The widespread adoption of person-to-person (P2P) payment apps and services has fueled a surge in credit-push payment volume, a trend that has been further accelerated by the recent introduction of real-time payments in the United States.
As this payments landscape continues to evolve rapidly, fraudsters are seeking fresh avenues to exploit unsuspecting individuals, and credit-push scams, often referred to as authorized push payment (APP) fraud, have become a staple in their arsenal of tactics.
According to a Jan. 29 blog post by the Federal Reserve Bank of Atlanta, instances of APP fraud, whereby a criminal tricks an individual or business into transferring funds to the fraudster’s account, necessitate “a shift in our curriculum, mitigation techniques, and approach to consumer protection.”
This is especially critical because the Consumer Financial Protection Bureau’s (CFPB) Regulation E (Reg E), which broadly speaking covers P2P or mobile payment transactions and settles disputes between consumers and banks, is limited to unauthorized payments.
“The regulation offers no protection when the account-owning consumer is tricked into authorizing or mistakenly authorizes sending money to a criminal,” according to Jessica Washington, assistant vice president in the Retail Payments Risk Forum at the Atlanta Fed and author of the blog post.
In the U.K., APP fraud has also emerged as a significant challenge, surpassing other types of crimes in frequency.
According to the latest data from the country’s Payment Systems Regulator, APP fraud constituted a staggering 40% of all fraud losses in 2022, with the Trustee Savings Bank (TSB) alone refunding over 90% of the total value of APP fraud losses for that year. Nationwide, HSBC, and Barclays also refunded portions, with rates of 78%, 73% and 70% respectively.
Kate Frankish, chief business development officer and anti-fraud lead at Pay.UK, highlighted the challenge financial institutions (FIs) face in detecting these scams in an interview with PYMNTS last year: “From a bank’s perspective, it looks like a real payment, because the customer authorized it using all of their credentials. But it’s either going to an account that doesn’t belong to them or it’s going to a real person who has been scammed out of the money.”
Last year, Mastercard joined forces with nine British banks — including Lloyds Bank, NatWest, Monzo and TSB — to fight fraud, leveraging the company’s AI-powered consumer fraud risk solution to spot real-time payment scams and block a payment before money leaves the victims’ accounts.
TSB, an early adopter of Mastercard’s Consumer Fraud Risk tool, reported an improvement in fraud detection within just four months of implementation. In fact, the bank reported a dramatic spike in the number of blocked scam payments, estimating the saved amount across the U.K. to be nearly £100 million annually.
This success story dovetails into recent PYMNTS Intelligence research that highlights how, due to the increasing sophistication of fraud, FIs are reallocating resources toward bolstering their fraud detection and management systems.
In fact, the study found that more than 70% of FIs with assets of at least $5 billion were using both AI and machine learning (ML) solutions to combat fraud as of last year, marking an increase from 34% in 2022. For firms with asset sizes exceeding $100 billion, the study revealed that almost all were embracing AI/ML technologies.
Other commonly used technologies include fraud prevention APIs, web-based multifactor authentication, and adaptive authentication. Specifically, 90% of FIs leverage fraud prevention APIs, while 80% of FIs have implemented both adaptive authentication and web-based multifactor authentication measures.
The promising aspect is that FIs using these advanced technologies are “likelier to experience a decrease in the overall fraud rate and less likely to see an increase in the overall fraud rate,” as highlighted in the report.