Payment authentication experts have warned that most online banking fraud today is the result of customers being duped into paying scammers.
So-called authorized push payment (APP) fraud occurs when a scammer posing as a trusted entity tricks the victim into transferring money to a bank account under their control. Popular examples include crypto and romance scams.
As the victim technically initiates the payment, banks in many countries refuse to refund losses incurred this way.
These scams now comprise 75% of all digital banking fraud based on dollar value, according to a new 1H 2022 report from Outseer.
The firm’s head of product, Mark Crichton, said social engineering is a “key weapon in the fraudster’s arsenal” when it comes to such attacks.
“We’ve all seen the news stories about APP fraud, but the fact that these attacks are getting more frequent, more sophisticated and make up three-quarters of fraudulent transactions should sound the alarm bells for banks,” he added. “Technologies like AI and machine learning help recognize unusual patterns in payments and prevent fraud at the source.”
In the UK, after years of lobbying from consumer rights groups, lenders now flash up a fraud warning notice before customers add new payees, and will also alert users if payee name and bank details don’t match.
Even so, there were 195,996 incidents of APP scams in 2021 with total losses of over £583m, according to UK Finance.
Brand impersonation is a key tactic in APP fraud. Outseer claimed it accounted for 65% of attacks detected in the first half of the year.
The number of phishing attacks targeting US customers grew 42% in the first half of 2022, and attacks originating from Russia increased 25%, the report revealed.
Overall, Outseer claimed to have detected 87,000 attacks on customers in the first six months of 2022, which it worked out to average around 20 attacks every hour.