Under the radar: why scammers get away with corporate APP fraud

When we read about national or international fraud trends, the losses to businesses and consumers are usually eye-wateringly large. In the UK, total card fraud soared 19% from 2017-18 to top £671 million last year, for example.

Yet if we peer behind the headline stats, we can actually deduce something very important: individual fraud attempts may actually be worth trivial sums. This is certainly the case with Authorised Push Payment (APP) fraud — making it all the more challenging to detect and prevent.

Staying hidden

APP fraud is a relatively new trend, but one that’s already starting to worry businesses across the country. It occurs when a fraudster tricks a victim into making a payment to an account under their control. While new APP fraud protections are being rolled out for consumers, there’s little recourse for businesses to retrieve any funds lost like this via B2B channels.

In 2018, APP fraud cost UK firms £126 million. That makes it seem like a big enough problem to be able to spot. But the truth is that scammers often get away with it by focusing on hijacking smaller payments to mid-tier suppliers.

Finance departments are often caught out because they make many infrequent payments to these types of supplier. Because there’s no common payments pattern, it becomes difficult to spot anomalies. Many businesses won’t even know they’ve been defrauded until notified by a supplier that a payment hasn’t reached them. That could take months.

That’s not all. The fraudsters are canny enough to limit the monetary value of their scams so that it’s often not worth the extra expense involved in investigating/remediating. If it costs £300 and key staff resources to resolve a £500 loss, it will probably not be done.

All of which helps scams fly under the radar and allows the fraudsters to thrive while UK firms are feeling the heat with both budget and staff cuts.

How to stop it

The good news is that there are newer digital payments alternatives that can combat the growing threat from APP fraud. Pull payment systems like virtual account numbers (VANs) operate via a different method, so that the supplier initiates payment and not the buyer. That means fraudsters can’t insert themselves in the B2B payments process in the same way.

To find out more, read Optal’s new report: Pushing Back on Payments Fraud

Contact details:

Bradley Eccleshare
Chief Marketing Officer

M +44 0 7525 929198
T +44 0 20 3892 4928

About Optal Ltd

Optal is re-inventing how payment processes work across complex industries. By stripping payment processes of their customary inefficiency, Optal helps companies boost profitability across a growing number of sectors around the world.

Optal issues Mastercard branded payment products, driving its focus on developing and bringing to market, game-changing payment solutions. Optal’s working capital solution, Invapay, turns underutilised credit lines into a dynamic resource to manage cashflow.

“Invapay” and “Invapay solution” means Invapay Payment Solutions Limited, a private limited company in England and Wales, authorised and regulated as an Authorised Payment Institution by the Financial Conduct Authority under the Payment Services Regulations 2017 which is a wholly-owned subsidiary of Optal Limited.

Talk to us to discover how Optal can add value to your organisation.

General Enquiries: +44 (0)2038 924 928
Invapay Technical Support: +44 (0)3308 387 490

View our offices

Sign up:

Subscribe to receive the latest thinking, white papers and articles.
  • By pressing “subscribe”, you agree that Optal may collect your full name and email address so we can add you to our subscriber list to receive marketing material, newsletters or general information about the Optal group’s services. We will only use your information for the purposes set out in our Privacy Notice. If you wish to unsubscribe you can do so at any time by emailing us at or by clicking on the unsubscribe link at the end of any marketing email you receive from us.
  • This field is for validation purposes and should be left unchanged.