What Is APP Fraud? A Simple Guide to Authorized Push Payment Scams

Today’s payments have become highly convenient, allowing consumers to move money with just a few clicks on a screen. However, the same convenience also benefits criminals who are using it to launch authorized push payment (APP) fraud. Consumers worldwide lost a staggering $442 billion to APP fraud and scams in 2025, according to the latest figures from the Global Anti-Scam Alliance. 

The scope of this threat has grown so severe that regulators in several global markets now require banks to support customers with partial or full reimbursement for losses. In this article, we’ll break down how APP fraud works, notable scam types, regulatory shifts, and the measures banks can take to protect their customers and their organizations.

Key Findings

• In an APP fraud, criminals direct victims into sending them money, often using emotional manipulation, high-pressure tactics, or coercion.
• APP fraud scams contributed to an estimated $442 billion in consumer losses worldwide in 2025, according to data from the Global Anti-Scam Alliance.
• Common APP methodologies include romance scams, investment scams, purchase scams, and impersonation scams.
• Several regions worldwide, including the UK, Australia, Singapore, and Malaysia, have introduced reimbursement and policy frameworks to help customers recover monetary losses following an APP scam.
• To prevent APP fraud, banks need a combination of real-time AI-led profile development and decisions (for both inbound and outbound transactions), strong case management and operational processes, and additional enrichment signals such as behavioral biometrics and network intelligence.

What Is APP Fraud and How Does It Work?

Authorized push payment fraud (also known as an APP scam), happens when a criminal convinces a person to transfer money to another account using a carefully-crafted narrative. Fraudsters create a lure for their targets, build a rapport with them, eventually pressuring them into sending funds. Fraudsters may pose as a love interest, a boss or coworker, or perhaps a merchant with a “too-good-to-be-true” deal (because it is) as part of the scheme. 

While other fraud typologies (e.g., account takeover) focus on breaching accounts or stealing payment tools, APP fraud differs by targeting customers directly. Because the transaction is ultimately authorized by the real account holder, traditional fraud controls do not get triggered. 

Once the money reaches the intended recipient, it can be transferred to second generation money mule accounts, withdrawn, or layered further into the financial system. This makes it very difficult for APP fraud victims to recover their funds.

Why Are Authorized Push Payment Scams So Effective?

APP scams have proven highly effective for criminals for several important reasons.

Human Trust

Criminals quickly gain their victim’s trust by establishing themselves as someone with authority or knowledge who can help them with a (fake) problem. If the victim believes the fraudster’s story, they are more likely to trust them and follow their instructions. 

Sense of Urgency

The fraudster also pressures the victim into acting quickly, often claiming a fake deadline or an emergency that requires an immediate response. This may include a legal problem or a family emergency that causes victims to overlook their own skepticism and ignore red flags. 

GenAI & Deepfakes

Advancements in technology are making fraudsters’ scams even more convincing. Using Generative AI, for example, criminals can draft convincing messages tailored to their victim’s specific profile. These are also making it easier for criminals to draft messages without spelling or grammar mistakes, which were once common tells of scams. Meanwhile, criminals can use deepfake fraud to convincingly pose as other people, including a business executive or a celebrity.

Real-Time Payments

The speed of payments is one of the most important benefits for payments. It’s also one that criminals are actively exploiting with real-time payments fraud. Whether issued by a faster payment service or a person-to-person platform, money now moves at the click of a button. Once it’s delivered, criminals can move the money to a mule-controlled account, often just as fast as they received it. This process can be repeated several times, allowing bad actors to layer the funds and making recovery almost impossible.

Social Stigma

Many APP fraud victims feel embarrassed about the experience and worry that they will be judged or shamed if they come forward and report the scam. This ultimately works in criminals’ favor because this means the crime is never reported and they do not have to worry about any legal consequences. Meanwhile, both law enforcement and the broader community miss out on the opportunity to learn about the incident and help protect others from a similar experience. 

Common Types of APP Fraud 

Criminals have a wealth of tactics to push APP fraud, all of which are becoming increasingly personalized thanks to social engineering. Here are some of the most prevalent APP fraud methods criminals use to scam victims.

Romance Scams

In romance scams, a bad actor will pretend to have romantic feelings for their targets. They often spend weeks or months building a deep, emotional connection with the victims after meeting on an online dating site, social media, or messaging service. Once they gain their victim’s trust, they invent a fake problem (e.g., a medical emergency, an arrest, or an unexpected expense) and pressure their victim to send them money. In the US, victims lost approximately $1.3 billion to romance scams, according to the latest figures from the Federal Trade Commission.¹

CEO Fraud

When your boss needs something, your first instinct is to respond immediately. Fraudsters are counting on this reaction when they launch CEO fraud attacks, also known as Business Email Compromise (BEC) fraud. Criminals pose as a high-level executive by spoofing an email or phone number, sparking a sense of urgency in the employee. They instruct the employee to bypass standard verification procedures to authorize a fake invoice or transfer that lands in the criminal’s account. US businesses lost $2.7 billion to BEC fraud in 2024, according to the FBI.²

Purchase Scams

Also known as “shopping scams”, purchase scams are among the most common forms of APP fraud. This method involves enticing victims with exciting deals on social media or fake websites. Shoppers believe they are buying a luxury item or a rare find. However, once they send the payment, the seller vanishes, stops communications, and the goods never arrive. More than half of consumers surveyed by GASA (54%) experienced a shopping scam in 2024, according to GASA research.

