PSR dashboard reveals APP fraud trends and compliance implications for fintechs

Fraud Series (Advanced Edition) - Part 11 to 15 Continuing from our earlier 10 fraud scenarios, here are 5 more sophisticated fraud types that keep risk and compliance teams on their toes. 1. Fraud Name / Type (Bold + Number) 2. Definition 3. How it works 4. Real Example (optional but adds power) 5. Prevention Tip ✨🏦 CTA: “Save this for your next team awareness session” OR “Comment which fraud you’ve seen most in your organisation ” Part 11 - Bust-out / Card Velocity Fraud 🏦 Definition: Building a clean credit history, then maxing out and disappearing. 🧠 How it works: Good behaviour > credit limit increased > large final spend/withdrawal > vanish. ✨ Prevention Tip: Monitor sudden changes in spending velocity and cross-institution alerts. Bust-out frauds are among the hardest to catch - they look like your best customers until the last moment. Part 12 - Invoice / Vendor / Procurement Fraud 🏦 Definition: Using fake vendors or inflated invoices to siphon company funds. 🧠 How it works: Fraudsters or insiders create shell vendors and approve bogus invoices. 🧑🏻💻Real Example: Company paid “phantom” invoices from a fake supplier. ✨ Prevention Tip: Vendor due diligence, three-way matching (PO, GRN, Invoice), and strong vendor master controls. This is one of the top corporate frauds globally - often with insider involvement. Part 13 - Business Email Compromise (BEC) / CEO Fraud 🏦 Definition: Impersonating executives or vendors to trick staff into transferring money. 🧠 How it works: Fraudsters spoof or hack emails to request urgent wire/UPI transfers. 🧑🏻💻 Real Example: Treasury team sent funds after receiving a spoofed email “from CFO.” ✨ Prevention Tip: Use DMARC/SPF, call-back verification, and regular staff awareness. Even Fortune 500 firms have fallen victim to BEC scams. Part 14 - Authorized Push Payment (APP) / UPI Collect Fraud 🏦 Definition: Victim authorizes payment, thinking it’s legitimate. 🧠How it works: Fraudster sends fake collect request > victim approves > funds gone. 🧑🏻💻 Real Example: UPI “collect” request misused for payment diversion. ✨ Prevention Tip: Verify payee details before approving; use confirmation pop-ups and education. APP frauds exploit trust - not technology gaps. Part 15 - Payment System Fraud (NEFT / RTGS / SWIFT / UPI) 🏦 Definition: Fraud through payment rails or message manipulation. 🧠 How it works: Compromised credentials or malicious instructions trigger fund transfers. 🧑🏻💻 Real Example: Bangladesh Bank heist - SWIFT credentials used to steal $81M. ✨ Prevention Tip: Strong authentication, network segmentation, and beneficiary verification. Payment systems are only as strong as their controls.

Europe, Payment Systems Regulator: PSR Releases Data on First Year of APP Reimbursement Policy Impact The Payment Systems Regulator (PSR) has released data marking the first anniversary of the Authorised Push Payment (APP) reimbursement requirement, highlighting significant progress in protecting victims of APP fraud. Over the past year, £112 million was reimbursed to victims, with 88% of claimed funds returned, a notable increase from the previous year's 66%. The PSR's dashboard reveals that 97% of claims were resolved within 35 days, and 84% within five business days. Claim volumes have decreased by 15%, indicating improved fraud prevention by firms. Despite these positive outcomes, the PSR is conducting an independent evaluation to assess the policy's effectiveness and potential areas for improvement. Findings from the PSR's APP fraud survey show that while trust in banks has increased for some victims, trust in social media platforms has declined. The survey also highlights a lack of awareness about the reimbursement policy, with 71% of victims unaware of its existence. The PSR emphasizes the need for a comprehensive approach involving social media platforms and other regulators to address fraud at its source. Source: https://lnkd.in/e9jztcJu

