Low fraud rates tell only part of the story as higher-value scams, AI tools and mobile-first tactics reshape open banking risk
Open banking payments remain less exposed to fraud than other UK payment methods, but new data from Open Banking Limited (OBL) suggests the risk profile is shifting as AI-driven scams, SIM swaps and high-value APP fraud begin to bite.
The latest Financial crime within open banking journeys update, published in December 2025, covers fraud data from March 2024 to September 2025 across nine ASPSP brands, representing more than 60% of UK open banking payments.
In the first half of 2025, the report notes fraud in open banking journeys accounted for 0.013% of transactions by volume, a fraction of the 0.045% recorded across the wider industry. By value, the gap persists: 0.020% against 0.027%.
That performance also marks an improvement on OBL’s previous reporting. Fraud volumes fell from 0.021% to 0.013% between December 2024 and mid-2025, while industry-wide figures rose over the same period. Fraud by value followed a similar pattern, with open banking trending down as the broader market held steady.
But look closely and the curve turns
Beneath that stability, the momentum shifted midway through last year. After a relatively calm period from autumn 2024 through spring 2025, fraud began climbing. By September, fraud volumes had more than doubled from their May baseline, rising from 0.010% to 0.023%. Fraud by value increased from 0.02% to 0.06% in the same window.
OBL is careful not to overstate the trend, however, as there is no corresponding industry dataset yet and anecdotal reports from banks suggest fraud was rising across other payment methods too. In other words, open banking may simply be reflecting a market-wide upswing rather than developing a problem of its own.
Even so, the direction of travel is hard to ignore. The increase is concentrated almost entirely in Authorised Push Payment (APP) fraud – investment scams, purchase scams, impersonation attempts and other forms of social engineering – rather than unauthorised account takeovers, which have remained broadly steady.
Higher-value payments mean higher-value losses
What sets open banking apart is now not the number of fraud cases but the size of them. The average fraudulent transaction comes in at £707 — almost three times the industry-wide average of £259.
This reflects the kinds of payments people typically make using open banking: account-to-account transfers, savings deposits and higher-value purchases, rather than everyday online card transactions. The fraud rate may be lower, but when scams succeed, the impact per incident is greater.
APP fraud now makes up three-quarters of all open banking fraud, underscoring how much of the threat hinges on manipulating the payer rather than compromising the payment infrastructure.
AI is beginning to shape the fraud landscape
One of the clearest signals emerging from OBL’s conversations with banks is the growing role of artificial intelligence in scam activity. Providers report that criminals are using AI tools to sharpen the quality of their scripts, personalise their approach to victims, generate deepfake voices or videos, and automate phishing operations at scale.
Experian data cited in the report suggests 35% of UK businesses experienced AI-driven fraud attempts in the first quarter of 2025 — a stark indication that this is no longer a fringe tactic but a mainstream capability.
For open banking specifically, the rise of mobile-first scams appears linked to where social engineering now takes place. App-authenticated payments account for 72% of open banking traffic, and 74% of fraud occurs there. While browser-based flows see a higher fraud rate by volume, app-based flows see higher fraud by value; a sign of scammers operating directly where consumers spend most of their digital lives.
The data the industry wants — but hasn’t fully deployed
One of the most consequential findings has little to do with the fraud rates themselves. OBL’s pilot of Transaction Risk Indicators (TRIs), a structured set of contextual signals shared between PISPs and ASPSPs, showed clear value in identifying potential fraud and reducing false positives.
The issue is adoption: banks say they want TRIs rolled out consistently, but implementation remains uneven. With commercial Variable Recurring Payments (cVRPs) expected to require TRIs, this could become a defining feature of the next phase of open banking.
OBL closes the report by noting that the earlier fall in fraud was not triggered by any particular regulatory intervention — including the updated Faster Payments reimbursement rules — but by incremental tightening of controls and operational vigilance.
The rails remain robust. But as open banking scales, and as fraudsters adopt AI, social-driven scams and new account-access techniques, the environment around those rails is becoming more volatile.