APP Scams
Don’t take the bait.
What is an Authorised Push Payment Scam (APP Scam)?
An APP Scam is where a person uses a fraudulent or dishonest act or course of conduct to manipulate, deceive or persuade a victim into transferring funds from the victim’s account to an account not controlled by the victim, where:
- the recipient is not who the victim intended to pay; or
- the payment is not for the purpose the consumer intended.
What are examples of APP Scam?
- Impersonation Scams: Fraudsters pose as a bank employee, another trusted organisation, or a known contact in need.
- Invoice Scams: Scammers send fake invoices that appear legitimate, or provide new payment details for an outstanding invoice tricking you into making payments to fraudsters.
- Investment Scams: Fraudsters lure victims with the promise of high returns on investments and instruct them to transfer money to fake investment accounts.
- CEO Fraud: Fraudsters impersonate a company’s CEO or other senior executive to deceive employees into transferring company funds.
How to prevent APP scams
Before making a payment you should always take reasonable steps to verify that the account details you intend to pay are correct:
- Conduct verbal checks: Check the request verbally, using a trusted contact for the supplier held on file. Do not use a number included within the request as this can result in you speaking to the fraudster
- Be cautious: Treat any request asking for confidential information or instructing you to change payment details with extreme caution. Remember that even an apparently genuine email address may have been hacked
- Stay vigilant: Pay close attention to any warnings or questions raised as part of the process you follow when making a payment using any of our digital channels.
Remember - Barclays will never do any of the following:
- Ask you to make payments or move money to a ‘safe account’
- Call you and ask you to provide or enter your PIN or use your biometric device for any reason
- Take control of your computer, or call you unexpectedly and direct you to a website
APP Scam Reimbursement
On 7 October 2024, new UK-wide banking regulations about the way banks deal with victims of APP Scams will take effect.
Under the new regulations, eligible victims may claim reimbursement for payments made through an APP Scam. The account which the victim has transferred their funds from must be an account in the UK that can send or receive payments using the Faster Payments Scheme or Clearing House Automated Payment System (CHAPS).
The new regulations apply to victims who are:
- Individuals
- Micro-Enterprises – enterprises that employ fewer than ten people and have either an annual turnover or annual balance sheet total that does not exceed €2 million
- Charities – specifically charities whose annual income is less than £1 million.
The following scenarios would not be considered APP Scams under the new regulations:
- If the customer is party to the fraud or dishonesty
- Where the customer has not taken due care before authorising a payment.
- Any APP Scam that occurred before 7 October 2024
- Any APP Scam claim made more than 13 months after the final payment to the scammer
- Payments made to an account that is held outside of the UK
- Scam payments made using Bacs, cheques and/or cash
- Payment made to an account the victim controls
- Payments that are not authorised by the victim
- International Payments within the UK.
Please note that the maximum amount that can be refunded under the regulations is £85,000, and claims may be subject to an excess fee of up to £100 per claim.
What to do if you’re a victim of an APP Scam
- Act fast: Talk to us straight away - the sooner you let us know, the sooner we can investigate. It's important you let us know if you've been scammed, no matter how small the amount. To report an APP Scam, call us on 0330 156 0155.
- Submit an APP Scam Claim: You can submit a claim to Barclays by calling us on 0330 156 0155 and we will assess whether your claim is eligible for an APP Scam reimbursement. The latest you can make a claim is 13 months after the final payment to the scammer.
- Respond promptly: Barclays may request further information about the APP Scam during the investigation. Any further responses and information about the APP Scam should be provided promptly to increase the possibility of recovery and helps us track the criminals’ bank accounts.
- Report: If you live in England, Wales or Northern Ireland you must report the scam to Action Fraud^ – the police’s national fraud and cyber-crime reporting centre. Call 0300 123 2040 or file a report at actionfraud.police.uk. If you have not been able report the scam, you consent to Barclays contacting the police on your behalf. If you live in Scotland you should report directly to Police Scotland by calling 101.
Your next steps
Report fraud
To report any fraudulent activity, or attempts, contact Barclays Corporate fraud on 0330 156 0155* or if calling from overseas dial +44 1606 566208.
If you receive a suspicious email, send it as an attachment to - internetsecurity@barclays.co.uk and delete the email immediately.
Are you protected?
To keep yourself, and your organisation protected from criminals, ensure you keep up to date with our latest resources and advice.
Fraud and Scam Toolkit
-
1 https://ico.org.uk/for-organisations/sme-web-hub/frequently-asked-questions/data-storage-sharing-and-security/^
2 https://www.actionfraud.police.uk/^
3 https://www.actionfraud.police.uk/news/use-credit-reference-agencies-to-protect-yourself-from-fraud^
4 https://www.cshub.com/attacks/articles/the-biggest-data-breaches-and-leaks-of-2022^
5 https://www.ibm.com/reports/data-breach^
6 https://proprivacy.com/blog/latest-uk-cybersecurity-cybercrime-statistics-2020-2022^
7 https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html^
8 https://www.itgovernance.eu/blog/en/the-6-most-common-ways-data-breaches-occur^
9 https://www.comparitech.com/blog/vpn-privacy/what-is-keylogger/^
10 https://www.itgovernance.eu/blog/en/the-6-most-common-ways-data-breaches-occur^