The authorised push-payment (APP) con involves fraudsters persuading victims to transfer cash to criminals’ bank accounts.
In the first half of this year, 19,000 people lost a total of £100 million to APP scams, according to new figures published by UK Finance.
It has grown so quickly that it is now the second biggest type of payment fraud, after card fraud.
How does the scam work?
Authorised push-payment (APP) frauds involve consumers being tricked into authorising a transfer of money to an account that they believe belongs to a legitimate payee – but is in reality controlled by a scammer.
Scammers hack into the account of someone who the victim has legitimately employed – for example a builder or a solicitor – and send an email requesting a large sum of cash be transferred for work to be carried out.
People then tell their bank to take a payment from their account and transfer it to another account and the bank agrees because it’s a legitimate account.
Why do people fall for it?
The fraudsters use a tissue of lies to trick people into believing they’re genuine.
Solicitor Karen Mackie told me in a BBC Radio 4 documentary that she had been tricked into transferring £734,000 to a crook’s account in the belief that she was doing what her bank’s fraud department wanted.
As she later discovered, it wasn’t the bank that called her to warn about fraud and told her that the only way to protect her cash was to transfer to a “safe” account.
But it wasn’t safe and the money disappeared.
Thousands of people are now falling for similar scams – which can be based around house purchases, false invoices, or email hacking – and have lost home deposits or all their savings.
What can we do to stop it?
To avoid being caught out, read the following advice published by the Take Five to Stop Fraud campaign, supported and promoted by banks and building societies.
- A genuine bank or organisation will NEVER contact you asking for your PIN, full password or to move money to a safe account.
- Never give out personal or financial information. Always contact the company directly using a known email or phone number.
- Don’t be tricked into giving a fraudster access to your details. Never automatically click on a link in an unexpected email or text.
- Always question uninvited approaches, in case it’s a scam.
Why is it in the news now?
The Payment Systems Regulator is trying to devise a way to reimburse victims of APP scams.
The fact is that with transfers made to criminals’ accounts, banks are not currently technical liable for the losses because the transfers are authorised by the victim.
That means most victims can’t reclaim their money.
That unfair situation prompted consumer group Which? to launch a super-complaint a year ago.
It called for banks to better protect customers who are tricked into transferring money to a fraudster.
Since then the Financial Conduct Authority has reviewed the way banks handle APP scams.
It found banks’ procedures were inconsistent, their existing fraud detection systems could not easily detect APP scams, and they did not collect enough data.
What will happen next?
Victims of bank transfer fraud will in the future be able to apply to a formal compensation scheme under plans set out by the Payment Systems Regulator.
The new scheme should be in place by September 2018.
The regulator will also introduce new standards for banks to follow when a victim reports such a scam, which should improve victims’ experience and banks’ response times.
What should I do if I think I’ve been a victim of a scam?