Blog article
See all stories »

Authorised Push Payments (APP) fraud is soon to become a £billion business

Since the surge in APP fraud reported by UK Finance in the first half of this year forty five million people received either a suspicious text, recorded message or phone call over the last 3 to 4 months.(i) An unknown communication is the start of the fraud cycle and the sheer size of the fraudsters’ activities suggest at least a doubling of UK Finance first half of 2021 record figure of £355 million. 

Given the size of the scammers increased activity since the end of June and with a slow, collective prevention progress being made against the scammers, it would be foreseeable the increases could be even higher. 

Presume that the increases stay as they are within 18 months the annual yearly fraud losses are likely to be £2.4 billion.  Victims will loose £1.7 billion with the banks losing £0.7 billion in reimbursements. Since 2019 and given the increased fraudulent activities through 2023, over 1,000,000 people could be be scammed. Being scammed causes intense financial and emotional stress to families.

Progress in the area of preventing fraud and a more consistent reimbursement policy is underway. The Payment System Regulator (PSR)(ii) has outlined the next steps for a wider implementation of Confirmation of Payee (CoP) and improvements to the voluntary CRM code. These steps are likely to be implemented in 2022. 

The PSR has also called for:

Social media firms to step up and make it difficult for fraudsters seek out victims by using their platforms – criminals pay for adverts that are untrue and investments that appear to be regulated 

Greater membership for the voluntary CRM code to reimburse more victims 

Prevent banking services offered to criminals by Payee account focus

CoP is working and now the coverage requires to be increased across the banks. 

A more widespread and consistent approach to reimbursement is needed. The average fraud case for a consumer is £3,000. As the cost of investigating a fraud is over £10,000, frauds of this size will be written off immediately unless there are mitigating circumstances. Each bank views who was to blame for the fraud loss and this ranges from under 10% to over 90% of the victims being reimbursed. On average once the APP fraud has occurred the chances of receiving compensation from the banks is less than half of the amount lost.

Technology allows the ‘outing of the fraud payee’ in sub-millisecond speed, millions of times per second, in a cloud infrastructure that adjusts automatically to changes in demand.  

The next steps are to ensure the people and companies are protected from scams, banks and their regulators have an agreed understanding and operating model to protect themselves and their clients with The Police and The Law provide protection from the serial fraudsters.

Hopefully the PSR recommendations will be activated quickly, offering greater protection against the scammers. Otherwise the momentum of APP fraud will continue. If this occurs the fraud figures and the number of victims above could double by 2023.








Comments: (4)

A Finextra member
A Finextra member 10 November, 2021, 11:50Be the first to give this comment the thumbs up 0 likes

John - thanks for this summary - the APP fraud has spiralled out of control. I do believe that the £1billion mark will be hit by Dec 31st. The only way to change the momentum is to mandate CoP.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 August, 2022, 12:23Be the first to give this comment the thumbs up 0 likes

I thought CoP has been mandatory and live for nearly 2 years in UK banks?

A Finextra member
A Finextra member 08 August, 2022, 13:14Be the first to give this comment the thumbs up 0 likes

Hi Keth - not yet. Top 6 banks were mandated and a few more followed taking the transaction coverage to c.92% but equally c.92% of banks in the ecosystem are not mandated. So its like walking into a room for a party and 92% are unvaccinated for COVID. The UK regulator has intervened again though, with a new Direction expected to be published by the PSR in the next 6 weeks that mandates the next set of 46 named banks, all Building Societies and c.400 banks that appear in the EISCD sort code directory. ThEy'll be more to do but this will st least put a layer of defence up against APP scams.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 August, 2022, 14:28Be the first to give this comment the thumbs up 0 likes

TY @Ed Adshead-Grant. 

IMO the role of Confirmation of Payee in preventing A2A RTP fraud / scam is exaggerated.

A typical scam is where Joe uses UPI / FPS / Zelle to buy something from Jane, and does not get what he ordered. The scam lies in the payee's motive and not her identity. As far as Joe is concerned, he is indeed paying the intended recipient. TBH, I don't see how CoP can prevent this scam. 

Keen to know of any ID-related scam that CoP can avert.

PS: I've heard a scenario where a scammer masquerades as a bank manager over a telephone call and asks the victim to transfer money. While CoP can prevent such a scam, TBH, I find that scenario to be contrived since, in my entire life, I've never ever got a call from any of my banks asking me to transfer money to it.

PPS: I'm aware of Business Email Compromise where Buyer needs to make a payment to Seller, Scammer spoofs the Seller's email address and inserts his own bank details in an email to the Buyer, who then makes the payment to the unintended recipient. CoP will help here but I'm not sure if BEC comes within the purview of APP Scam.

John Bertrand

John Bertrand


Tec 8 Limited

Member since

03 Apr 2020



Blog posts




This post is from a series of posts in the group:

Banking Strategy, Digital and Transformation

Latest thinking in respect to Banking Strategy, Digital and Transformation. Harnessing our collective wisdom to make banking better. Ambrish Parmar

See all

Now hiring