Push the button: Fraud by APPF

5 May 2022Opinion

Mark Kenkre looks at new models of online banking fraud

An Authorised Push Payment Fraud (APPF) occurs when an individual is tricked into making a payment from their bank account into an account controlled by a fraudster, who often purports to be a representative of a legitimate organisation such as the bank, a contractor or even the police.

Fraudsters target victims in many ways, and the introduction of online banking has made APPF more appealing to criminals as the transfer of money can happen in real time. This means fraudsters can instantly move funds across multiple accounts which makes tracing and recovering the payment increasingly difficult.

It couldn’t happen to me…

The following are the most common types of APPF incurred in the UK:

Invoice fraud

This occurs when a fraudster hacks into an individual’s email account, then pretends to be a contractor or company hired to carry out work. The fraudster will often issue a fake invoice for these works, of which the victim pays, in the belief they were paying the company who actually completed the work in question.

CEO fraud

This occurs when a fraudster impersonates a high-ranking employee from the victim’s organisation and requests the victim transfers funds.

Impersonation fraud

This occurs when fraudsters pose as a legitimate organisation such as a bank or a police officer. The fraudster will often inform the victim they need them to move large sums of money to a ‘safe' account which they later uncover as belonging to the fraudster.

Whatever next?

Looking to the future, we envisage there will be an increase in fraudsters targeting individuals purchasing a property due to the large transactions involved with the sales process, and posing as representatives from energy suppliers due to the recent increase in the energy price cap. Property purchase will likely be of particular interest to fraudsters as they can intercept correspondence between parties and alter payment information which results in large payments being made directly into the fraudster’s account.

Representatives from the financial industry, consumer groups and the financial regulator have been working collaboratively over the past few years to increase consumer protection in the hope of reducing the number of APPF occuring within the UK. The pinnacle of this work has to be the implementation of the Contingent Reimbursement Model Code (CRM Code), a voluntary code that requires signatory banks to take active steps to protect their customers and to reimburse those who have fallen victim to APPF. As part of the CRM Code, banks are expected to educate their customers regarding APPF, to consider the vulnerabilities of the customer, and to provide adequate warning to the customer if they consider a transaction to be at risk of APPF.

Stop! Are you sure you want to make this payment?

Many customers will be unaware banks have technology which allows them to check the recipient’s name matches that which is registered to the account number and sort code provided by the customer. In turn for this protection, banks expect consumers to pay close attention to any warnings which they issue regarding potential fraudulent transactions, and consumers must have a reasonable basis for believing the payment was for genuine goods or services and the recipient was legitimate.

There is no doubt the CRM Code is a step in the right direction. However, there is considerably more that needs to be done in order to reduce the level of APPF in the UK. This is reflected in statistics prepared by UK Finance which found a total of £479m was lost as a result of APPF across the 149,946 cases reported in 2020. This is a considerable increase to the losses incurred in 2019 – the year in which the CRM Code was implemented – which has led to increasing calls for the CRM Code to be mandatory, as opposed to voluntary. This would not only ensure customers are afforded requisite protection from APPF, but will incentivise the banks to adopt stringent measures to prevent instances of APPF in the future.

Mark Kenkre is partner with Keller Lenkner UK: kellerlenkner.co.uk

Legal News desk contact: editorial@solicitorsjournal.com

Litigation funding after PACCAR: adaptation and growth

How England’s litigation funding market is adapting post-PACCAR amid judicial flexibility, legislative signals, and continued expansion

Winston and Taylor Wessing merge to form new firm

Winston & Strawn and Taylor Wessing have voted to combine, creating a major transatlantic law firm

Mishcon de Reya appoints new leader

Mishcon de Reya has announced the election of Daniel Naftalin as its new Managing Partner, set to take office in summer 2026 after a transitional period

Fletchers comments on clinical negligence report

Peter Haden, chief executive of Fletchers, has welcomed the Public Accounts Committee's report on clinical negligence highlighting its human and financial impact and the importance of improved collaborative claims resolution methods

Ex-LCF CEO and wife face contempt

Michael and Debbie Thomson, former LCF CEO and his wife, admit to multiple court order breaches

Youth justice sees record lows in 2024

Recent statistics highlight significant reductions in youth justice involvement, but systemic delays and biases pose risks for progress

Government caps ground rents for leases

The UK government has announced a cap on ground rents in older leases, sparking mixed reactions among experts

Major boost for legal aid fees

Access to justice in Scotland has been significantly improved with a 13% increase in all legal aid fees following a sustained campaign from the Law Society of Scotland

LawCare surpasses pandemic support levels in 2025

LawCare's latest report reveals an unprecedented increase in mental health support demand within the legal sector in 2025, reaching 753 individuals, more than any previous year.

NHS negligence costs demand urgent action

The Association of Consumer Support Organisations urges transparency and solutions to tackle clinical negligence issues

Joseph Mark Taylor v James Lee Taylor: Unfair prejudice found in family property company dispute

High Court finds unfair prejudice in quasi-partnership property company after director excluded brother shareholder.

Molnar and Vargova v Secretary of State: deportation rights under the Withdrawal Agreement

Court of Appeal clarifies procedural safeguards for EU citizens facing deportation for post-Brexit offences.

Smith v Campbell: trustees' costs and indemnity in removal proceedings

High Court determines costs and trustee indemnity following partial success in removal claim.

Pawel Wysokinski v OCS Security Limited: Court venue for data protection claims

Appeal concerning the appropriate court venue for a data protection claim involving medical information disclosure.

Raphael Folarin v Immigration Services Commissioner: fitness to practise and criminal convictions

Appeal dismissed against refusal of registration as Level 1 immigration adviser due to criminal convictions.

SJ Interview: Joelle Grogan

Dr Joelle Grogan is a legal scholar specialising in the rule of law in times of crisis. She presents The Law Show on BBC Radio 4, and is Co-Academic Director of the Rule of Law Clinic at the CEU Democracy Institute (Budapest), and a Senior Research Fellow at the UCD Sutherland School of Law. Her work focuses on constitutional accountability, emergency powers, and legal misinformation. In this interview, she examines the pressures facing the rule of law in the UK, from executive power and court delays to media narratives, emergencies, and the impact of AI on legal practice.

AI in Law: responsibility never delegated

As AI becomes routine in legal practice, regulators and courts insist accountability stays firmly with the human professional