The customer is usually the victim when we think commonly of fraud. Interestingly enough, with APP fraud the customer takes part in the scam, being actually the one that authorises it. How? Read on to find out how APP fraud works exactly and what makes it challenging.
What is APP Fraud?
You may wonder what APP fraud is. Well, it’s definitely one of the least pleasant fraud types to spot and recover from. And the main reason for this is that the fraud may be initiated by a scammer, but the actual payment authorisation is done by the customer.
To explain exactly what is going on with APP fraud, it’s a form of scam where a victim is deceived into authorising a payment to a fraudster’s account. Unlike unauthorised card fraud, APP fraud relies on social engineering to manipulate the victim into believing they are making a legitimate transaction.
What happens most of the time is that fraudsters disguise themselves as trusted entities like banks, merchants, or service providers. For example, they might send a payment link under the pretence of a "special promotion" or "urgent request," pressuring victims into acting quickly. And, most times quite successfully.
How does APP fraud work?
As we mentioned before, APP fraud starts with the fraudster and ends with the customer, who is ultimately accepting to pay for something that they did not initiate themselves. So what does the process look like?
- A fraudster initiates a transaction on the merchant’s shop.
- The fraudster generates a payment link using stolen credentials.
- The link is sent to the victim via email, SMS, or social media impersonating the merchant’s account.
- The victim, believing the link to be legitimate (which it can be), authorises the payment and transfers money directly to the scammer.
Most of the time, victims of APP fraud realise they’ve been scammed only after the transaction is completed, leaving the fraudster to walk away without remorse. But no worries, fraud detection systems are getting better and better, and later in this blog you will get an understanding of how.
Why detecting APP fraud is a challenge
Looking at how APP fraud works, we can say that detecting it can be particularly challenging because:
- The payment data is legit. Victims willingly authorise transactions, making them appear genuine to financial systems.
- Sophisticated masking techniques: Fraudsters use VPNs, spoofed devices, and fake browser profiles to avoid detection.
- Psychological manipulation: Scammers pressure victims into acting quickly, inducing a sense of urgency.
Read more about: The psychological factors behind committing fraud
APP fraud is a big target for Fast-Moving Digital Goods like eSIMs, prepaid top-ups, game cards or gift cards, as these products are available to use the moment they are purchased. After that either the fraudster can redeem the digital good instantly, or he can resell it.
Real-life examples of APP Fraud in action
Typically we can distinguish two scenarios of APP fraud. In one scenario the fraudster sends a payment link to the victim that links directly to the fraudster’s bank account. In the second scenario, the fraudster sends a payment link for an actual product to the victim, the payment then is authorised, and the fraudster walks away with the product itself. To make the scenarios more practical, here are some real examples:
Scenario 1: Fake link scam – Direct payment to the scammer
A fraudster impersonates a telecom provider and sends a phishing email to a victim claiming their prepaid balance is about to expire. The email looks very similar to the one of the issuing merchant and includes a fake payment link that mimics the telecom provider’s website.
The victim, believing the email is genuine, clicks on the link and pays €20 to "top up their balance." However, the payment doesn’t go to their account but directly to the fraudster’s wallet. The victim is left without the top-up, while the fraudster walks away with the money.
Scenario 2: Legit link scam – Fraudster gains the product
A fraudster initiates a real transaction with a legitimate merchant, such as purchasing a €50 PlayStation gift card. The fraudster generates a genuine payment link for the gift card purchase.
They then send the link to a victim, pretending it’s part of a "limited-time promotion." Convinced by the offer, the victim authorises the payment, believing they’re securing a great deal. Once the payment is complete, the fraudster receives the gift card, which they can resell on the black market for a profit.
Practical tips to prevent APP fraud
It may sound like a cliche but for individuals and businesses, awareness is essentially the first and most important step. Here are a few more actionable tips that businesses can enact or provide to their customers:
- Payment details verification: Make sure to educate customers to always confirm bank details using trusted sources, avoiding reliance on unverified emails or messages.
- Taking time to assess a transaction’s legitimacy: Explain to customers the importance of taking the time to assess the legitimacy of any payment request, especially if urgency is emphasised. It’s always better to make sure a transaction is legitimate and purchase the product in a later stage than to rush it and get scammed.
- Transaction monitoring: Teach customers to regularly review their transaction history for suspicious activity and report concerns immediately.
- Stay informed: Keep updated on the latest scams to recognise warning signs.
- Educate employees: Fraud prevention starts with awareness. Share resources and consider conducting regular training sessions.
You may be also interested in: What is credit card fraud prevention
Is your digital goods business dealing with APP fraud?
APP fraud is a tricky one to deal with, but Alphacomm is here to help. Our Protectmaxx solution provides real-time fraud detection and protection, tailored specifically for businesses in the fast-moving digital goods sector. If you want to learn more about how Alphacomm can protect your business, get in touch with one of our experts for a consultation.
