Authorised push payment fraud

Push payment fraud (also known as "authorised push payment fraud" or APP fraud) is a form of fraud in which victims are manipulated into making real-time payments to fraudsters, typically by social engineering attacks involving impersonation. These authorised frauds can also be related to investment scams, where the victim is tricked into sending money for investments that do not exist, and to romance scams, where the fraudster tricks the victim into thinking they are in a relationship. The opposing type of fraud is known as "pull payment fraud", which occurs when an account holder provides a payee with the relevant bank account details enabling a fraudulent payee to take (or "pull") funds from the payer’s account.

Until 2019 in the United Kingdom, because the victims of these frauds authorised the payments, albeit mistakenly, they were typically not fully reimbursed by their banks. In September 2016, Which? raised a super-complaint regarding push payments and calling for changes in legislation to provide better protection for innocent bank customers. The Payment Systems Regulator (PSR) investigated and found within "a short space of time" that the UK banks could work together in a better way to avoid scams and that some banks needed to do more to identify "potentially fraudulent incoming payments". The regulator was also concerned that there was limited information available on the scale and nature of the problem. The PSR initiated a consultation process in November 2017, which was completed in February 2018. In March 2018 a "draft contingent model code" was published.

From May 2019 some victims were able to receive refunds under the Contingent Reimbursement Model Scheme, a voluntary scheme overseen by the PSR which provides protections for customers of signatory firms, subject to a number of exclusions.

New rules where introduced on 7 October 2024 covering claims for reimbursement for amounts up to £85,000.

KPMG has reported that the Central Bank of Ireland set out its APP fraud banking expectations in its Consumer Protection Outlook Report 2023. The Central Bank requires financial businesses, to operate "effective measures to mitigate the risk of fraud", taking a proactive approach, and helping customers where necessary to recover funds where possible.