How to Prevent Authorized Push Payment Fraud with Mobile App Testing

This recent article from Finextra regarding the UK payments watchdog consulting on new authorized push payment (APP) fraud reporting rules has me thinking. How can we prevent fraud and protect consumers – and ourselves from scams?

APP fraud happens when fraudsters deceive consumers or individuals into sending a payment under false pretenses to a bank account controlled by the fraudster. Real-time payment schemes are irrevocable, so victims cannot reverse a payment once sent.

Authorized push payment fraud is a growing problem that can cause severe financial losses and damage your business’s reputation. UK Finance said £249.1 million was lost to APP scams in the first half of 2022 alone. An attack on your mobile app can cause irreparable reputational damage; 71% of consumers report they’re unlikely to buy again if a company loses their trust. 

Prevention is the only solution. Let’s discuss different types of authorized push payment fraud and how they can be prevented with mobile app testing.

Five Types of Mobile App Fraud to Watch Out For

Fraudsters are constantly developing increasingly creative ways to attack and defraud mobile apps. Some of the most problematic include the following:

1 Authorized push payment fraud 

APP fraud happens when fraudsters deceive consumers or individuals at a business to send them a payment under false pretenses to a bank account controlled by the fraudster. As real-time payment schemes are irrevocable, the victims cannot reverse a payment once they realize they have been conned.

2. Payment/purchase and misdirection fraud

This technique involves tricking users into sending money to an account controlled by a fraudster or redirecting funds to a fraudulent account. In 2020, a church in England was tricked into transferring £1.75 million to a fraudster’s account. The fraudster had posed as one of the charity’s legitimate suppliers and sent the charity an invoice with the supplier’s bank account details. However, the bank account details were controlled by the fraudster. The charity, thinking it was making a legitimate payment, transferred the funds to the fraudster’s account and could not recover the money.

3. Impersonation fraud

This is where scammers impersonate a trusted source to obtain sensitive information. In 2019, the CEO of a UK-based energy company was tricked into sending £201,000 to a fraudster who posed as the company’s owner. The fraudster had used deepfake audio technology to impersonate the owner’s voice, convincing the CEO to transfer the funds to a foreign bank account. The company could not recover the funds and suffered significant financial losses.

4. Automation fraud

Automation fraud uses software to carry out attacks on a massive scale, such as in a gigantic series of mobile emulation scams uncovered by IBM in 2020. In these scams, thieves used mobile device emulators to spoof devices, entered stolen user login data, and initiated fraudulent money orders, siphoning millions from compromised accounts.

5. Referral/benefit fraud

This scam exploits referral campaigns and benefit programs. In 2019, more than 2,000 stolen user identities were used to create fake driver and passenger accounts on Uber and Lyft. The fake passenger accounts were used to claim free rides, while the phony driver accounts were sold to unqualified drivers. Some fraudsters could also rack referral bonuses by taking advantage of driver acquisition campaigns.

The Entire User Journey is Ripe for Fraud

At first glance, you may think that only the checkout process is your concern – but I know that isn’t the case. Focusing on the payment window alone is no longer enough to prevent mobile app fraud. A more holistic approach is required to protect your mobile ecosystem from end to end. Safeguarding users inside your app is critical, so your mobile payment apps need to have APP fraud prevention tools built in. This is where partnering with an expert to shore up your payment testing protocols can help you provide real security and peace of mind for customers.

Are banks in the UK doing enough to support consumers from APP scams, unauthorized debit and credit, and other payment card fraud? I don’t think so. When I fell victim to an APP scam, I contacted my bank immediately. All I got was a lack of interest and a bombardment of documents to complete alongside a million and one questions. I was so overwhelmed with all the documentation. I concluded it was not worth the hassle.

I felt like my bank was unsympathetic to my situation. Guess what? I am no longer with that bank. Protecting your user’s financial and personal information is a huge responsibility that hinges on brand loyalty. With so many APP scams and fraudulent transactions, the only solution is prevention. 

Prevent Authorized Push Payment Fraud with Payments Testing

Prevention is the only way to tackle APP fraud and payment issues. Here are four ways to consider:

• MFA/2FA – Multi-factor authentication (MFA) and two-factor authentication (2FA) help ensure the user is who they claim to be.
• OTP verification – One-time passwords are sent to users’ phones to verify transactions, reducing the risk of fraud.
• Clear payment process – Users need to understand what they are paying for and how much they are paying, and they need to trust the sender
• Payment gateway testing – Payment gateway testing mimics each payment process step to verify that connections, transactions, and communication paths are working. Testers uncover issues that impact a seamless transaction and user experience. Plus, solid testing identifies vulnerabilities, heading off attacks before they happen.

If you’re unaware of Take Five, take a few minutes to review their website. It’s a national campaign offering straightforward, impartial advice that helps prevent email, phone-based and online fraud.

Preventing APP fraud with mobile payment testing is critical to protecting your business and customers. By implementing prevention strategies and proper payment gateway testing, you can prevent fraud and maintain trust.