Authorized push payment (APP) fraud occurs when a payer is deceived into making an electronic payment form their own account into an account controlled by a fraudster. APPs can be facilitated through financial institutions' mobile or internet banking applications or via third-party platforms, allowing for payment between individuals or businesses, anywhere, on any device, 24 hours a day, seven days a week. It differs from other types of fraud because the payer authorizes the payment.
UK Finance data on APP fraud show there were 43,875 cases of APP fraud and total losses of £236 million in 2017.
Victims believe they are paying a known, legitimate payee, but are instead tricked into making a push payment to a scammer's account.
Victims make a push payment to people they believe are legitimate, but who later turnout to be scammers.
There is the possibility in the near future that payment service providers and financial institutions may have to reimburse customers who fall victim to push payment fraud.
Our platform improves the efficiency of data sharing for identifying confirmed bad actors and reduces the cost of know-your-customer fraud prevention measures. We help payment service providers more quickly and easily spots fraudsters.
COMPROMISED identifies stolen PII and delivers scored risk intelligence to help flag high, medium and low-level vulnerabilities for new account creation or account takeover. Risk scoring can be performed by single data descriptors or by weighting all of an individual’s exposed credentials
Our workflows let you set up rules whenever specified events occur. These rules enable you to route users to different outcomes based on the risk score. When you send COMPROMISED an API call, the output of your workflow is immediately returned to help your risk engine make a time sensitive decision.
Risk scores are requested at the key events where fraud or abuse occurs (e.g. ask for score when sending a create order event, open new account, login to existing account, etc.).
How Authorized Push Payments risk could be scored when considering compromised credentials: