Authorized push payment (APP) fraud

How it works

Because the victim makes the transfer themselves, it bypasses much of the fraud detection built for stolen-card or account-takeover cases. The setup is social engineering: a fake bank warning, a spoofed supplier invoice with new payment details, or a romance or investment pretext. In the UK, banks must now reimburse most victims, and the EU is moving the same way under proposed payments reforms, which raises the stakes for the impersonation that enables it.

Lookalike domains, spoofed email, and fake profiles are the common entry points.

How it relates to brand impersonation

APP fraud usually begins with impersonation of a trusted financial brand or contact. Cutting off the lookalike domains and phishing that set it up reduces how many victims are pushed to pay.

How nebty helps

nebty detects and removes the lookalike domains, phishing, and fake profiles used to set up APP fraud against your customers. See our fintech brand protection page.

Why APP fraud is so hard to stop

APP fraud is difficult precisely because the victim authorizes the payment themselves. The transfer looks legitimate to the bank, made from the real account, on the real device, after a genuine login, so the fraud controls built for stolen cards and account takeover have little to flag. The work happens earlier, in the social engineering: a spoofed bank warning, a supplier invoice with changed payment details, a romance or investment pretext, each pushing the victim to send money to an account the fraudster controls. In the UK, banks must now reimburse most victims of authorized push payment fraud, and the EU is moving the same way under proposed payments reforms, which turns this into a growing direct cost for payment providers, not just a customer problem. The place to intervene is the setup, the lookalike domains, spoofed emails, and fake profiles used to impersonate a trusted party, and removing those reduces how many people are ever pushed to pay.