Authorized Push Payment Fraud | XTN Cognitive Security


Defeat frauds resulting from Social Engineering Scams with user behavior analysis and a multi-layered approach.

Keep your digital business safe from Authorized Push Payment (APP) Fraud with XTN Cognitive Security®:

  1. Avoid Financial Loss
  2. Prevent Reputational Damage
  3. Prevent Regulatory & Legal Consequences
  4. Stop Operational Disruption

Market Overview

In the last year, there has been a significant increase in Social Engineering Scams attacks that focus on Authorized Push Payment (APP) Fraud. Criminals have become more sophisticated in their methods and are using various social engineering tactics to trick victims into divulging personal information that can then be used to facilitate fraudulent payments. This has led to a growing concern about the security of digital services and the need to protect against this type of threat. It is crucial for businesses to implement effective measures to prevent Authorized Push Payments fraud and ensure the safety of their digital services.

What is it?

Social Engineering Scams are a type of cyber attack that involves the use of psychological manipulation to trick individuals into divulging sensitive information, performing an action, or giving access to systems or data. These scams are designed to exploit the natural human tendency to trust others and to take advantage of the fact that people are often the weakest link in a security chain. Social Engineering Scams can take many forms, including phishing emails, phone calls, fake social media profiles, and fake websites.

Social Engineering Scams can be used as one of the tactics in perpetrating Authorized Push Payment Fraud, also known as Bank Transfer Scams, that involves tricking a victim into making a payment to a fraudster who has misrepresented themselves as a legitimate entity or individual. Real-time payments increase the risk of Authorized Push Payment Fraud because they allow for immediate transfer of funds, which can make it more difficult to detect and stop fraudulent transactions. 

How does it work?

Social Engineering Scams typically involve the following steps:

  1. Research
    The attacker first researches the victim to gather as much information as possible. This can include details about the victim’s personal and professional life, online activity, and the technology they use.
  2. Contact
    The attacker then makes contact with the victim using a fake identity or impersonating someone the victim trusts. This can be done through phone calls, emails, text messages, or social media messages.
  3. Build trust
    The attacker builds trust with the victim. This can involve pretending to be a friend, colleague, or authority figure, or offering something of value, such as a prize or job offer.
  4. Exploit vulnerabilities
    Once trust is established, the attacker exploits the victim’s psychological vulnerabilities, such as fear, curiosity, greed, or a desire to help. This can involve asking the victim to reveal sensitive information, click on a link or download a file that contains malware, or transfer money to a fake account. This is the step where the Authorized Push Payment Fraud occurs since the victim is convinced to transfer money to the fraudster’s account.
  5. Cover tracks
    After the attack is successful, the attacker covers their tracks to avoid detection. This can involve deleting evidence, disguising their location or identity, or using encryption to hide their activities.

The challenge

One of the main challenges in detecting Social Engineering Scams and related fraud is that they can be incredibly sophisticated and difficult to detect, as they often involve the use of tactics that are tailored to the victim’s specific psychological vulnerabilities. Once successful, these scams can have serious consequences, including financial loss, identity theft, and damage to personal and corporate reputations. 

XTN's multi-layered approach to APP Fraud detection

The XTN Cognitive Security Platform® is an advanced solution that can effectively prevent Authorized Push Payment Fraud resulting from Social Engineering tactics. This is accomplished through a multi-layered approach to analysis, ensuring a holistic view of fraudulent activity.

The Platform first considers the context and identifies the presence of dangerous applications in the Authorized Push Payment fraud scenario, such as remote control apps and RAT malware.

Secondly, the Platform monitors user behavior with the application, flagging any unusual activity that could indicate fraud. This helps to detect and prevent scams in real-time.

Finally, the Platform focuses on unfamiliar payment transactions that could be the result of fraudulent activity. This includes identifying unusual payees and amounts, which are strong indicators of Authorized Push Payment Fraud. By detecting these transactions, the Platform can quickly stop fraudulent activity and prevent financial loss.

Overall, the XTN Cognitive Security Platform® provides a comprehensive safety net to recognize and stop Authorized Push Payment Fraud resulting from social engineering scams. By doing so, it saves businesses from the operational costs associated with fraud, as well as the reputational damage that can result from such incidents.

The XTN Authorized Push Payment Fraud solution covers the following main areas of analysis:

Behavior during calls: we analyze the user’s behavior to determine if the user is interacting with the app while on a call.

Remote control app and RAT detection: we detect the presence of these malicious tools as an indicator, along with behavior during calls, of ongoing fraudulent activity.

Account takeover detection: we detect when a fraudster accesses the bank’s website while at the same time requesting the victim to perform authentication from their mobile device.


Business Risks

Consequences of Social Engineering Scams can impact a digital business by:

• Financial loss
• Reputational damage
• Regulatory and legal consequences
• Operational disruption


Have any question? We’d love to hear from you. 

Related Contents

Stop fraud, not customers!

Contact us today