Request access
RankShield Network · Financial

Authorized push payment fraudthe victim approves it themselves.RankShield Financial is a verifiable, pre-settlement payment platform built for authorized push payment fraud — scams where a person is manipulated into approving a real transfer. It verifies the intent and the approver, then holds the payment before it settles on an irreversible rail.

intent-signedliveness-boundheld before settlement
RankShield Network · pre-settlement ledger
RTP $48,500 invoice · acct ••42anchored ✓
AGENT $1,200 ap_7f3 · vendoranchored ✓
WIRE $96,000 “CEO” call · livenessheld · deepfake
FEDNOW $7,310 payroll · acct ••08anchored ✓
USDC 500.00 0x9f…c1 → 0x2a…7eanchored ✓
AGENT $9,900 ap_1c8 · over-limitheld · authority
verified BEFORE settlementml-dsa-65 · anchored
01 // Authorization
The threat

What is authorized push payment fraud?

Authorized push payment fraud, or APP fraud, is a scam in which the victim is deceived into approving a real payment to an account the fraudster controls. Unlike account takeover, there is no stolen password and no unauthorized login — the payer pushes the money out on their own instruction, believing it is legitimate. A cloned executive demands an urgent wire; a spoofed supplier sends new bank details; a fake official warns of a frozen account. Because the transfer is genuinely authorized, conventional fraud controls that look for intrusions see nothing wrong. The attack targets the human decision, not the credential. That is why APP fraud prevention has to work at the level of intent — what the payment is actually meant to do and whether the person approving it is real — rather than at the level of login security. The signed instruction looks correct; the belief behind it is the vulnerability.

How cloned-executive wire scams work
02 // Irreversibility
Structural finality

Why is APP fraud structurally irreversible?

APP fraud is irreversible because the money leaves on the payer’s own authorized instruction, so there is no chargeback right the way a card payment has one. A push payment is a completed, consented transfer the moment it clears. Fraudsters exploit this by moving the funds on through mule accounts or cashing out within minutes, so even a fast report often arrives after the destination account is empty. Recovery then depends on the receiving institution’s goodwill and speed, not on any built-in reversal. This is the opposite of the card model, where an issuer can claw funds back weeks later. On a push rail the decision to allow the payment is effectively the decision to make it final, which is exactly why the only reliable intervention point is before release.

The supplier-swap scam

A vendor’s bank details are quietly changed

Accounts payable receives an emailed update to a long-standing supplier’s account number. The invoice is real, the relationship is real, only the destination is the fraudster’s. The payment is approved and pushed.

RankShield: the canonical intent binds payee to the verified counterparty; a changed destination breaks the match and the intent is held before release.
The mule cash-out

Funds vanish through layered accounts

Minutes after settlement the money is split and forwarded across several accounts, then withdrawn. The victim reports the scam an hour later. The destination account is already empty.

RankShield: pre-settlement hold stops the transfer before it ever reaches the first mule account — there is nothing downstream to trace.
03 // Instant rails
Why now

Why do instant rails make APP fraud final in seconds?

Instant rails make APP fraud final in seconds because they are designed for irrevocable, real-time settlement. RTP and FedNow are ISO 20022 instant-payment schemes that clear and settle within seconds, with no reversal built into the flow. Stablecoin and on-chain transfers settle on-chain with the same finality. The very features that make these rails valuable — speed and certainty — remove the delay that once gave fraud teams a window to intervene. A card dispute can unfold over weeks; an instant push clears before a human review queue even loads. So the protection has to move earlier, into the moment between approval and release, because after release there is no later stage at which a mistaken or manipulated payment can be undone.

Seconds
RTP and FedNow (ISO 20022 instant) settle with finality in seconds — no reversal in the flow.
On-chain
Stablecoin and EVM-style transfers settle irrevocably on-chain, cash-out often immediate.
No window
Instant finality removes the review delay card fraud teams once relied on to intervene.
04 // The scale
Directional estimate

How big is the APP fraud problem?

Deloitte estimates that US generative-AI-enabled fraud losses could rise from roughly 8.3 billion dollars in 2024 toward 14.9 billion dollars by a 2028 baseline. That is an attributed estimate and should be read as directional, not as a precise or guaranteed figure. What it captures is the trajectory: as cloning tools get cheaper and instant rails get faster, authorized push payment fraud scales in both volume and success rate. The point is not the exact number. The point is that a fraud category built on manipulating human authorization, running over rails that settle irrevocably in seconds, grows precisely where old post-settlement controls have the least ability to help.