Crime doesn't pay, but fraudsters sure can steal a lot of money quickly. In the Fintech space, fraud is always a concern. On launching a new product, it can be front and center and require drastic action and crisis management. Even for a mature, battle-hardened offering, it's always there in the background and requires constant attention. Here's are some lessons I've learned about how to fight fraud during my career. 1. There's no silver bullet. You can't completely eradicate fraud. No matter how good your systems are, bad actors will get through. Adopt a posture of continuous learning and develop adaptations over time. Turn each loss into a lesson, and get harder/better/faster/stronger with time. 2. Good customers will get caught in the net. Sales will complain that you're hurting partner relationships and losing out on revenue. Operations will bemoan the bad customer survey results. Unfortunately, the cost of stopping bad guys is causing pain to some good guys as well. The way out is through; quantify both the business lost and the fraud stopped. That way you can be sure you're creating the right level of friction. 3. All hands on deck for new product launches Chances are that for your mature products, you already have a sense of how much fraud is costing you, and you've built that into your margins. However, new product launches are another thing entirely. First, you won't have built up your defenses, so you can expect a high amount of fraud until you get that figured out. Second, make sure you plan for both a high initial burst of fraud, and a low ongoing amount when you plan/price your offering, to keep the CRO from shutting it down after a few weeks. 4. Data is your friend At a minimum, your anti-fraud toolkit should include: - Fraud attribute database (known identifying information associated with past fraud) - Velocity triggers (rules to stop high transaction attempts from the same email, IP address, device fingerprint, etc.) - Third party anti-fraud tools, such as available from traditional credit bureaus (Experian, Equifax, TransUnion) and niche players in the space (Sentilink, Seon, Socure) 5. Keep your eye on the ball. Don't relegate fraud to a small team of detectives, or even a large team of data scientists/analysts. Make sure senior technologists and risk leaders are involved in the guts of fraud so they have a feel for the risks. That way, when trouble hits, you'll have the backing you need to take the right steps. (This post was created entirely without AI)

15 minutes. That’s how fast one title company lost $275,000 to wire fraud. It’s a scenario that plays out far too often, and it’s not because people are careless. It’s because fraudsters are sophisticated, and manual processes just can’t keep up. Every closing you handle is a potential target. Whether it’s a modest home or a multimillion-dollar deal, there’s risk every time money moves. And the fallout from one can mean lost clients, damaged reputations, and gaps in insurance coverage you didn’t know existed. In 2024, cybercrime losses across all industries topped $16.6 billion, according to the FBI’s Internet Crime Complaint Center. That’s not a typo. And it’s only getting worse. The solution isn’t more training or longer checklists. It’s implementing technology built to stop fraud before it starts. Tech that verifies identities, confirms bank details, and catches red flags in real time. Don’t wait until your firm becomes the next cautionary tale. Learn how to secure your transactions the smarter way. https://hubs.la/Q03DrxpJ0

Everyone knows about SIM swap fraud. Banks have built layered defences to spot the signs – and when it hits, it hits hard. The customer’s phone goes dead. OTPs land elsewhere. But what if there were a quieter kind of fraud – one that didn’t kill the signal, didn’t raise suspicion, and left the victim none the wiser? What if the fraudster didn’t need to swap the SIM at all? Call forwarding fraud isn’t new – but it’s back in the spotlight for one reason: it works. And it’s arguably more dangerous than a SIM swap. Here’s why. The ability to forward calls to another number is a built-in telecoms feature, often used by professionals. But the abuse of that feature is where the danger lies. Unlike SIM swaps, call forwarding doesn’t cut off a customer’s service. Their phone stays active. The signal is strong, and texts still land. Everything looks fine. But voice calls – including those from the bank, or the one-time passcode – are being silently redirected. This is what makes it so insidious. There are no obvious warning signs. And in many cases, the customer sets up the fraud themselves. Not knowingly, of course – they’ve just been tricked. A fraudster impersonating a telco support agent or bank employee persuades them to enter a code on their keypad. The same code you use to forward calls to another number. That’s all it takes. All future calls now go to the fraudster. There are also darker variations. Bribed phone shop staff. Rogue insiders. Social engineering attacks that convince employees in call centres to activate forwarding on the victim’s number. However it happens, the result is the same: the fraudster controls the victim’s account, with no signal drop, no SIM swap, and no red flags. And while SIM swap fraud has been the focus of regulatory efforts, call forward fraud remains largely unmonitored – even though it’s just as effective at hijacking access. If anything, it’s more dangerous. Because the customer never even realises they’ve been compromised. Sekura.id’s Call Forward check is designed specifically to flag this kind of attack in real time – using direct data from the mobile network. It’s already being used by banks to prevent invisible takeovers before they happen. This isn’t a new problem. But it’s one you can no longer ignore.

We’ve all spent years chasing SIM swap, but call forwarding is the quieter twin. The danger is in its invisibility – banks can’t protect what they can’t see. If regulators and enterprises ignore this vector, fraudsters will continue to exploit the blind spot.

Financial fraud is increasingly sophisticated, with schemes that are highly targeted and often directed at accounting or accounts payable teams. These fraudulent emails appear legitimate, featuring correct company names, invoice amounts, and outstanding balances. Here's how the scam typically unfolds: - A vendor follows up on an unpaid invoice (for instance, $90,000 or $200,000). - Everything seems accurate, but the fraudster requests that the payment be sent to a new bank account. - Due to the urgency and seemingly correct details, staff may process the payment without verification. - Once the funds are wired, fraudsters quickly drain the account, leaving the business with significant losses. One of our customers with a government contract nearly fell victim to this scam but was fortunate that the FBI intervened, tracing it back to an individual in California posing as a vendor in Arizona. Not everyone is that lucky. Key lessons to remember: - Always verify account changes. If a vendor requests a new bank account, confirm through your established contact using a phone call or known email, not the one in the suspicious message. - Implement a two-person rule. Payments, especially wire transfers, should be reviewed and approved by at least two individuals. - Slow down. Fraudsters rely on urgency. Please take an additional moment to verify requests. - Distinguish between cyber and financial fraud. Cyber fraud targets data, while financial fraud targets money directly. Both require vigilance. - Protect your systems. Firewalls, email filtering, and staff training are essential defenses. Two years ago, a "Check Forgery" scam cost us $35,000. Thankfully, the bank covered the loss and reimbursed us. Many organizations may not be so fortunate. As technology advances, fraudsters evolve just as quickly. The best defense is layered protection—combining technology, processes, and training.

EWS RESPONSE TO FED/OCC RFI ON PAYMENTS FRAUD I just read the Early Warning®response submitted to the FED/OCC this month. It is actually pretty impressive. Here is the good: Key Points on Zelle: 1. Today over 99.98% of Zelle transactions are completed without a report of fraud or scam. 2. EWS has developed a first of its kind proprietary service unique to the Zelle network called Risk Insights for Zelle (“RIZ”) that provides real-time risk attributes regarding recipients to participating financial institutions before the institution initiates a transfer. EWS Recommendations to the FED/OCC: Here are the most valuable considerations for accomplishing that goal: 1. Develop a national task force to coordinate fraud detection, prevention and mitigation efforts across the ecosystem; 2. Standardize information sharing among stakeholders with an emphasis on information that can prevent losses; 3. Enhance the engagement and prevention practices of telecommunication, AI (artificial intelligence), social media, and online marketplaces to include scam origination through phone, email, text, social media, and online marketplaces, each of which is growing increasingly sophisticated with the use of advanced AI tools by criminals; 4. Increase law enforcement coordination and engagement, including by increasing funding and resources for law enforcement, expanding global enforcement collaboration, and increasing penalties, to the extent possible, for the criminals who commit payments fraud and scams; and 5. Continue to enhance and expand consumer education efforts. Missed opportunities Zelle banks: 1. Should have committed to a written anti-scam strategy that goes beyond Zelle transactions, including serious education of FI staff on the psychology of scams to help with the staff/customer interactions on scams. 2. Should have committed to tracking all consumer scams identified by their bank customers. 3. Should have committed to money mule management to detect and eliminate money mules. EWS did recommend more controls: "encouraging development and integration of real-time fraud monitoring capabilities, standardization of fraud detection system performance metrics, and customer notification standards for fraud prevention actions." I applaud this action. Ken Westbrook Trace Fooshée Erin West Ryan Powell Laurie W. Pooja Paturi https://lnkd.in/gVYJ73r3

What was planned as a celebratory day picking up my wedding dress accompanied by my Aunt, quickly shifted into a crisis when she became the target of a sophisticated impersonation fraud scheme. My Aunt received a call from an 800 number displaying "Chase" as the caller ID. The individual claimed that a person named "Jennifer" was attempting to open Online Banking (OLB) accounts using my aunt's name and phone number. What made this attempt particularly dangerous was the scammer's meticulous approach: they deliberately avoided asking for typical Personal Identifiable Information such as account numbers or her Social Security Number Instead, the request was to open her Venmo, Zelle, or PayPal account and process a transaction under the pretense of "re-wiring the IP address back to her." This tactic is a hallmark of modern fraud, seeking access to funds through digital payment apps rather than direct account information. Fortunately, I was present. As soon as my aunt recounted the details of the call to me, I took the phone from her. Upon identifying myself and stating my 15 years of experience in banking and fraud training, the scammer's demeanor shifted instantly. He challenged me by saying, "Well ma'am, if you're in banking then you should know that the first sign of fraud would have been me asking her for personal information, which I did not." This aggressive defense demonstrates their confidence and training. He then offered to transfer us, which was a clear attempt to continue the deception, only resulting in a brief hold before he returned with a feigned accent, pretending to be a new representative. This individual was highly convincing, persistent, and articulate. Had I not intervened, my aunt, who is currently recovering from a heart attack, would have almost certainly fallen victim to this scam. This incident underscores a critical need for vigilance. Whether you are in the finance industry or not, I urge everyone to proactively educate their friends and family on the evolving tactics of scammers. Fraudsters are becoming increasingly clever and coercive, and awareness is our strongest defense.