Privacy Virtual Cards
Spending Limits

Set a spending limit and Privacy will decline any transactions that go over the limit

Merchant-Locked Cards

Lock Privacy Cards to the first merchant they’re used at to prevent misuse if stolen

Single-Use Cards

Create Privacy Cards that close automatically after the first purchase is made on them

Pause/Close Cards

Pause or close your Privacy Cards at any time to block future transaction attempts

What Is Authorized Push Payment (APP) Fraud—Common Scams and Tips To Protect Yourself

Reviewed by
Apr 23, 2025
 • 
10
 Min Read
Protect Your Payments

While real-time payment systems keep evolving and offering unprecedented convenience and speed, they've also created a perfect opportunity for fraudsters. Authorized push payment (APP) fraud exploits these instant, often irreversible transactions by manipulating you into willingly transferring funds to criminals.

In 2023 alone, APP fraud cost U.S. consumers close to $2.16 billion, with over $865 million in losses occurring over real-time payments[1]. These numbers continue to rise as fraudsters develop increasingly sophisticated techniques to deceive victims.

This guide will explain how authorized push payment fraud works, the most common types of APP fraud, and how to keep your money safe online to help you spot the warning signs and protect your finances

Understanding Push vs. Pull Payments

There are two types of payment transactions—“push” and “pull” payments. Push payments are those where you (the payer) actively initiate the transfer of funds from your account to another party (for example, sending money to a friend or buying a movie ticket). You "push" money out of your account directly.

On the other hand, pull payments occur when you authorize a merchant (the payee) to "pull" funds from your account, and they “trigger” the transaction (for example, monthly subscriptions or electricity bills).

The key difference lies in the control you have. With push payments, you decide where and when the money moves—but once sent, transactions are often irreversible. This makes push payments a prime target for fraudsters using deception to manipulate victims.

What Is Authorized Push Payment (APP) Fraud?

A photo of a person in a white sweater with a smartwatch tapping a contactless card reader held by another person
Source: Ivan Samkov

Authorized push payment fraud happens when a fraudster tricks you into making a push payment to an account owned or controlled by them.

This type of fraud often begins with sophisticated social engineering tactics where fraudsters impersonate trusted entities such as government officials or reputable companies. Their goal is to create urgency—they might mention fake overdue invoices, account security threats, or financial emergencies—and convince you to make a payment quickly.

Unlike traditional payment fraud, where transactions are unauthorized (such as card-not-present (CNP) fraud or account takeover fraud), APP fraud involves legitimate transactions you’ve personally authorized—the fraudster doesn't need to hack your accounts or steal your cards.

What Are the Various Types of Authorized Push Payment Fraud?

Authorized push payment fraud is an umbrella term for various frauds and scams designed to manipulate or deceive you into sending money to criminals. Here are the most common authorized push payment fraud examples targeting consumers:

  1. Invoice and payment redirection scams
  2. Impersonation scams
  3. Romance and relationship scams
  4. Investment scams
  5. Online purchase scams
  6. Other APP scams

Invoice and Payment Redirection Scams

These scams involve fraudsters sending you fake invoices that appear legitimate or intercepting genuine ones and altering bank details. They often target regular payments such as invoices from your child’s school or monthly electricity bills.

Invoice scams can also target businesses. For example, a fraudster may pretend to be a legitimate contractor or supplier and send fabricated invoices with their bank account details. Once the invoice is paid, the money goes directly to the fraudster instead of the legitimate recipient.

Impersonation Scams

Impersonation scams are one of the most financially damaging forms of authorized payment fraud, accounting for over $1.1 billion in losses in 2023[2]. In this scam, the scammer contacts you pretending to be your bank, service provider, government agency, or a legitimate company.

The fraudsters try to manipulate you by claiming your account has been compromised or that you need to make an immediate payment to avoid penalties or legal action. They’ll generally use official-looking emails, professional language, and spoofed phone numbers to convince you to transfer funds to a "safe account" they control.

Romance and Relationship Scams

An illustration showing a woman framed in a smartphone offering money to a masked man framed in another smartphone
Source: Mohamed_hassan

Unlike other APP scams that create urgency through fear or opportunity, relationship scams focus on deep personal connections as their primary tool of deception. This type of fraud relies heavily on emotional manipulation and can operate in various ways.

Romance scams, in particular, typically begin on dating apps or social media, where criminals spend weeks or months building emotional connections with you before requesting financial help, only to disappear once the payment is made.

