UK APP Fraud Losses Rise 19% as Scam Cases Increase

UK losses from authorised push payment fraud increased sharply in 2025, as criminals used increasingly sophisticated social-engineering tactics to convince consumers and businesses to transfer money.

UK Finance reported that APP fraud losses reached £576.4 million, representing a 19% year-on-year increase.

The number of recorded APP fraud cases rose by 7% to 248,070.

The figures highlight the continuing challenge of preventing scams before payments are authorised, even as the UK operates mandatory reimbursement rules for many eligible victims.

What is authorised push payment fraud?

Authorised push payment, or APP fraud, occurs when a victim is manipulated into sending money to an account controlled by a criminal.

The payment is technically authorised by the account holder. This distinguishes APP fraud from unauthorised fraud, where a card or account is used without the customer’s permission.

Common forms of APP fraud include:

· Purchase scams involving goods that do not exist

· Investment scams promising false returns

· Romance scams

· Invoice and business-email compromise

· Bank and police impersonation scams

· Fraudulent “safe account” requests

Because the victim initiates the transfer, APP fraud is particularly difficult to stop using controls designed primarily for stolen cards or compromised account credentials.

APP fraud losses reached £576.4 million

UK Finance said APP fraud losses increased to £576.4 million in 2025, up 19% from the previous year.

Personal customers accounted for £500.8 million of these losses, while businesses accounted for £75.6 million.

The increase was not limited to one type of scam.

Investment fraud represented the largest share of APP losses, rising 40% to £221.5 million. The number of investment-fraud cases increased by 26% to 14,893.

Purchase scams accounted for 71% of all APP cases. Losses from purchase scams rose 20% to £118.1 million.

Romance-fraud losses increased by 23% to £39.2 million, while the number of cases rose by 22%.

Impersonation fraud declined during the year, with losses falling 12% and case numbers decreasing by 11%.

Overall UK payment fraud reached £1.28 billion

APP fraud formed part of a wider increase in UK payment fraud.

UK Finance said criminals stole a total of £1.28 billion through authorised and unauthorised fraud in 2025, up 4% year on year.

Unauthorised fraud losses declined by 5% to £703.4 million, although the number of reported unauthorised fraud cases rose by 11% to 3.81 million.

Remote purchase card fraud remained a significant problem. Losses increased by 3% to £423.5 million, while case numbers rose by 13% to 3.2 million.

Banks and payment providers also prevented approximately £1.68 billion in unauthorised fraud during the year, according to UK Finance.

The figures show that fraud risk is shifting rather than disappearing. Stronger controls in one area may lead criminals to place greater emphasis on social engineering and authorised transfers.

Online platforms remain a major source of scams

UK Finance found that 66% of APP fraud cases originated online, accounting for 32% of losses.

A further 17% of cases began through telecommunications channels. These cases represented 28% of APP losses and often involved higher-value scams.

Online channels can include social-media platforms, messaging services, search advertising, websites and online marketplaces.

Telecommunications channels include fraudulent calls and text messages used to impersonate banks, government agencies, delivery services or other trusted organisations.

The data has renewed calls for stronger fraud-prevention responsibilities outside the banking sector.

Banks can examine transaction patterns and payment behaviour, but they may only encounter the fraud at the final stage, after the victim has already been manipulated through another platform.

AI is making social engineering more sophisticated

UK Finance and Reuters both highlighted the increasing sophistication of social-engineering attacks.

Fraudsters can use AI-assisted tools to create more convincing advertisements, messages, documents and impersonation attempts.

These tools can make fraudulent communications appear more personalised and legitimate. They can also allow criminals to operate at greater scale.

AI does not change the basic mechanism of APP fraud. The criminal must still convince the victim to authorise a payment.

However, it can make it more difficult for customers and businesses to distinguish between legitimate and fraudulent communications.

This increases the importance of combining transaction monitoring with customer warnings, recipient verification, behavioural analysis and cross-sector intelligence sharing.

UK reimbursement rules remain under review

Mandatory APP fraud reimbursement rules took effect in the UK on 7 October 2024.

The rules generally apply to eligible payments made through Faster Payments and CHAPS within the UK. They cover consumers, micro-enterprises and certain charities, subject to specific conditions and exemptions.

The reimbursement limit is generally £85,000 per eligible claim.

UK Finance reported that banks reimbursed £354.3 million to APP fraud victims during 2025, equivalent to 61% of the APP losses included in its wider dataset.

The Payment Systems Regulator separately reported that 89% of in-scope APP fraud losses were reimbursed during the first 15 months of the new rules.

These percentages should not be treated as contradictory. UK Finance’s figures cover a broader range of payments and account types, including cases outside the scope of the mandatory reimbursement regime.

An independent review of the reimbursement framework is being conducted by Frontier Economics, with findings expected in early July.

Reimbursement does not replace fraud prevention

Reimbursement can reduce the financial impact on eligible victims, but it does not stop money from reaching criminal networks.

Once a fraudulent transfer is made, payment providers must identify the recipient account, attempt to freeze funds and recover the payment before the money is moved elsewhere.

Criminals frequently use networks of mule accounts to receive and redistribute stolen funds.

This means prevention requires action at several points:

· Where fraudulent advertisements are published

· Where victims are contacted

· When accounts are opened or taken over

· When unusual payments are initiated

· When recipient accounts receive suspicious funds

· When stolen funds are moved or withdrawn

The fraud cannot be addressed solely through reimbursement after the event.

Payment providers need stronger real-time controls

For banks and payment providers, APP fraud requires controls that go beyond conventional card-fraud detection.

Important capabilities include:

· Confirmation of Payee

· Recipient-account risk scoring

· Behavioural transaction monitoring

· Payment warnings tailored to the scam type

· Additional checks for unusual transfers

· Mule-account detection

· Cross-institution intelligence sharing

· Rapid payment-recovery workflows

Generic warnings may have limited impact if customers see them too frequently or do not understand why a payment is considered risky.

More targeted interventions can use the payment amount, recipient, transaction history and customer behaviour to identify when additional verification is appropriate.

However, fraud controls must also be designed carefully to avoid blocking legitimate payments or creating excessive friction.

Businesses also face APP fraud exposure

APP fraud is often discussed as a consumer issue, but businesses recorded £75.6 million in APP losses during 2025.

Companies can be targeted through invoice fraud, supplier impersonation, executive impersonation and compromised business-email accounts.

A criminal may alter payment details on an invoice or pose as a senior manager requesting an urgent transfer.

Businesses can reduce their exposure by introducing stronger payment controls, including:

· Independent verification of changed bank details

· Dual approval for high-value payments

· Limits on urgent or first-time transfers

· Role-based access to payment systems

· Monitoring for unusual beneficiary changes

· Staff training focused on real payment workflows

These controls are particularly important for businesses making frequent supplier, payroll or cross-border payments.

Fraud prevention is becoming a shared responsibility

The latest UK figures reinforce the view that APP fraud is an ecosystem-wide problem.

Banks and payment firms control the payment rails, but many scams begin through social media, online advertising, marketplaces, messaging services or telephone networks.

Effective prevention therefore requires coordination between:

· Banks and payment service providers

· Technology platforms

· Telecommunications companies

· Regulators

· Law-enforcement agencies

· Merchants and marketplaces

The increase in APP fraud losses does not by itself prove that the reimbursement rules caused fraud to rise.

The figures do show that reimbursing victims after a scam is not sufficient. Preventing fraudulent content, detecting manipulation and stopping suspicious recipient accounts remain central to reducing losses.