What can businesses learn from Software Circle’s APP fraud?
Software Circle plc has confirmed it was the target of an authorised push payment (APP) fraud, resulting in a £426,770 loss. The incident was disclosed in a regulatory news statement to the London Stock Exchange at 07:00 on 22 May 2025.
The company, which acquires and operates vertical market software businesses in the UK, stated the fraud occurred within one of its operating units. The fraudulent payment was made from the unit’s bank account and was identified shortly after the transaction.
Software Circle said it took immediate steps to alert both the bank and law enforcement authorities.
A specialist team within the bank is currently investigating the matter. The company has confirmed that the incident appears limited in scope, with no evidence of a wider breach of its systems or data.
The Board of Software Circle has initiated a full internal review. Measures being implemented include improved employee training, stricter multi-level verification for payments and enhanced fraud detection systems.
Despite the financial loss, Software Circle reports a strong financial position, with approximately £7.8 million in cash reserves. Business operations continue as normal.
Understanding the threat
Authorised push payment fraud remains a key concern for payment and finance teams.
According to UK Finance‘s Annual Fraud Report 2024, authorised push payment (APP) fraud losses totalled £459.7 million in 2023 . In the first half of 2024, APP fraud losses amounted to £213.7 million .
These attacks rely on social engineering to convince authorised individuals to transfer funds to criminal-controlled accounts.
In this case, the speed of detection and response may have helped contain broader risk. However, the initial success of the fraud underscores how vulnerable even experienced organisations can be to sophisticated deception.
Sector Response
Payment professionals are reminded of the importance of layered controls, including human-centred design in verification steps, and clear escalation paths for high-value transactions.
Training and awareness also remain critical, particularly in high-trust, fast-moving environments.
The Financial Conduct Authority continues to stress the importance of robust operational resilience and risk management frameworks. Incidents like this one may drive further scrutiny of internal payment protocols across the sector.
Effective from October 2024, the FCA, in collaboration with the Payment Systems Regulator (PSR), implemented a mandatory reimbursement requirement for APP fraud victims.
Under this scheme, payment service providers are obligated to reimburse victims of APP fraud for payments made via Faster Payments and CHAPS, up to a maximum of £85,000 per claim. The cost of reimbursement is shared equally between the sending and receiving PSPs.
Software Circle has stated it will provide more detail in its upcoming financial results for the year ending March 31, 2025. The company said it remains committed to strong governance and operational standards.
