In this latest edition of his ‘all things financial crime’ series, Starling’s financial crimes specialist Laurie Hood looks at the world of Authorised Push Payment Fraud, also known as APP Fraud or simply push fraud. It comes amid proposed reforms by regulators to assist push fraud victims.
So, what exactly is APP Fraud?
You’re forgiven if you haven’t heard of it, but it’s certainly something you’ll want to be aware of. Authorised Push Payment Fraud (not the easiest title to roll off the tongue), frequently involves an unscrupulous individual posing as a legitimate company – commonly by issuing a payment demand via telephone, intercepted mail, hacked email or similar.
For those tricked into making the payment the impacts can wide ranging and potentially life-changing.
A typical scam
You are planning on some property renovation and you’ve hired a building firm to complete that long-awaited loft conversion – you’ve agreed a fee and a date for the work to commence, very exciting.
You receive an email from an address incredibly similar to the one you’ve been corresponding with, or even from the exact email address, requesting payment to be made to the company’s account. You’re familiar with the company and have an agreement in-place, why would you have any reason to doubt the legitimacy of the contact?
You transfer the funds from your account and await further instruction. Sounds pretty normal, doesn’t it?
A few days pass and you haven’t heard anything. You chase the company. You then discover that the company have not requested payment and do not own the account that you’ve sent funds to.
I know this is an example, but alarm bells are ringing, aren’t they? Sadly, such payments are almost immediate by nature and the funds can often be emptied from the fraudulent account in a matter of hours, often becoming unrecoverable.
This is by no means is the only plausible example of this type of fraud. If you follow the news you may have heard stories of victims losing life savings or entire property deposits, in good faith, with fraudsters posing as legitimate banks, CEOs of a company or conveyancing solicitors, just to name a few.
It’s very easy to see how the most suspicious-minded of us could fall victim to the above, especially at its most sophisticated.
Taking time to think and being vigilant are key; you should never automatically assume any emails, texts or calls are genuine.
Below are five tips that you may wish to consider when receiving a payment request.
Is this unusual?
Does the request seem unusual in any way, for example is payment being requested earlier than expected, or for an amount different to that previously discussed?
Was the contact outside of usual business hours? Was it unusually urgent, or demanding?
If you have any doubts at all, you should contact the company directly using publicly available contact details, not those on the email or left on a voicemail.
If the fraudster is using a false email, there may be subtle changes in the address such as using a zero, instead of an ‘O’, or omitting a single letter. There may be more obvious amendments, such as using a popular email provider inbox, rather than a company’s dedicated email account.
Is the email from the same person you’ve been communicating with? Is their name, email signature or company logo correct and of the quality you would expect from a legitimate organisation? If not, consider contacting the company directly to check – they won’t mind!
Tone & grammar
Are there spelling errors that you wouldn’t expect from a legitimate company? Are sentences structured incorrectly, or is the email generic and not addressed to you by name?
These should all be red flags for you to take your time and make further enquiries with the business.
Is the caller or email pressuring you to make a decision or take immediate action? This should ring alarm bells. Take your time, think through the request – you’re in control.
If you’re not convinced the caller or email is legitimate, end contact and speak with the company directly, to confirm the legitimacy of the caller and request.
Still not happy? Something doesn’t feel right? It might take a few minutes out of your day, but contact the company directly and enquire – they won’t mind, you might just alert them to a fraudster purporting to represent them and it will give you peace of mind!
If you’ve read this blog and you think you’ve been a victim of APP Fraud – you should report it to your bank and contact Action Fraud, the UK’s national reporting centre for fraud and cyber crime.
What redress is there?
As things stand, victims of push fraud are not automatically entitled to reimbursement from their bank, as the payment is often viewed as having been authorised by the account holder. However, this doesn’t mean that your bank is unable to help. Attempts to retrieve the funds, or a percentage of them are always undertaken. Understandably, it can seem that this isn’t enough – especially if you’ve lost a considerable amount of money – and at the moment a victim is unable to complain directly to the bank where the fraudsters account is held.
Under the new proposals from the Financial Conduct Authority (FCA), the regulator, victims of push fraud will be able to complain to the bank where the funds were transferred, and furthermore, such complaints will fall within the remit of the Financial Ombudsman Service, if a victim is unhappy with the response, or did not receive a response, from the relevant bank.
One final note
First and most importantly, we take customer security extremely seriously here at Starling Bank. We’ll never ask you to transfer money to a ‘safe’ account or request your PIN or password from you.
We are lucky to have an incredibly dedicated and experienced financial crime team here at Starling. We continually monitor accounts for any indication of fraud and, from time to time, members of the team may contact you about a specific transaction.
If you’ve been contacted by Starling Bank and you’re unsure about the legitimacy, be sure to hang-up and contact us directly using the number on the back of your card, or you can reach us via in-app chat. We’ll be happy to help and confirm if the contact was genuine.
Until the next time!