What is authorized push payment (APP) fraud, and how does it differ from traditional first- and third-party fraud?
A core Risk & Compliance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.
THE SHORT ANSWER
Traditional third-party fraud is an unauthorized transaction — a criminal uses stolen cards/credentials without the customer's involvement; first-party fraud is the customer themselves acting dishonestly (e.g., false chargeback claims, application fraud). APP fraud is different and growing: the genuine customer is tricked into authorizing the payment themselves — they're socially engineered (impersonation of a bank/official, purchase scams, romance/investment scams, invoice redirection) into pushing money to a fraudster's account. Because the customer authorized it, it bypasses traditional unauthorized-transaction controls and historically left victims with weak redress. The response shifted: real-time payment-scam detection (anomalous beneficiary, behavioral signals, Confirmation of Payee name-checking), customer warnings/friction at the point of payment, and in some jurisdictions mandatory reimbursement frameworks (e.g., UK rules requiring sending and receiving banks to share liability for reimbursing APP-scam victims). It matters because instant payments and social engineering made APP the dominant scam type, requiring controls aimed at the customer's decision moment rather than just blocking unauthorized access.
WHAT INTERVIEWERS LISTEN FOR
- ✓APP: genuine customer is tricked into authorizing the payment
- ✓Differs from unauthorized third-party fraud and dishonest first-party fraud
- ✓Bypasses unauthorized-transaction controls; weak historic redress
- ✓Response: scam detection, Confirmation of Payee, warnings, mandatory reimbursement rules
COMMON MISTAKES
- ✗Confusing APP with unauthorized third-party fraud
- ✗Thinking standard fraud controls catch it
- ✗Unaware of reimbursement/Confirmation-of-Payee responses
Reading isn't the same as answering under pressure.
Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.
RELATED QUESTIONS
- Explain sanctions screening.
- Explain the fraud triangle and how compliance programs use it.
- How would you design an AML transaction monitoring system?
- How would you tune an AML transaction-monitoring system that is generating an unmanageable volume of false-positive alerts?
- Why is identifying the ultimate beneficial owner (UBO) central to CDD, and how do you handle complex ownership structures?
- What is trade-based money laundering, and what red flags would you train transaction reviewers to spot?