What Is Authorized Push Payment Fraud?
Most fraud protections are built around the idea that someone else moved the money without permission. A different, harder category flips that assumption entirely: the account holder authorizes the transfer themselves, fully believing it’s the right thing to do.
The short answer
Authorized push payment fraud happens when someone is deceived into willingly sending money to a fraudster, often by posing as a trusted party such as a bank representative, a government agency, a business, or even a family member. Because the account holder initiated and approved the transfer themselves, it isn’t treated the same way as an unauthorized transaction, which makes recovery considerably harder. The deception is the entire mechanism — there’s no hacking or stolen credential required for the fraud to work.
Why “authorized” changes everything
Traditional fraud protections, including many liability rules around unauthorized card or account use, hinge on the transaction happening without the account holder’s permission. When someone logs into their own account and initiates a transfer of their own accord, even under false pretenses, the transaction is technically authorized. That distinction matters enormously for what happens next: a bank can often reverse a transaction it never should have processed, but reversing a transaction the customer approved and sent to a real, waiting recipient account is a much harder, sometimes impossible, request. This is also why the payment method matters — a wire transfer or ACH payment is generally much harder to unwind once sent than a card transaction is to dispute.
Common setups fraudsters use
- Impersonating a bank’s fraud department. A call or message claims suspicious activity was detected and instructs the victim to “protect” their funds by moving them to a new account — which belongs to the fraudster. This pattern is explored in more depth in how impersonation scams operate.
- Posing as a familiar business or landlord. Fake invoices or altered payment instructions redirect a routine, expected payment to the wrong account.
- Urgent family emergencies. A message claiming to be from a relative in trouble pressures a quick transfer before there’s time to verify the story.
- Romance or relationship-based deception. A long-developed online relationship is used to justify repeated requests for money over time.
Why speed and secrecy are the common thread
Nearly every version of this fraud relies on urgency and isolation — a reason the transfer needs to happen right now, and a reason it shouldn’t be discussed with anyone else first, whether that’s framed as embarrassment, confidentiality, or simply time pressure. Genuine institutions rarely require a transfer to happen within minutes or ask that it be kept secret from a spouse, a bank branch, or another trusted person. That gap between the story and how legitimate processes actually work is often the clearest signal available in the moment.
Once the money has moved
Recovery options after an authorized transfer are limited and depend heavily on how quickly it’s reported. Some transfer types can be recalled if flagged almost immediately, before the receiving bank has released the funds, which is one more reason account alerts that surface activity right away matter even for authorized transactions. Reporting to both the sending bank and, where relevant, law enforcement, starts whatever recovery process exists, though outcomes vary widely and aren’t something any institution can promise in advance.
What to weigh
The core defense against this category of fraud isn’t technical — it’s a habit of pausing before an urgent, secretive money request, and independently verifying it through a separately known phone number or channel rather than one provided by the person making the request. Because authorization is what makes this fraud legally and practically different from a stolen card, that verification step happens before the transfer, not after.