~$8.3B
Deloitte estimate of US gen-AI-enabled fraud losses, 2024
~$14.9B
projected toward a 2028 baseline — directional, not a hard fact
Victim-approved
irreversible because the payer authorizes the transfer themselves
Attributed
a single-source Deloitte figure, cited as an estimate not a claim
05 // Liveness
The counter

How does deepfake liveness change the outcome?

Deepfake liveness changes the outcome by testing whether the human approving a payment is actually live and present, inside a channel RankShield controls. It issues a one-time challenge with an anti-replay nonce and captures the response directly; a detector returns a synthetic-likelihood verdict that must be cryptographically signed by an enrolled detector identity and bound 1:1 to the specific payment intent. A recorded or re-submitted clip fails the nonce and is treated as synthetic. When the signed verdict crosses the hold threshold, the intent is held before release. Honestly, this works only inside the app’s own verified channel — never on a live carrier or FaceTime call, whose stream the operating system never hands to an app. Drag the meter to watch a held verdict flip to released as the score falls.

liveness verdict · signed detectordetector-signed
synthetic likelihood12 / 100
threshold: hold at ≥ 70
verdict · human · live
RELEASED — liveness confirmed, intent may settle

The verdict is cryptographically signed by an enrolled detector and bound 1:1 to this exact payment intent, so it can’t be forged or replayed. Liveness applies only inside the app’s own verified channel.

06 // Attestation
The binding

What does pre-settlement intent attestation actually verify?

Pre-settlement intent attestation verifies exactly what a payment is meant to do and proves who approved it, before the money moves. RankShield reduces each transaction to a canonical intent — payer, payee, amount, purpose — signs it with composite ML-DSA-65 under NIST FIPS 204 (hybrid with a classical signature, and crypto-agile so the algorithm can be rotated), verifies it, and seals it to a tamper-evident record. Because the signature is bound to that exact record, a fraudster cannot swap the payee or inflate the amount without breaking it. The signed liveness verdict rides on the same intent. The result is a checkable, evidence-grade answer to a single question at the only moment it matters: should this specific payment be released, or held?

Canonical intent

payer · payee · amount · purpose

Each payment is reduced to one canonical record. Change any field and the signature no longer verifies, so the payee and amount cannot be silently swapped.

Quantum-safe signing

ml-dsa-65 · fips 204

The intent is signed with composite ML-DSA-65, hybrid with a classical signature and crypto-agile — quantum-safe by construction, ready for harvest-now-decrypt-later exposure.

Liveness-bound

one intent only

The signed synthetic-likelihood verdict is bound 1:1 to the specific intent. Lift it onto another payment and the binding breaks.

Released or held

a decision, not an alert

The verdicts feed one pre-settlement decision — released, held, or denied — sealed to a tamper-evident record before the irreversible rail.

07 // Before vs after
The difference

Pre-settlement hold versus post-settlement scoring — what changes?

The difference is when the decision happens. Post-settlement scoring returns a risk number after the money has moved; pre-settlement verification returns a release-or-hold decision before it moves. On irreversible rails, only the second one can actually stop the loss.

PropertyPost-settlement scoringRankShield pre-settlement
TimingAfter the money has movedBefore the intent is released
OutputA risk score / alertA released / held / denied verdict
Approver checkBehavioral inferenceSigned liveness verdict, bound to the intent
EvidenceModel confidence, hard to auditSigned, sealed, tamper-evident record
On an irreversible railReports the lossHolds before finality

We are not aware of another platform that combines pre-settlement interception, deepfake liveness bound to the specific payment, agentic spend governance, and quantum-safe signing in one verifiable step. Some fraud tools do act before settlement; the distinction here is cryptographic intent attestation with identity binding, not merely acting early.

08 // Agentic
Autonomous payers

Can an AI agent commit APP fraud on your behalf?

Yes — an autonomous AI payment agent can be manipulated into pushing an authorized payment just as a human can. A prompt-injected agent tricked into paying a fraudster is, from the rail’s view, a fully authorized instruction. RankShield governs this with a signed agent constitution: a maximum per-transaction amount, a rolling aggregate cap over a window, allowed counterparties and purposes, an expiry, and a dead-man’s-switch heartbeat that refuses payments if the agent goes silent. Out-of-authority instructions are held before settlement, the same way a synthetic human approval is. The agent’s keys are post-quantum and crypto-agile, so the identity behind each approval stays verifiable.

Constitution
signed per-transaction and aggregate limits, allowed counterparties and purposes
Heartbeat
a silent agent’s payments are refused by the dead-man’s switch
Held
out-of-authority agent payments are held before the irreversible rail
Verifiable
agent keys are post-quantum and crypto-agile, identity stays checkable
09 // What to do
APP fraud prevention

How should an institution defend against APP fraud?

