APP And Cyber Fraud: A Commercial Litigator's Perspective

Introduction

APP ("authorised push payment") fraud and related cyber frauds have featured heavily in the financial and mainstream press lately. These scams involve the victim being tricked into making an instant electronic payment to fraudsters instead of the intended recipient.

The industry has taken note, and a voluntary code for Payment Services Providers is currently under consultation. If it is adopted in 2019, it will provide for compensation for certain victims in certain circumstances. However it is unlikely to assist those who have already fallen victim, and it may not assist SMEs and larger businesses.

The average loss in APP scams in the first half of 2018 was around £10,000. Those cases do not get anywhere near the desk of the s higher, and losses ranging from £250k to several £m are increasingly common. In those cases the question of civil recovery against parties involved in the transaction can loom large.

While big money cases will justify expensive freezing and asset tracing exercises, in many cases this will be both prohibitively expensive, and too late; experience shows that when the money is gone, it moves fast, splits up and ripples quietly through the financial system. This article is concerned with other routes of civil recovery in cases where some initial investment may prove very worthwhile; not only in legal advice, but also specialist IT forensic investigation, to establish what has gone wrong and who might be to blame.

A Galaxy of Scams

In the most basic example of APP fraud, the victim simply asks his own bank to pay a fraudster instead of (say) for his ski holiday. Such cases will require regulatory and industry intervention because there is little room for litigation.

However, it is clear that fraudsters are targeting a greater array of transaction types to bag the biggest windfall gains. From more modest thefts of school fees and kitchen orders, they are seeking to divert substantial payments intended for property, currency and commodities to name a few. Importantly for the purposes of civil recovery, deep pocket defendants can become caught up in the fraud.

The methods of deception increasingly involve convincing "social engineering" (essentially confidence tricks and impersonation) combined with sophisticated manipulation of electronic communications, over a long period of time. It is common to see a victim talking to an impostor by email for weeks or months prior to payment.

The following examples are based loosely on cases I have come across. The expression "client" is used for convenience to refer to the potential claimant.

Example 1:

In this example a purchaser is tricked into paying cash to a fraudster instead of his solicitor. The solicitor might equally be an investment manager or broker looking to invest funds for the client. The common thread is the backdrop of a professional‐client relationship.

Example 2:

Here the fraudster has interposed himself in a transaction to convert the sale proceeds of a...