digital journey. This approach includes a layered response, with a spectrum of intervening friction applied from low-risk notices to medium-risk step-up challenges, to high-risk liveness checks and transaction holds for potential deepfake attacks.
Regulators and consumer advocates argue that financial institutions have a duty of care to flag suspicious activity, especially when behavioural anomalies or contextual red flags arise. Strengthening customer trust is also a crucial measure of success, extending beyond just reducing fraud losses. Financial institutions must demonstrate that they are truly looking out for their customers' financial well-being.
The liability landscape for APP scams is complex, with banks potentially arguing that the customer is responsible for authorizing the transaction. However, by investing in intelligent fraud detection systems and transparent communication protocols, financial institutions can build a resilient defence against APP scams and protect both their customers and their reputation.
APP scams often begin with stolen data from non-financial breaches, such as hotel chains, loyalty programs, or social media platforms. Integrated threat feeds can provide powerful confirmation when a payee account is on a watchlist for mule activity or shared on private Discord servers for scammers. By lowering false positive rates, a successful partnership aims to improve the customer experience by minimizing unnecessary interruptions and frustrations.
In conclusion, the fight against APP scams requires a united effort from financial institutions, regulators, and technology experts. By adopting advanced analytics, enriching data with intelligence, and integrating threat feeds, financial institutions can build a resilient defence against APP scams and protect their customers' financial well-being.
