Financial crime is on the rise around the world, with money laundering, identity theft, scams and fraud all becoming easier and cheaper to commit but more difficult to detect.
One type of fraud that has been at the forefront of this rise is Authorised Push Payment (APP) fraud.
In the UK, APP fraud accounted for over £450m in losses during 2023, with H1 2025 losses reaching £257.5m.
It has become a thorn in the side of the payments industry. Every time payment companies develop new technologies to help fight fraud, bad actors often find ways to use the same tools and innovations to scam people.
Another challenge that makes APP fraud particularly difficult to tackle is that it transcends the payments ecosystem. Addressing the issue requires banks, payment companies, social media platforms and telecommunications providers to work together, something that has proven easier said than done.
What is APP fraud?
The Payment Systems Regulator (PSR) defines it as “scams that happen when someone is tricked into sending money to a fraudster posing as a genuine payee.”
One of the oldest examples of this type of scam in the internet era is the famous “Nigerian Prince” email scam. Victims would receive an email from someone claiming to be a Nigerian Prince, who would ask for money in exchange for diamonds or a much larger sum of money that they supposedly could not access without help.
Once the person transferred the funds, the scammer would disappear with the money, never to be heard from again.
While the methods have changed, the foundations behind these scams are the same. Fraudsters use psychological manipulation and social engineering to convince victims to send funds, creating narratives around urgency, fear or opportunity to influence their decisions.
However, as technology has evolved, these scams have become more sophisticated and are no longer as easy to spot. New tools have given fraudsters the ability to create more convincing impersonations, automate conversations and target victims at a larger scale.
Some of the technologies being used by fraudsters include:
- Deepfake technology allows criminals to impersonate someone a victim knows, including using AI generated images, videos or voices to create convincing fake identities.
- Generative AI tools allow scammers to create convincing texts, emails and messages with perfect grammar and spelling. This means criminals can orchestrate scams in multiple languages.
- AI powered chatbots allow fraudsters to have realistic conversations around the clock, helping build trust with victims over extended periods before requesting money.
- AI website creation tools allow criminals to quickly create fake websites that replicate trusted brands.
All of these methods strengthen the element that separates APP fraud from many other types of financial crime. The victim authorises the payment rather than having the money stolen directly from their account.

/ Shutterstock.com
The most common APP scam tactics
There are several common situations people may find themselves in when they become the victim of APP fraud, though most are linked to investment, purchase, romance and impersonation scams.
A common purchase scam occurs after someone books a hotel or flight for a holiday. They are then approached by someone posing as the hotel or airline they are using.
Usually, the message requests that the customer verifies their booking or it will be cancelled. The message appears professional and any website link closely replicates the genuine one. The scammer will then ask for a payment or fee to confirm the booking.
Another common scam involves fraudsters pretending to be a family member requesting money. The text may start with “Hi Mum”, explaining they are using a friend’s phone because theirs is broken or lost before asking for money to pay for a taxi or another urgent expense.
Romance scams are another common tactic. Over several months, fraudsters build emotional connections with victims online, sometimes using deepfake images to convince them they are genuine.
Once trust has been established, they invent a medical emergency, travel crisis or another urgent situation and ask the victim to send money.
Why traditional fraud controls often fail
AI and other technologies are being used by banks and payment providers to combat financial crime, but APP fraud presents challenges that can make traditional fraud defences less effective.
Traditional fraud controls are often built around authentication, asking the question “is this the account holder?”
However, with APP fraud, the answer is usually yes. The issue is whether that person has been manipulated into making the payment.
Traditional controls struggle to differentiate between a legitimate transfer and one made under deception. There may be no unusual activity at the payment endpoint to trigger a warning, with the customer using their normal device, account and payment behaviour.
Another challenge is that many scams originate on social media. Traditional banking systems do not see the full customer journey or understand when someone moves from a social media platform into their banking app. This makes it difficult to identify the warning signs that appear before the transaction takes place.
Some banking apps have started to address this by recognising when customers are on a phone call while making payments, displaying warnings that the bank will not ask customers to transfer money during a call or reminding them to be cautious.
Finally, the speed of modern payments creates another challenge. Funds can move from one account to another almost instantly, leaving banks with a very limited window to identify suspicious activity and intervene before the money is moved again.
How banks and PSPs are fighting back
One way that the industry has responded to rising fraud levels is by ensuring victims are reimbursed. In 2024, the PSR introduced a reimbursement rule requiring sending and receiving firms to reimburse victims on a 50:50 basis within five days.
Claims are capped at £85,000, with any amount above this threshold referred to the Financial Ombudsman.
Many payment firms opposed the rule before it came into force, arguing it could encourage scams and make consumers less vigilant because they knew they would be reimbursed.
However, there have been positive signs so far. According to UK Finance, APP fraud claims totalled around 46,000 during the first three months of the rules, lower than the average of 56,000 seen during comparable periods in 2023.
The reimbursement rules have often been compared to stopping fraud at the bottom of the waterfall. Increasingly, the industry’s attention is turning to the top of the waterfall by targeting telecommunications companies and social media platforms where many scams begin.
Telecommunications companies are being encouraged to block fraudulent calls and strengthen protections against known scam numbers, while social media platforms are removing fake accounts and malicious adverts.
UK Finance has also called for technology and telecoms companies to contribute financially towards fraud prevention. For now, however, collaboration is largely focused on sharing intelligence and fraud patterns.
Due to the nature of APP fraud, consumer education remains one of the most important tools financial institutions have to help prevent scams before a payment is ever made.