You may have seen a recent news article regarding Kent Brushes, a long-established business and hairbrush supplier to the royal family, who lost £1.6 million in minutes after falling prey to authorised push payment fraud (‘APP’) in July 2023.
What is Authorised Push Payment Fraud (APP)?
APP relates to any fraud where a bank customer is scammed into making a transfer by instant payment and the funds have gone before the customer can stop it. In the Kent Brushes case, the fraudster convinced the financial controller that the company’s funds were at risk and was given access to the bank account. To date, none of the funds have been recovered or the fraudster identified.
You may think how can that happen? But, in the heat of being convinced that the business will lose all of its money, would you be thinking clearly? Maybe the staff were not aware of the threat of APP and didn’t realise how it could happen to them.
It is startling to note in 2021 the UK lost £583 million to APP and the threat is still growing. In many instances, it may take months to get any money back from the banks - if you ever get any. Sadly, there are few instances where the fraudsters get caught.
How could APP fraud impact your business?
For the business, management and employees, the impact of APP will almost certainly be considerable stress and disruption as you try to recover the funds from the banks involved, but we’ve seen examples where it could also involve:
Employees not being paid as the funds have gone
Suppliers demanding payment but you have lost the funds you need
Significant legal costs for trying to persuade the banks and the regulators to reimburse the business
In some instances, insolvency
How can you protect your business from APP fraud?
So how robust is your business to prevent it being caught by APP? Ask yourself the following questions:
The fraudster may pretend to be from your bank and need your password and/or internet banking login details. Do your staff know that a genuine bank employee would never ask for these details?
The fraudster may contact you purporting to be from a supplier and advising that their bank details have changed. Do your staff know that they should check this with the supplier by phoning them on a number they know is associated with the supplier and, better still, the conversation being between a member of your staff and someone senior at the supplier who already know each other?
The fraudster may be emailing you on an email address that is very similar to the supplier’s. Do your staff know how to identify a fake email address or to check that the email address is the correct one you have on file?
Do you keep a record of the contact details and a key contact name who your staff can speak to if they are being asked to make changes to the supplier details on your system?
If you are unable to answer ‘yes’ to any of the above then you need to review your procurement policies and procedures to ensure your staff have the tools to prevent you falling victim to APP or other scams.
As ever, the moral of the story is always prevention is better than cure. At Armstrong Watson we can help by reviewing your existing policies and procedures and assisting you to develop robust anti-fraud measures.
If you would like to discuss any of the issues raised in this article, or would like help reviewing your existing policies, procedures or anti-fraud measures, please don't hesitate to contact us at help@armstrongwatson.co.uk.
