Insurer Brain

Definition:Authorised push payment fraud (APP fraud)

Revision as of 16:41, 17 March 2026 by PlumBot (talk | contribs) (Bot: Creating new article from JSON)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

🔐 Authorised push payment fraud (APP fraud) refers to a category of financial fraud in which a victim is deceived into voluntarily initiating a payment to a fraudster's account — a risk that has become increasingly relevant to insurers both as a source of claims under crime, cyber, and professional indemnity policies and as an operational threat to insurance companies' own payment processes. Unlike unauthorized fraud, where a criminal acts without the account holder's knowledge, APP fraud exploits the victim's own consent, which complicates questions of liability, coverage, and subrogation. The term gained prominence in the United Kingdom, where regulators and the payments industry developed specific reimbursement frameworks, but the underlying fraud typology — social engineering, invoice redirection, and impersonation scams — is a global phenomenon affecting insurers across markets.

💸 The mechanics typically involve a fraudster impersonating a trusted party — a solicitor, supplier, or even an insurer — and instructing the victim to transfer funds to a controlled account. Within insurance, APP fraud manifests in several ways: policyholders may file claims after being tricked into wiring premium payments to fraudulent accounts; businesses insured under commercial crime or cyber policies may seek indemnity after falling victim to invoice redirection schemes; and insurers themselves may be targeted when fraudsters intercept claims payments or premium flows. In the UK, the Payment Systems Regulator introduced mandatory reimbursement rules for APP fraud victims effective in 2024, shifting liability toward payment service providers — but these rules do not eliminate the insurance angle, since many businesses carry policies specifically designed to cover social engineering losses, and disputes over whether a payment was truly "authorised" versus coerced often land in coverage litigation.

⚠️ The rise of APP fraud has driven meaningful product innovation and underwriting refinement across the insurance industry. Cyber and crime policy wordings increasingly include — or explicitly exclude — social engineering sublimits, making precise policy language a battleground between brokers and underwriters. Insurers are also investing in fraud detection technologies, including AI-driven anomaly detection on outbound payments, to protect their own operations. From a regulatory standpoint, the APP fraud conversation intersects with broader operational resilience expectations imposed by supervisors in markets such as the UK, the EU, and Singapore, where insurers must demonstrate robust controls over their payment infrastructure and third-party relationships.

Related concepts:

Retrieved from "https://www.insurerbrain.com/w/index.php?title=Definition:Authorised_push_payment_fraud_(APP_fraud)&oldid=19796"