Essential Tips to Safeguard Against APP Fraud: A Comprehensive Guide

Technology has sparked wonders in the financial sector, streamlining business processes and enabling a more globalised economy through ever-evolving innovations like AI and blockchain, which have now become the norm. 

Despite this, cyber security remains the major challenge, as threat actors continue to exploit financial consumers whether they know it or not. One of the most common cyber threats to date is the APP (Authorised Push Payment) fraud, and if you are reading this, you are in the right place. 

This article delves into an overview of everything you need to know about APP fraud, including the recent changes to the fraud reporting procedure as of October 2024 and steps you can take to prevent yourself from getting scammed.   

Understanding APP Fraud

In 2023, APP fraud alone caused 341 million in losses to many unfortunate victims in the UK, with over 224,000 reported incidents (a 12% increase in volume from 2022). APP fraud continues to be a major thorn in the side of financial institutions. 

So, what does APP fraud look like in practice? Simply put, it is when a scammer pretends or poses to be a legitimate, trusted company and entices unknowing victims into making a bank transfer to them. Their common tactic is creating a false sense of urgency along the lines of “Take action now before you lose your [asset]” or “Your account has been withheld due to X; please make your payment immediately.” 

If someone falls prey and sends money to this account, the money will be promptly moved elsewhere without a trace, and victims will only know until their actual financial institution sends them payment alerts (often, this is the stage where it’s already too late). 

Scammers can also use very similar email addresses to trusted companies, such as using “.co.uk” instead of “.com” or using two v’s in domain names (@abclaw.com vs @abclavv.com). The difference can be very subtle, so you need to be vigilant. 

Reporting APP Fraud 

If you think you have been scammed, please do the following: 

1. Contact your bank immediately and inform them of the fraudulent payment. 
2. Report the fraud by calling 0300 123 2040 (if you reside in England or Wales) or the police at 101 (if you reside in Scotland). Alternatively, you can also report fraud on Action Fraud’s website.
3. Take note and follow their instructions. 
4. If you got scammed on or after 7 October 2024, you may be eligible for reimbursement under the MRR (Mandatory Reimbursement Regime); please see below. 

Mandatory Reimbursement Rules (Updated as of October 2024)

For context, there was a voluntary code for reimbursing APP fraud victims called the Contingent Reimbursement Model (CRM), and it proved helpful as the system was able to return a majority of the losses through APP fraud. However, due to its voluntary nature, many institutions were not obligated to reimburse their customers as they were not signatories. 

Hence, the MRR was formed to address this on 7 October 2024, requiring all sending payment service providers (PSPs) to reimburse APP fraud victims. As an incentive, the sending payment service providers will then be able to seek half of the reimbursement cost from the receiving payment service provider. 

Reimbursement Eligibility Requirements 

To be eligible for the reimbursement, you must:

• Ensure your payment occurred on or after October 7, 2024.
• Report to your bank within 13 months.
• Be a smaller charity or,
• Comprise under ten employees and have under £2 million (annual turnover). 

You won’t be eligible if any of the following applies to you: 

• You did not take the necessary steps to meet the Consumer Standard of Caution. 
• You made an unlawful payment (e.g., buying something illegal).
• You made a civil dispute (e.g., being dissatisfied with a product/service from a legal business).
• You made a false claim.
• Your payment was sent or received from a credit union, national savings, or municipal bank account. 
• Your payment was sent to an account you own or manage. 

Note: The maximum amount you can get reimbursed for each claim is capped at £85,000. 

Knowing the Customer Standard of Caution

The CSC is a responsibility that you, as a customer, must uphold. This includes: 

1. Heeding and acting on any alerts or warnings from your bank or law enforcement. 
2. Immediately contact your bank the moment you realise you’ve been scammed. 
3. Providing timely responses to requests, such as additional information your bank needs to support your claim (if you choose to file one). 
4. Reporting fraud to the police or permitting your bank to report it for you. 

Note: Not complying with any of the above will result in ineligibility for reimbursement. 

Preventive Measures Against APP Fraud

No one likes getting scammed, especially if you are just starting out as a business. Here are some steps you and your business can take to mitigate the risks of getting scammed. 

1. Pause and think: If you are being pressured or led to a sense of urgency to make a payment quickly, that’s where you have to raise the red flag. No legitimate company would ever urge you to make a payment that urgently. 
2. Double-check: Better safe than sorry. Always confirm by independently contacting the legitimate company through their website or phone on the request. 
3. Never take a phone number at face value. Be mindful that even phone calls or texts can mimic a legitimate company. If you receive an unexpected text or call, dial 159 to verify the call. 
4. If it is too good to be true, it usually is: Trust your intuition. 
5. Do your due diligence: Research the company you’re sending the money to through independent reviews and determine whether or not they belong to the relevant regulatory body, such as being FCA registered. 

Safeguarding Your Business Against APP Fraud

As tedious as these guidelines can be, it doesn’t hurt to go the extra mile, especially concerning your business’ finances. As doctors say, prevention is always better than medication. Taking preventive measures is the way to combat APP fraud proactively. 

Conducting business transactions should feel and be safe, which is why we at Omega take your security and financial safety very seriously. 

Omega takes pride in being authorised and regulated by the FCA, securely safeguarding customer funds in top-tier banks, and encrypting financial information with the highest security standards. That’s one of the many things we can do for you and your business. 

Learn more about how Omega can grow safely.

Disclaimer.