Blog Posts Process Analysis

Authorised Push Payment Fraud – The Liability Challenge

Blog: Enterprise Decision Management Blog

Mobile transaction image with HACKED on it

Last week, the National Board for Customer Disputes in Sweden, after reviewing cases referred to them, have ruled that banks should be liable for so-called “push payment” fraud losses over a certain amount.

Authorised push payment fraud, or APP fraud, is gaining in popularity in the criminal community. Customers are being tricked into authorising payments by persuasive social engineering schemes run by criminals. These criminals have been so successful that this kind of fraud even has a nickname: hypnofraud.

Fraudsters have always targeted the weakest link in the process. As systems become more and more secure, the weakest link has become the customers themselves.

The push payment fraud trend has sparked debate at Payment Services Providers (banks and other financial institutions), regulators and consumer bodies about who should foot the bill when these kinds of schemes are successful. In 2016, a super complaint by the UK consumer organization, Which, was filed which called for the PSPs to do more to stop this kind of fraud, and to take greater responsibility for the losses when customers fall for these scams.

The question of liability isn’t straightforward, as my colleague Sarah Rutherford noted in a recent post. On one hand, customers are being tricked by highly convincing, almost hypnotic fraudsters, often posing as representatives from a bank. Whilst the industry can educate consumers about this, we can’t expect all customers to be experts in identifying whether calls, emails or SMS are genuine or fraudulent. On the other hand, if a customer withdrew cash from an ATM and was persuaded to hand over that cash by a fraudster, no one would expect the bank to foot the bill.

Whilst regulators and consumer bodies around the world make their own judgements, there is something the banks can do to reduce the scale of this problem and make social engineering scams less successful. By analysing the way each customer normally uses their account — whether transactions are authenticated by them or not — they can detect transactions that are out of character and stop them before funds disappear from accounts.

Customer behaviour profiling is a key way to detect and stop fraud from taking place, whilst allowing a frictionless experience for customers going about their daily business. For more on this, see our posts on the FICO Blog:

The post Authorised Push Payment Fraud – The Liability Challenge appeared first on FICO.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples