What is an Authorised Push Payment (APP) fraud?

When we are in need, we tend to rely on people that offer help, without questioning too much about who they are, especially if we have the feeling we can not take our time to make a decision. Social Engineers know about that, as they are experts of human psychology, therefore they take advantage of their victims' needs to scam them.

During an Authorised Push Payment (APP) fraud, the scammers take advantage of psychological tricks in order to convince their victims to authorize a transaction (e.g. an online card transaction or a bank transfer) on their behalf. The victim normally only receives a push notification of the payment on their mobile bank app, and the fraudster persuades them to click on the Confirm button. From here the acronym Authorised Push Payment.

This is an example of APP fraud:

• The victim notices a payment they did not authorize or they get a notification about a malicious access to their bank account
• Someone calls them right after to assist them with the problem that just occurred, introducing themselves as agents from the bank.
• Fraudsters give some details about the victim's personal data, bank account, or card - The data is normally taken from the internet, or from the DarkWeb after a data breach disclosure. The reason why the fraudsters mention the data is to build trust.
• The fraudster explains fraud is happening on the account, which of course sounds scary!

At this point the APP fraud can work in these two ways:

• The victim is asked to send money to another bank account, under their name or someone else’s name. Eg. In order to save your money, you should temporarily move the money to this X account.
• The victim is asked to confirm an outgoing transfer or a card transaction in order to “reverse” it. Eg. I can see fraudsters are currently initiating a transfer on your behalf. Please accept it in order to get the refund.

In case you receive a suspicious SMS, email, or phone call related to suspicious transactions or login attempts: don’t answer! Please always contact our Customer Service first. They will be able to assist you and make sure that everything is fine on your account.

Remember: we will never ask our customers to initiate or confirm a transaction. Always perform a transaction when you know the recipient and the IBAN - we will never provide those to you on a phone call or SMS!

Read this article (new tab) to know how you can contact us.

If you realize on your account there are unauthorized transactions, read through these articles to know the next steps:

• How to dispute a card transaction and request a chargeback (new tab)
• What to do if my account may be compromised? (new tab)