An institution should move its decisive control to before settlement, verify the approver rather than just the account, and keep verifiable evidence of every release-or-hold decision. Confirmation-of-payee checks and behavioral scoring still help, but on irreversible rails they need a pre-settlement gate behind them. RankShield adds that gate: it binds a signed liveness verdict and a canonical intent to each payment, returns a released, held, or denied decision before the rail settles, and seals the result to a tamper-evident record on the RankShield Network. It does not make an institution compliant by itself — it produces the evidence that supports fraud-monitoring obligations, including Nacha’s move toward earlier detection. The practical shift is from reconstructing losses afterward to preventing the release in the first place, with a checkable trail either way.

APP fraud on the RTP rail
Earlier
Nacha’s expanded rules push fraud detection toward pre-settlement verification.
Evidence
Signed, sealed release-or-hold decisions support fraud-monitoring obligations.
No custody
RankShield verifies intent; it never takes custody of funds or moves money.

See how the same pre-settlement gate applies on the two US instant rails: FedNow fraud prevention and RTP fraud prevention.

FAQ

Authorized push payment fraud — questions, answered.

What is authorized push payment fraud?
Authorized push payment fraud, or APP fraud, is a scam in which the victim is manipulated into approving a real payment to an account the fraudster controls. Because the payer authorizes the transfer themselves, the bank sees a properly approved instruction rather than an intrusion. That is what makes APP fraud structurally different from account takeover: there is no stolen credential and no unauthorized login to detect. The deception is aimed at the human decision, not the account.
Why is APP fraud so hard to reverse?
A push payment moves money out on the payer’s own instruction, so there is no chargeback right the way there is with a card. On instant rails like RTP and FedNow the transfer settles with finality in seconds and the funds are often moved on or cashed out before the victim realizes anything is wrong. By the time fraud is reported, the money has left the destination account. Recovery depends on goodwill and speed, not on a built-in reversal mechanism.
How does AI make authorized push payment fraud worse?
Generative AI lets an attacker clone a trusted voice or face convincingly enough to pass a quick human sanity check. A cloned executive, a spoofed supplier, or a fake relative can now sound and look real on demand, which raises both the volume and the success rate of APP scams. Deloitte estimates US generative-AI-enabled fraud losses could climb from roughly 8.3 billion dollars in 2024 toward 14.9 billion dollars by 2028 — a directional estimate, not a hard figure, but one that points in a clear direction.
Can technology stop a payment the victim already authorized?
Yes, if the check happens before settlement. RankShield reduces each payment to a canonical intent — payer, payee, amount, purpose — verifies a signed liveness verdict and the approver’s authority, and then either releases or holds it. When the approval is synthetic, replayed, or out of authority, the intent is held before it reaches the irreversible rail. That intervenes at the one moment the transfer is still reversible, rather than reporting the loss after the money is gone.
Does RankShield analyze the scam phone call itself?
No, and any vendor claiming to analyze a live carrier or FaceTime call is overreaching. The operating system does not hand call audio or video to third-party apps, so no software can inspect that stream. RankShield performs liveness only inside its own verified channel — a challenge it issues and captures directly, where it controls the media path. That is an honest boundary. The value is that the payment approval must pass through a channel RankShield can actually verify.
What is intent attestation in the context of APP fraud?
Intent attestation is a signed, tamper-evident record of exactly what a payment was meant to do: who pays, who receives, how much, and why. RankShield signs that canonical intent with composite ML-DSA-65 (NIST FIPS 204), verifies it, and seals it before settlement. Because the record is bound to the specific transaction, a fraudster cannot swap the payee or amount without breaking the signature. The attestation is the evidence that a payment was, or was not, genuinely approved.
How does this help banks and fintechs meet fraud rules?
RankShield produces verifiable, pre-settlement evidence — signed intents, liveness verdicts, and release-or-hold decisions — sealed to a tamper-evident record. It does not make an institution compliant on its own, but it generates evidence that supports fraud-monitoring obligations, including the direction of Nacha’s expanded rules pushing detection earlier in the flow. Teams keep a checkable trail of why each payment was released or held, rather than reconstructing decisions after a loss.
Is RankShield a bank, wallet, or payment processor?
No. RankShield Financial is a verification layer, not a custodian. It never takes custody of funds and does not move money itself. It verifies the intent of a payment and returns a released, held, or denied verdict before the transaction settles on the underlying rail. The rail still moves the money; RankShield decides whether the payment should be allowed to proceed based on cryptographic evidence of who approved it and whether that approval was genuine.
Verify, then settle

See your payments verified before they settle.

RankShield Financial is rolling out with design partners on instant and tokenized rails. Request access and we’ll map it to your settlement flow.

Request accessHow it works