The escalating threat of authorised push payment fraud

by Dal Sahota, trusted payments director, LSEG Risk Intelligence

Share this post

APP fraud is rising fast in the UK; new rules, verification tech and 24/7 risk monitoring are key to shifting from reaction to prevention.

Our increasingly digital world delivers undeniable benefits for consumers and businesses alike—from enhanced speed and greater efficiency, to lower costs and 24/7 availability. The result? Digital channels are now the default choice for many individuals and organisations across the UK.

At the same time, however, opportunities for fraud are surging. In particular, the rapid growth of cross-border disbursements and the lightning-fast speed of modern payment systems present opportunities for fraudsters to move funds across multiple accounts and jurisdictions quickly, leaving little time to identify, let alone block, fraudulent transactions.

One growing—and serious—threat is that of authorised push payment (APP) fraud, which involves criminals tricking victims into authorising payments. Also known as relationship and trust scams, or credit push fraud, APP scams can be very challenging to detect, because, unlike other forms of financial crime, the payment is authorised by the victim.

This is an evolving crisis, because sophisticated fraudsters are constantly innovating and are adept at using the latest technology to create convincing scams, from Business Email Compromise (BEC) to hyper-realistic deepfakes, which can mimic voices, faces and even writing styles. Moreover, these criminals often exploit human psychology by using trust or fear to trick, manipulate or confuse victims.

Rising UK risk—and a proactive response

APP fraud is surging, and is now one of the fastest-growing forms of financial crime in the UK. It is facilitated by a range of factors, including the increasing adoption of digital channels and mobile banking by consumers; the UK’s open banking environment; the evolution of high-speed payment rails, such as Faster Payments; and more.

 The good news is that, while the UK is highly exposed to this form of fraud, it is also highly proactive in tackling it, with measures in place that are already shifting the landscape. Some key developments include:

  • Mandatory 50/50 reimbursement: The Payment Systems Regulator (PSR) mandated a 50/50 reimbursement model for consumers in 2024. Sending and receiving banks will each cover 50% of the loss, up to a maximum of £85,000.
  • Expanded confirmation of payee (CoP): Although CoP technology was introduced in 2020 to alert bank users when the payee’s name and account details don’t match, the initiative was expanded to all PSPs handling Faster Payments and CHAPS in October 2024.
  • Verification of payee in the EU (Oct 2025): A similar measure will become mandatory across the Euro area from October 2025 under the Payment Services Regulation (PSR1), requiring banks to verify both account name and number during bank-to-bank payments. This development reflects a growing global consensus that name and account matching is a core safeguard against APP fraud.
  • Alignment with FATF recommendations: The June 2025 revisions to FATF (Financial Action Task Force) Recommendation 16 aim to enhance payment transparency as a safeguard against money laundering and terrorist financing. The updated standards require financial institutions to ensure accurate, complete, and standardised information and controls to ensure funds are transferred only to intended recipients and to strengthen trust in payment ecosystems.
  • New regulations: The Economic Crime and Corporate Transparency Act 2023 and the Payment Services (Amendment) Regulations 2024 have redefined compliance standards, and the new Failure to Prevent Fraud offence requires organisations to demonstrate effective anti-fraud measures for customers, employees and partners.

Fighting back: what can businesses do?

Dal Sahota, trusted payments director, LSEG Risk Intelligence

The answer lies in proactive prevention beyond simple compliance. A proactive approach puts businesses back in control, helps avoid successful fraud attempts, and is more effective than reacting to fraud once it has already happened.

The starting point is continuous fraud monitoring. Criminals are adept at exploiting always-on payment systems and therefore fraud monitoring needs to keep pace, especially where complex cross-border transactions are involved.

Assessing fraud risk is not a “one-and-done” exercise. Instead, businesses need to be monitoring for risk on a 24/7 basis – and across the customer lifecycle, which includes at the initial onboarding stage; during any change management events, such as account detail changes; and when any payments are made.

Advanced technology can be used to carry out real-time identity and bank account verification, which are both essential measures to help mitigate risk in modern, cross-border operations:

  • Identity verification ensures that a person or entity is who they claim to be. It often leverages a combination of documentation, biometrics and behavioural data.
  • Global account verification checks bank account details in real-time, so that payments are made to intended recipients without slowing the pace of business.

In addition, better collaboration between financial institutions, law enforcement, regulators and technology providers will, in turn, offer us better opportunities to move the dial on APP fraud.

The key takeaway is this: businesses need to take action against rising APP fraud now – and this starts with adopting an “always-on” mindset, one that shifts from reactive response to proactive prevention.

lseg_ri_lockup_blue_rgb
Article by LSEG Risk Intelligence

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.