Investment Scams

The enticement of being able to make a fast fortune is another powerful lure for fraudsters. Using investment scams, fraudsters promise “guaranteed” high returns on a new business venture, such as cryptocurrency opportunities or stocks in their new company. They lure people into moving their savings onto fake investment platforms. These scams often look incredibly professional, but they are designed to drain victim’s savings accounts. UK Finance reports that consumers in the UK lost an estimated £98 million to investment scams in the first half of 2025.³

Impersonation Scams

Criminals pose as trusted figures that victims are more likely to trust, including members of law enforcement, government agents, or bank staff. They claim the victim is at risk of being hacked or faces legal trouble because of an unpaid bill. By triggering panic, they convince the victim to move their money to a different account or walk them through making a transfer while they are on the phone. The FBI notes that impersonation scams increased by more than 400% in 2024 since 2020, resulting in $445 million in losses.⁴

Can APP Fraud Victims Get Their Money Back?

Victims of APP fraud have traditionally faced hurdles in securing refunds. This is because, by authorizing the payment themselves, the transaction is not classified as “unauthorized” fraud under typical card and banking regulations. As a result, reimbursement has historically been based on voluntary industry schemes, ombudsman decisions, or individual bank goodwill.

As scams became more prevalent and effective, UK lawmakers realigned regulations regarding reimbursement for APP scams. Since October 2024, the UK Payment Systems Regulator’s (PSR) has required payment service providers (PSPs) to reimburse most APP victims who lost money over the nation’s Faster Payments System. Under PSR’s rules, sending and receiving organizations must split the responsibility 50-50 to reimburse victims. 

Other regions have made similar changes to their scam reimbursement frameworks. Notably, Singapore, and Australia are all shifting toward more structured frameworks, but with narrower scam coverage or shared liability models that depend on whether firms met specific control obligations.

Global APP Fraud and Scam Liability Comparison

To navigate global APP regulations, here is a breakdown of how different regions are currently handling scam liability and victim reimbursement.

How to Prevent APP Fraud For Banks and Consumers

APP can cause serious harm to victims. In addition to the financial losses, many victims experience serious psychological impacts from scams that take a toll on their mental health. Banks have a vital role to play in helping victims both recover financially and offering support at a moment of high vulnerability. Just as importantly, banks can implement solutions that can detect and prevent APP scams and keep customers safe.

Here are a few core solutions banks can use to stop APP fraud:

Real-Time AI-Led Profiling and Decisions

The most effective defense starts with understanding “normal” behavior for both the sender and the receiver. By utilizing real-time AI to develop comprehensive profiles for both inbound and outbound transactions, banks can spot anomalies as they appear. Having this level of “profile completeness” allows for instant, data-driven decisions that can block a suspicious payment before the funds ever leave the account.

Efficient Case Management and Agentic Automation

When a potential scam is flagged, speed is everything. Fraud teams need to be empowered with strong case management processes enhanced by agentic automation. By implementing agentic AI to automate data summaries and routine tasks, investigators can improve their efficiency and refocus their expertise on complex cases that require maximum human focus. 

Behavioral Biometrics and Analytics

Because a legitimate customer is executing the transaction, banks can’t focus on “who is the user?” Instead, it’s important to ask “what is the user doing?” and “what is their intent?” Behavioral biometrics offer non-intrusive enrichment signals to detect when a user is acting under duress or manipulation by analyzing their typing speed, mouse movements, and pressure applied to a touchscreen. This data can be used to build a baseline of “normal” customer behavior. If a significant deviation from this baseline is detected, the system can trigger a risk score evaluation.

Inbound Payment Monitoring 

Money mules are the indispensable conduits for APP fraud. They provide the “exit ramps” that allow stolen funds to leave the regulated financial system. To disrupt these networks, banks must move beyond outbound monitoring and implement robust inbound payment monitoring. A comprehensive mule detection strategy must operate across the entire customer lifecycle, from account opening to everyday activity to inbound payment monitoring. Look for inconsistent information at onboarding or signs that a legitimate customer may be vulnerable to money mule recruitment.

Network Intelligence and Federated Learning

The most sophisticated fraud rings operate across multiple institutions to hide their tracks. Banks need to gain insights without compromising customer privacy. Network intelligence provides a critical additional enrichment layer to gain insights into fraud patterns by making sense of complicated fraud patterns across multiple organizations. Meanwhile, federated learning a privacy-preserving method for banks to share fraud signals across a consortium of other banks. This allows an institution to see if a specific account or device has been flagged by another bank, even if it appears to be “clean” within their own ecosystem.

Educate Customers on APP Fraud Threats

The best defense is an informed customer. Banks must invest in educating their own users to be mindful of “urgent” requests and to never move money to a “safe account” at another person’s direction. Remind customers that when in doubt they should verify payment requests through a separate, trusted channel. Most importantly, ask them to call their bank directly if they have any questions about a strange request.

Authorized push payment fraud represents a fundamental challenge to the traditional banking model because it turns the customer into the weakest link in the security chain. Faced with this reality, technology must step in to provide both a psychological and analytical safety net. Preventing APP fraud requires a transition from siloed, reactive defenses to a unified platform that can view the entire threat landscape in real time.   

By leveraging AI profiling, case management, network intelligence, federated learning, and behavioral biometrics banks can help customers by intervening when a suspected scam is underway. They can also use inbound payment monitoring to dismantle the mule networks that allow fraud to flourish. These measures are especially critical as regulations shift to require reimbursement for scam losses. Banks that thrive against APP fraud will be the ones that embrace AI-first solutions that can learn customer behaviors and respond promptly to red flags.

Additional Resources

• Blog: 7 Examples of Real-time Payment Frauds and How to Prevent Them
• Report: The Future of Fraud Prevention: Predictions for 2026
• Analyst Report: Celent 2025 Solutionscape Matrix Names Feedzai a Fraud Prevention Leader
• Solution: Stop Scam Losses, Build Customer Trust, Protect Revenue