The scam can also involve existing familial relations, where criminals pretend to be relatives in distress. For example, they might target unsuspecting parents with fake messages while pretending to be their child. The emotional manipulation can make these scams particularly devastating, with many victims too embarrassed to report the crime. Luckily, there are some common red flags that give it away, such as:

  • Refusal to video chat or meet in person
  • Sudden requests for money to cover medical bills or travel expenses
  • Elaborate stories about being overseas military personnel or doctors

Investment Scams

In these sophisticated schemes, the fraudster offers high returns on investments in cryptocurrencies[3], forex trading, or emerging markets with seemingly low risk. They create professional-looking websites and forged documentation to make everything seem legitimate.

Once you've made an initial investment, scammers typically show fabricated profits accumulating in your account to persuade you to invest increasingly larger sums. The true nature of the scam becomes apparent only when you attempt to withdraw your funds or profits. At this point, the fraudster becomes unreachable or demands additional "fees" to release your money.

Online Purchase Scams

Fraudsters may target online buyers by creating convincing marketplace listings or fake e-commerce stores that mimic legitimate retailers. These scams advertise high-demand goods—like electronics, designer items, or event tickets—at prices well below market value. After you pay to purchase a product, the seller disappears without delivering the goods, leaving you with no recourse to recover funds.

By purchasing from a fake store, you could also expose your sensitive information to criminals. When you enter your credit card information or bank details on a fraudulent website, scammers may sell your data on the dark web marketplaces or use your card information to commit other forms of fraud, such as triangulation fraud.

Other APP Scams

Besides the most common types of authorized push payment fraud discussed above, several other variants exist that target consumers through similar social engineering tactics. These are:

Fraud Type Explanation
Business email compromise (BEC) scams Criminals hack or spoof corporate email accounts to trick employees into wiring funds or changing payment details.
Property purchase fraud Fraudsters pose as legitimate contractors or intercept communications during real estate transactions to redirect large deposits or payments.
Lottery/sweepstakes scams Scammers tell you you've won a prize but must pay fees or taxes first to claim it.
Education scams Fraudsters promote fake scholarship opportunities or student loan forgiveness programs that require upfront payments.
Employment scams Scammers offer fake jobs and trick victims into transferring money for “training” or equipment purchases.
Debt collection scams Fraudsters pose as collectors, threatening legal action unless immediate payment is made.

Why APP Fraud Can Be Hard To Recover From

A photo showing a person with their hand in their hair working on a laptop at a desk with multiple notebooks and a smartphone
Source: energepic.com

Unlike traditional credit card fraud, where consumers enjoy strong protections, authorized push payment fraud victims often face uphill battles with banks. That’s because the Fair Credit Billing Act (FCBA)[5] and the Electronic Fund Transfer Act (EFTA)[6] provide robust protections for unauthorized credit and debit card transactions, but they generally don't do the same for authorized transfers, even when made through deception.

Another challenge is that fraudsters often exploit this protection gap by using instant payment systems (e.g., Zelle, wire transfers, or cryptocurrency) where payment and fraud protections are significantly weaker. Using such platforms also allows fraudsters to move funds offshore within hours. By the time you detect the scam, the money is untraceable or dissipated across multiple accounts.

In some countries, banks have implemented voluntary reimbursement programs for APP fraud victims. However, the U.S. currently lacks similar comprehensive protections for authorized push payment fraud claims[4].

If you fall victim to APP fraud, your best recourse is to report it immediately to your bank and file a report with the FBI's Internet Crime Complaint Center (IC3). It’s your responsibility to prove you were deceived, and this often requires extensive documentation (call logs, emails, etc.), lengthy investigation periods, potential credit score damage, and emotional toll.

How To Combat APP Fraud—Best Practices for Financial Protection

When it comes to APP fraud, prevention through vigilance and safer payment solutions is generally more effective than post-fraud recovery. You can significantly reduce your exposure by taking these proactive steps:

  • Watch out for common red flags—Be cautious of too-good-to-be-true deals, requests for personal information like passwords or addresses, unconventional payment channels, and slightly altered email addresses or website URLs.
  • Verify payment details through official channels—If a vendor, bank, or company representative asks for a suspicious payment, confirm the request by contacting the organization using their official phone number or website (not the one provided in the message).
  • Be cautious with urgent payment requests—Time pressure is a common tactic used by fraudsters to prevent you from thinking critically, so it’s recommended to give yourself time to thoroughly investigate unusual payment instructions.
  • Monitor your accounts regularly—It’s a good idea to regularly check for unusual activity on your bank account or credit/debit cards. You can also set up real-time transaction alerts to help you spot unauthorized transactions immediately.

These steps form a strong foundation against authorized payment fraud. However, tech-savvy scammers sometimes bypass even the most cautious verification methods.

