PlumBot: Bot: Creating new article from JSON

2026-03-17T13:35:53Z

Bot: Creating new article from JSON

New page

📋 '''Authorised push payment fraud''' is a form of financial fraud in which a victim is deceived into voluntarily initiating a payment to a fraudster's account, and it has become one of the most significant and rapidly growing exposures addressed by the [[Definition:Insurance | insurance]] industry through products such as [[Definition:Crime insurance | crime insurance]], [[Definition:Cyber insurance | cyber insurance]], and [[Definition:Social engineering fraud | social engineering]] coverage extensions. Unlike unauthorized fraud — where a criminal gains access to an account without the account holder's knowledge — authorised push payment (APP) fraud exploits human trust and manipulation, meaning the payment instruction is technically legitimate even though the underlying intent is fraudulent. This distinction creates complex challenges for [[Definition:Insurance carrier | insurers]], [[Definition:Policyholder | policyholders]], and financial institutions regarding where liability falls and how [[Definition:Claims | claims]] should be adjudicated.

⚙️ APP fraud typically involves sophisticated [[Definition:Social engineering | social engineering]] tactics: a fraudster impersonates a trusted party — such as a supplier, solicitor, bank representative, or senior executive — and convinces the victim to transfer funds to an account the fraudster controls. In an insurance context, businesses may encounter invoice redirection fraud where a hacker compromises email systems and alters payment details on legitimate invoices, or CEO fraud where an employee receives an apparently urgent instruction from a senior leader to wire funds. [[Definition:Cyber insurance | Cyber insurance]] policies increasingly address these scenarios through [[Definition:Social engineering fraud | social engineering]] sublimits, though coverage terms vary significantly by [[Definition:Insurance carrier | carrier]] and jurisdiction. In the United Kingdom, the Payment Systems Regulator has mandated reimbursement obligations on banks for APP fraud victims, which in turn affects how banks and their insurers assess and price the risk. [[Definition:Claims | Claims]] handling for APP fraud losses requires careful investigation to confirm the social engineering mechanism and distinguish covered events from excluded scenarios such as voluntary, arms-length transactions.

💡 The insurance industry's response to APP fraud reflects a broader reckoning with how digital communication and real-time payment systems have expanded the attack surface for financial crime. Traditional [[Definition:Fidelity bond | fidelity]] and [[Definition:Crime insurance | crime]] policies were often drafted before these loss patterns emerged, leading to coverage disputes over whether a voluntarily initiated payment qualifies as a covered "loss" or falls outside policy intent. Carriers across markets including the UK, the US, and Australia have responded by developing specific [[Definition:Endorsement | endorsements]] and standalone products, while [[Definition:Underwriting | underwriters]] increasingly evaluate prospective insureds on their payment verification controls, employee training programs, and email security infrastructure. As payment systems accelerate globally and fraud techniques grow more convincing — aided by [[Definition:Artificial intelligence (AI) | artificial intelligence]] tools that can clone voices and generate realistic communications — APP fraud is likely to remain a major focus for [[Definition:Risk management | risk managers]], [[Definition:Insurance broker | brokers]], and product development teams in the insurance sector.

'''Related concepts:'''
{{Div col|colwidth=20em}}
* [[Definition:Cyber insurance]]
* [[Definition:Social engineering fraud]]
* [[Definition:Crime insurance]]
* [[Definition:Fidelity bond]]
* [[Definition:Fraud]]
* [[Definition:Business email compromise (BEC)]]
{{Div col end}}

Definition:Authorised push payment fraud - Revision history

PlumBot: Bot: Creating new article from JSON