2 min read
Why APP fraud is so effective
In an authorised push payment scam, the criminal convinces you the payment is legitimate — an urgent supplier invoice, a “bank security” transfer or a CEO impersonation. Because you authorised it, the transaction looks normal to your bank and money moves instantly.
Defending against it
Build friction into payments: verify new payees on a known number, use dual authorisation for large transfers, and treat urgency as a warning sign. Reimbursement rules have tightened, but prevention beats recovery. Keeping a healthy cash buffer limits the operational hit if one gets through.
What it means for you
Credicorp lends to your company, not to you personally, and takes no personal guarantee. See business loans or apply online.
Frequently asked questions
Can I get APP fraud money back?
Sometimes, under reimbursement rules, but recovery is far from guaranteed because you authorised the payment. Prevention is the reliable defence.
What triggers most APP scams?
Urgency and a plausible story — a fake invoice, a spoofed boss or a “bank security” message. Verify independently before paying anything unexpected.
Related reading

What is invoice redirection fraud and how do I avoid it?
Invoice redirection fraud is when a scammer poses as a supplier and asks you to change their bank details,…
Read →
How do I reduce payment fraud in my business?
Dual authorisation, call-back verification of new payees, and clear limits on who can move money block most…
Read →
What is CEO fraud or business email compromise?
CEO fraud (business email compromise) is when a scammer impersonates a director to pressure staff into an…
Read →
A customer is disputing a large invoice and withholding payment — how do I cope with the cash gap?
A disputed invoice can freeze a large receipt for weeks; a short facility covers the gap so a single dispute…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.