A year after the UK’s mandatory reimbursement rules for authorised push-payment fraud came into force, we have reviewed the available data and spoken with fraud specialists across the industry to build a clear view of the current situation.
The picture that emerges is mixed. Victims now receive faster and more consistent treatment, yet the wider fraud landscape has not materially improved. The reforms have strengthened outcomes once a scam has occurred, but they have not reduced the scale or sophistication of attacks.
-1.png)
Mandatory reimbursement has introduced a level of predictability that did not exist under the voluntary arrangements. Most victims now receive redress within five days, and reimbursement rates have stabilised at around 88 per cent of stolen funds, with approximately £112 million returned so far.
Operational standards have risen across the market. PSPs now work to clearer expectations on evidence, documentation and case handling. A more uniform investigative process has encouraged earlier engagement between sending and receiving firms, making it easier to trace funds, particularly where criminals attempt to cycle money through multiple accounts or move them overseas.
Banks blocked around £860 million of attempted fraud in the first half of 2025, reflecting the benefit of more consistent controls and monitoring.
Despite these improvements, APP fraud continues to grow. It now accounts for 42 per cent of UK fraud losses, and average case values have risen by more than 20 per cent, with an increasing trend towards more complex, higher-value scams.
A fundamental problem is that most scams originate on digital platforms and social media. Banking and payment industry figures repeatedly express frustration at the lack of accountability and censure of the platforms where victims are targeted and groomed. Banks carry the operational and financial burden of remediation but have almost no influence over the environments generating the risk.
However, the sands are shifting. Recent discussions in the European Council and EU Parliament show a willingness to hold major digital platforms legally responsible when they fail to remove fraudulent content after being alerted to it. This would be a material step beyond existing frameworks and points to a future where responsibility for online fraud origination is more evenly distributed across the ecosystem.
The Online Safety Act may bring some additional pressure in the UK, but practical enforcement on the scale seen in financial services seems unlikely in the immediate future.
Fraud detection is also hampered by the absence of real-time, cross-sector intelligence sharing. PSPs see only the activity that occurs within their own estates, yet fraudsters move freely across institutions, platforms and jurisdictions. Without an industry-wide early-warning model, firms lack the visibility required to intervene earlier in the journey.
Lastly, coverage gaps give criminals loopholes to exploit. International payments, non-FPS and non-CHAPS flows, and many crypto transactions fall outside the reimbursement scheme. The £100 excess discourages some victims from reporting low-value cases, which allows criminals to test defences with small transactions before ramping up.
We now have a fairer and faster mechanism for supporting victims, but the underlying system that enables fraud to scale remains intact. Criminals continue to exploit gaps in intelligence sharing and the absence of shared accountability between banks, telecoms and digital platforms. Without a more prevention-focused, industry-wide operating model, fraud volumes will remain high.
For firms looking to reduce their exposure - not only to APP fraud but across the full range of fraud risks affecting both the organisation and its customers - there is clear value in developing a comprehensive fraud strategy across all channels.
Our Fraud Strategy Guide sets out how to build a framework, including the principles and capabilities needed to strengthen organisational resilience. We also work with organisations that want to develop a more rounded and effective fraud strategy, so if you would find it useful to discuss how you might approach this, please feel free to get in touch.
-1.png)