Authorised Push Payment (APP) fraud occurs when a fraudster tricks you into willingly sending money to their account. Unlike unauthorised fraud, you initiate the transaction yourself—often after pressure, impersonation, or manipulation—so recovering funds can be more complex.
Common APP fraud scenarios:
| Scenario | Example |
|---|---|
| Invoice redirection | Fraudster intercepts a supplier invoice and alters the bank details. |
| CEO impersonation | Urgent email apparently from your CFO demanding immediate payment to a "new" account. |
| Investment scam | Fake adviser promises high returns and directs you to transfer funds quickly. |
| Romance/relationship | Long‑distance partner requests funds for an "emergency." |
| Courier imposter | Caller claims to be your bank and asks you to move money to a "safe" account. |
- • Real‑time beneficiary checks – IBAN/SWIFT validation and anomaly scoring.
- • Payment journey warnings – Confirmation prompts flagging new beneficiary risk.
- • Transaction monitoring – Behavioural analytics trigger manual review on unusual patterns or high‑risk destinations.
- • Callback verification – For first‑time or high‑value requests (≥ £50k) our Treasury desk verifies via registered phone number.
- • 24 × 7 fraud response – Dedicated team to freeze, recall or trace funds if notified promptly.
- Verify beneficiary details – Phone your supplier using a known number (not email) before large or amended payments.
- Dual approval – Configure two‑person authorisation in your Unicorn Currencies dashboard for payments over internal thresholds.
- Educate staff – Train finance teams on phishing, spoofed emails, and social‑engineering red flags.
- Use payee reference diligence – Include invoice number & purpose; flag suspicious change requests.
- Enable 2FA – Mandatory for all users; revoke unused accounts immediately.
- Slow down – Fraudsters create urgency. Take time to validate.
- • Unsolicited request to change bank details.
- • Pressure to act immediately or confidentiality instructions.
- • Email domain almost—but not exactly—matching legitimate supplier (e.g., .co vs .com).
- • International bank account for a domestic supplier.
- • Spelling or tone inconsistencies in communications.
Print this checklist and keep it near finance desks.
- Stop – Do not make or confirm the payment.
- Contact us immediately – Email info@unicorncurrencies.com or call +44 020 8064 0818 (option 2 "Fraud"). Provide payment ID, amount, beneficiary name.
- Report to your bank – If funds left a separate bank, notify them to request a recall.
- File a police report – UK customers can use Action Fraud (0300 123 2040).
- Preserve evidence – Keep emails, invoices, phone numbers and transcripts.
We will attempt to trace and recover funds with our partnered service providers and correspondent banks. Recovery success depends on how quickly we are notified.
Unicorn Currencies follows UK Payment Services Regulations and relevant industry‑best practice. While we will pursue recovery, we are not automatically liable for APP losses because the payment is authorised by you. We assess each case individually and may, at our discretion, offer goodwill reimbursement or partial coverage if our controls failed.
- • Quarterly control testing & penetration simulations.
- • Participation in UK APP Fraud Contingent Reimbursement Model (CRM) Code consultations.
- • AI‑driven payment‑request scoring rollout (Q3 2025).
Unicorn Currencies Fraud Response Desk
Silverstream House, Fitzroy St, London W1T 6EB, UK
© 2022 Unicorn Currencies Ltd & Unicorn Currencies Limited – All rights reserved.