NorthRow

Authorised Push Payment (APP) fraud definition and meaning | AML glossary

What is Authorised Push Payment (APP) fraud? Definition and AML compliance meaning.

Back to AML glossary >

Authorised Push Payment (APP) fraud definition: What it means in AML compliance.

Authorised Push Payment (APP) fraud is one of the fastest-growing threats in financial crime, hitting consumers and businesses alike. This type of fraud happens when someone is tricked into sending money to a scammer posing as a legitimate payee. Unlike traditional fraud, where payments are taken without consent, APP fraud relies on deception to get victims to willingly transfer funds. Once the money leaves the account, it’s often moved through a complex web of mule accounts, making recovery difficult.

Fraudsters use social engineering tactics to manipulate victims into making a payment. They might impersonate a bank, a supplier, a government body, or even a friend or colleague. The scam can take many forms – fake invoices, romance scams, investment fraud, or urgent requests from a supposed senior executive. The common thread? The victim is pressured into acting fast, believing they are making a legitimate payment.

Once the funds are sent, the fraudster quickly disperses the money across multiple accounts, often using money mules to obscure the trail. This makes it incredibly difficult for banks to trace and recover the funds. Unlike unauthorised transactions, where banks may be obliged to refund victims, APP fraud falls into a grey area – victims willingly approve the payments, which can complicate reimbursement.

The sophistication of these scams is growing. Fraudsters research their targets, use deepfake technology to mimic voices, and manipulate email and SMS channels to make their messages look legitimate. Even seasoned professionals can be caught off guard.

For businesses, APP fraud isn’t just a financial risk – it’s a reputational one. Falling for a scam can disrupt operations, damage trust, and create regulatory headaches. That’s why firms need to be proactive in strengthening their defences.

Authorised Push Payment (APP) fraud

“Losses due to authorised push payment scams were £213.7 million in the first six months of 2024, a decrease of 11 per cent when compared with the same period in 2023. In total there were 97,344 cases of APP fraud reported in January to June 2024.”

UK Finance

Half Year Fraud Report (October 2024)

What Authorised Push Payment (APP) fraud means for compliance teams.

APP fraud is a serious money laundering risk. Every fraudulent transaction fuels wider criminal enterprises, from drug trafficking to human exploitation. That puts AML compliance teams under pressure to detect, report, and prevent these scams before funds disappear into the financial system.

Monitoring systems must be adapted to detect the red flags of APP fraud: unusual payment patterns, rapid movement of funds, and suspiciously structured transactions. AML compliance technology and tools can help significantly, but human oversight remains essential. Compliance teams should be asking: Is this transaction in line with the customer’s normal behaviour? Is there evidence of a scam at play?

Customer due diligence (CDD) is another line of defence. Verifying identities, scrutinising the purpose of payments, and conducting enhanced checks on high-risk customers can help flag suspicious activity before money moves out. This means training frontline staff to recognise the signs of APP fraud, not just traditional money laundering techniques.

Banks and businesses need to work together. Information sharing between financial institutions can help track the movement of fraudulent funds and disrupt money mule networks. 

Regulators are also pushing for stronger protections so AML teams need to tighten their fraud prevention frameworks or risk both regulatory scrutiny and financial exposure.

We’ve worked with hundreds of regulated businesses. Let’s work together.

Book your free demo of our comprehensive ID&V, KYC, KYB and AML compliance management solution today.

Request Demo
Packages