Authorised Push Payment scams, also known as Mandate Fraud, is the fastest-growing type of fraud in the UK, with a total of £145m lost in the first half of 2018. Although the total figure is low relative to the total estimated fraud bill (£190bn in 2017), it is already so widespread that consumer group Which? filed a super complaint as early as 2016, and the Financial Conduct Authority (FCA) has announced new proposals to tackle the issue.
The fraud typically revolves around targeting an individual within a business, by requesting that a payment is made to a bank account owned by the fraudster, under the false pretence that the account belongs to a supplier, contact or senior employee.
One example is that of a business purchasing a property. Fraudsters have been known to intercept the communications and will often imitate other businesses using cloned email addresses of legal firms, estate agents and even the selling party, with the aim of diverting funds to the fraudster’s account.
The rise of real-time payment systems has meant that it has become easier for fraudsters to divert the money to their account and disappear, particularly because once the victim realises they have been duped, the payment is irrevocable, unlike a BACS payment, which can be reversed.
As terms and conditions in banking contracts place more of the risk on the customer, it is increasingly common that the victims of such a fraud do not recoup any of the lost funds, as the responsibility sits with the sender ensuring that they are sending money to the correct recipient, unlike when using credit and debit cards.
It is also difficult for the bank to trace the accounts and provide this information to the authorities, often the money is then transferred on to other accounts, which are subsequently shut down. Often, the accounts have been opened using fake or stolen ID and counterfeit utility bills.
For businesses, this type of fraud is similar to False Invoice Fraud, where the accounts department of a business may receive an invoice for goods or services, and the supplier suddenly informs them of a change to the address or bank account details, to divert the funds to their own account.
Often the invoice states that it is soon to be, or already overdue – a method of applying pressure to make the payment. Sometimes, this will be accompanied by a threat to the company’s credit rating or similar, which is designed to hurry the accounts team into making the payment rather than investigating.
Above: an example of an awareness campaign by the Metropolitan Police
The best defence against this type of fraud is to have a multi-layered process in place.
But how can you add more layers of process, without reducing the customer experience for the invoices that are genuine requests?
The best defence is a group defence, based on intelligence-sharing. If organisations can be more open in reporting fraudulent attempts to divert payments, this will reduce the opportunity for the fraudsters through increased awareness. A consortium approach is key to tackling this growing problem.
Graydon Detect, the UK’s first online B2B anti-fraud consortium, is designed to flag suspicious behaviour, applications and is based on the sharing of real-time insights and intelligence across various at-risk sectors including financial services, insurance, IT, petroleum and construction.
If your organisation needs to build a firewall against fraud, please get in touch for a no-obligation demonstration of our solution here.