APP fraud cost the UK £450 million in 2024. With scams starting online, debate grows on who should bear responsibility for prevention.
We think of fraud as a problem with our finances, and so we expect our financial service providers to protect us. If money is paid from a bank account, then surely the bank holds the responsibility? And legally it does; in a fraudulent account-to-account payment, both the sending and the receiving payment service providers share the liability in the UK, thanks to the Payment Systems Regulator (PSR) rules introduced in October last year.
Where scams begin
But where does a scam start? UK Finance reports suggest that 70% of scams begin online, with a further 16% coming through telecoms, and those started through telecoms tend to be higher value, so represent greater losses. So, if social media is often the first contact with the fraudster, shouldn’t we see this as the first opportunity for fraud protection?
The rise of authorised push payment fraud
While fraud takes many forms, one of the most pressing threats today is Authorised Push Payment (APP) scams, where victims are tricked into approving payments themselves. This may be because the fraudster poses as a trusted contact, bank, or business, or through fake adverts and websites. Artificial intelligence has amplified the problem, generating convincing texts, adverts, and even deepfake audio or video to impersonate real people. Vishing (voice phishing) has increased by 79% compared to last year, and fraud-as-a-service providers now offer tools that can create synthetic media from just a photo or a few seconds of audio, making scams ever more persuasive.
This is expensive business; in 2024, this sort of fraud “APP” totalled £450 million in the UK alone. As consumers, we are protected to some degree; as long as we have not been negligent, we should get our money back – but we all end up footing the bill somewhere along the line. If banks are spending their budgets on refunding these attacks, there is less money available to spend on products and services, restricting growth and innovation. Customer fees will increase while interest on savings decreases, and at the heart of it, will we as consumers get a worse customer experience? Some friction is good, too much….
Prevention and reporting challenges
Because our payment service providers know they are fiscally responsible for refunding APP scams, we have seen various initiatives to prevent this sort of APP fraud from happening. There are campaigns to improve consumer awareness of fraud and financial crime, even for primary schoolers (never too young to start the financial education); bank staff have been trained to detect and intervene in scams; various intelligence sharing schemes have been established between law enforcement and financial institutions, such as the UK Finance Intelligence Unit, Vulnerable Victims Notification, and the Banking Protocol Rapid Response scheme.
We know that the same technology used to perpetuate fraud can also be used to detect it. Financial institutions employ artificial intelligence to analyse transactions and offer consumers tools like website checkers and document verification.
Overall, these fraud prevention strategies may be starting to work; APP actually decreased in 2024 compared with 2023. The value of scams has dropped by around 2% while the volume of scams is down by 20%. This is, of course, a good thing, but we can’t let our guard down. If there are fewer cases but the total value isn’t much less, that suggests that the average victim is losing more money each time they get scammed, so we need to remain vigilant.
It is important to note that fraud statistics only reflect reported cases. Although APP victims can reclaim their money, 71% never report incidents, often because they doubt recovery, find the process difficult, or feel embarrassed. Yet reporting is vital: it helps identify patterns, flag suspicious details, and trace organised networks through intelligence sharing schemes. Destigmatising the process and making it easier for victims to come forward – alongside greater cooperation from social networks and telecoms – would significantly strengthen fraud detection.
It is also important to note that as APP has reduced, remote purchase fraud is increasing. In this type of attack, criminals use stolen card details to make purchases. Sometimes they shop online, or even add the card to their own digital wallet to spend anywhere. The key to this theft is usually stealing a cardholder’s one-time passcode, sent by their bank over SMS, used to authorise a transaction or wallet. And the best way to steal this private information? Social media or telecoms.
Who should be responsible?
The UK has taken major steps to tackle fraud, appointing a Fraud Minister, naming fraud as illegal content under the Online Safety Act, and shifting scam reimbursement liability from the sending bank alone to both sending and receiving banks. These are important measures, but should responsibility extend further? If social networks, email providers, and telecoms companies were held accountable for content on their platforms, they would have stronger incentives to verify users and advertising, share information when scams are identified, and better protect vulnerable users. TV broadcasters are already liable for the adverts they show, with Ofcom able to issue fines. Applying a similar model online would be more complex given the scale of digital content, but AI could be used to help detect and remove fraudulent material.
It is exciting to see what other countries are doing to address this topic; Australia, for example, seeks to hold all parties accountable in a scam, including the customer, banks, payment providers, digital platforms and telcos. Their National Anti-Scam Centre aims to foster collaboration across sectors with a strong focus on fraud prevention, in contrast to the UK’s focus on post-event customer protection. With the EU Instant Payments Regulation driving increased volumes of instant payments, it would be expected that fraud threats targeting these payments will also increase, such as scams, and correspondingly, we may see a new fraud prevention strategy here, too.
It is clear that fraud is a global problem, and by collaborating and learning from each other, perhaps we can find a global solution.
