PlumBot: Bot: Creating new article from JSON

2026-03-17T08:41:24Z

Bot: Creating new article from JSON

New page

🔐 '''Authorised push payment fraud (APP fraud)''' refers to a category of financial fraud in which a victim is deceived into voluntarily initiating a payment to a fraudster's account — a risk that has become increasingly relevant to insurers both as a source of [[Definition:Claims | claims]] under [[Definition:Crime insurance | crime]], [[Definition:Cyber insurance | cyber]], and [[Definition:Professional indemnity insurance | professional indemnity]] policies and as an operational threat to insurance companies' own payment processes. Unlike unauthorized fraud, where a criminal acts without the account holder's knowledge, APP fraud exploits the victim's own consent, which complicates questions of liability, coverage, and [[Definition:Subrogation | subrogation]]. The term gained prominence in the United Kingdom, where regulators and the payments industry developed specific reimbursement frameworks, but the underlying fraud typology — social engineering, invoice redirection, and impersonation scams — is a global phenomenon affecting insurers across markets.

💸 The mechanics typically involve a fraudster impersonating a trusted party — a solicitor, supplier, or even an insurer — and instructing the victim to transfer funds to a controlled account. Within insurance, APP fraud manifests in several ways: [[Definition:Policyholder | policyholders]] may file claims after being tricked into wiring [[Definition:Premium | premium]] payments to fraudulent accounts; businesses insured under [[Definition:Commercial crime insurance | commercial crime]] or cyber policies may seek indemnity after falling victim to invoice redirection schemes; and insurers themselves may be targeted when fraudsters intercept [[Definition:Claims payment | claims payments]] or premium flows. In the UK, the Payment Systems Regulator introduced mandatory reimbursement rules for APP fraud victims effective in 2024, shifting liability toward payment service providers — but these rules do not eliminate the insurance angle, since many businesses carry policies specifically designed to cover social engineering losses, and disputes over whether a payment was truly "authorised" versus coerced often land in [[Definition:Coverage litigation | coverage litigation]].

⚠️ The rise of APP fraud has driven meaningful product innovation and [[Definition:Underwriting | underwriting]] refinement across the insurance industry. [[Definition:Cyber insurance | Cyber]] and crime [[Definition:Insurance policy | policy]] wordings increasingly include — or explicitly exclude — social engineering sublimits, making precise policy language a battleground between [[Definition:Insurance broker | brokers]] and [[Definition:Underwriter | underwriters]]. Insurers are also investing in fraud detection technologies, including AI-driven anomaly detection on outbound payments, to protect their own operations. From a regulatory standpoint, the APP fraud conversation intersects with broader [[Definition:Operational resilience | operational resilience]] expectations imposed by supervisors in markets such as the UK, the EU, and Singapore, where insurers must demonstrate robust controls over their payment infrastructure and third-party relationships.

'''Related concepts:'''
{{Div col|colwidth=20em}}
* [[Definition:Cyber insurance]]
* [[Definition:Commercial crime insurance]]
* [[Definition:Social engineering fraud]]
* [[Definition:Professional indemnity insurance]]
* [[Definition:Operational resilience]]
* [[Definition:Fraud detection]]
{{Div col end}}

Definition:Authorised push payment fraud (APP fraud) - Revision history

PlumBot: Bot: Creating new article from JSON