To add an extra layer of protection against various forms of payment fraud, consider using virtual cards that act as stand-ins for your real payment cards for online transactions. If you choose a specialized virtual card provider like Privacy, you can also enjoy advanced spending controls, robust bank-grade security, and fraud protections.

How Privacy Virtual Cards Help Safeguard You From Fraudulent Transactions

When you link your bank account or debit card to it as a funding source, Privacy lets you generate unique and reusable 16-digit virtual card numbers with CVV codes and expiration dates. You can use these cards at most vendors that accept U.S. Visa® and Mastercard® payments. 

Privacy Virtual Cards can help protect you against payment fraud by:

  • Limiting exposure of your sensitive information by creating a separate payment channel that doesn't reveal your actual banking details
  • Allowing you to instantly pause or close your cards to stop further charges without affecting your primary account
  • Letting you set spending limits on your card and declining any transaction exceeding them to avoid hidden or unwanted charges (e.g., like in bait-and-switch scams)

As a BBB-accredited and PCI-DSS compliant company, Privacy employs comprehensive account and fraud protection features like:

Privacy Card Types

Privacy offers three types of virtual cards to suit different needs and preferences:

Card Type Features and Uses
Single-Use Cards Designed for one-off transactions, these cards become invalid shortly after the first transaction, making them useless to potential fraudsters. They're perfect for making purchases on new or unverified websites.
Merchant-Locked Cards These cards “lock” to the first merchant you use them with and can’t be used to complete transactions elsewhere, even if stolen. They’re ideal for recurring payments from one vendor, such as subscriptions or utility bills.
Category-Locked Cards These cards “lock” to a specific merchant category, such as retail or education, and Privacy declines transactions by merchants outside of the pre-defined category. These cards can aid in budgeting and spending control.

Privacy’s Convenience Features 

A photo showing a miniature shopping cart placed next to a MacBook and two gray payment cards on a pink surface
Source: Nataliya Vaitkevich

Privacy offers additional features to make the entire online shopping experience more convenient and seamless:

  • Privacy App—Available for iOS or Android, the mobile app allows you to create cards and manage and monitor your virtual card activity from anywhere.
  • Privacy Browser Extension—The browser extension lets you generate and access virtual cards directly from your browser for quicker checkouts. You can install the extension on most well-known browsers, including Chrome, Firefox, Edge, Safari, and Safari for iOS.
  • 1Password integration—With this integration, you can generate, access, and autofill your Privacy Card details within the 1Password browser extension.

Get Your First Privacy Card

To start using virtual cards, join Privacy by completing four simple steps:

  1. Access the signup page
  2. Enter the required KYC details to verify your identity
  3. Link your funding source (bank account or debit card)
  4. Request and generate your first virtual card

Privacy's Personal plan is free for domestic transactions and gives you access to 12 virtual cards a month, along with the Privacy Browser Extension and mobile app. The plan lets you generate Single-Use or Merchant-Locked Cards and access all card controls. If you want to unlock more cards or features, you can upgrade to one of three monthly plans:

Plan Price (per Month) New Virtual Cards (per Month) Features and Benefits
Plus $5 24
  • All Personal plan features

  • Category-Locked Cards

  • Card Notes

  • Card Sharing

  • Priority support and Live Chat (Mon–Fri, 9 a.m.–5 p.m. ET)

Pro $10 36
  • All Plus plan features

  • Zero fees on foreign transactions

  • 1% cashback on eligible purchases (totaling up to $4,500 per month)

Premium $25 60
  • Everything in Pro

References

[1] ACI Worldwide. https://www.aciworldwide.com/wp-content/uploads/2024/11/2024-Scamscope-Report-The-Battle-for-Trust.pdf, sourced April 3, 2025
[2] Federal Trade Commission. https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2024/04/impersonation-scams-not-what-they-used-be, sourced April 3, 2025
[3] U.S. Secret Service. https://www.secretservice.gov/investigations/investmentfraud-pigbutchering, sourced April 3, 2025
[4] Federal Reserve Bank of Atlanta. https://www.atlantafed.org/blogs/take-on-payments/2024/09/23/addressing-authorized-push-payment-fraud-in-us, sourced April 3, 2025
[5] Federal Trade Commission. https://www.govinfo.gov/content/pkg/GOVPUB-FT-PURL-LPS73998/pdf/GOVPUB-FT-PURL-LPS73998.pdf, sourced April 3, 2025
[6] Federal Reserve. https://www.federalreserve.gov/boarddocs/caletters/2008/0807/08-07_attachment.pdf, sourced April 3, 2025

Privacy — Seamless & Secure Online Card Payments
Sign Up