The UK Finance Annual Fraud Report reveals that criminals stole £1.28bn through payment fraud in 2025, a 4% increase on the previous year. Authorised push payment (APP) fraud losses rose even more sharply, up 19% to £576.4m, with 248,070 cases recorded.
The figures land just ahead of an independent review of the Payment System Regulator’s (PSR) mandatory reimbursement regime. Viewed in isolation, recent PSR figures paint a positive picture, with high reimbursement rates and low consumer caution rejections.
The PSR reported that 89% of in-scope APP fraud was reimbursed in the first 15 months of the new rules. But reimbursement is not the same as prevention. If APP losses are still rising, then criminals are continuing to profit.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
The UK, alongside Australia, is widely cited as one of the countries taking the strongest action on scams. But Australia has begun to pull ahead through real-time intelligence sharing, and its upcoming Scams Prevention Framework (SPF) looks to shift the emphasis from post-loss reimbursement to pre-payment prevention, and mandate shared accountability across banks, technology platforms and telecoms.
Reimbursement protects victims, but it does not stop criminals
Mandatory reimbursement was introduced to protect consumers, but one of its central policy aims was also to incentivise banks and payment firms to prevent fraud in the first place. The equal split of liability between sending and receiving institutions highlights that both sides of a transaction have a role in stopping criminal activity.
Yet fraud remains heavily concentrated among a relatively small group of institutions receiving criminal funds. Non-directed payment service providers account for 34% of APP fraud losses while handling only 19% of payment value, and 48% of fraudulent transactions while processing just 10% of total payment volumes.
This is important because receiving accounts are often part of coordinated money mule networks designed to disperse and launder criminal proceeds at speed. Criminals naturally gravitate towards institutions and account types that allow funds to move quickly and have weaker controls.
As long as criminals can move and launder stolen funds, scams remain profitable. Prevention must therefore focus not only on the customer being manipulated, but also on the destination of the money.
Australia shows what prevention can look like
The UK has made important progress through reimbursement rules, Confirmation of Payee, the Online Safety Act and the new three-year Fraud Strategy. But Australia is moving towards a more comprehensive prevention framework that recognises scams are not solely a banking problem.
Australia’s SPF is expected to impose stronger obligations across financial institutions, technology platforms and telecoms providers. It recognises that scam journeys rarely begin in a banking app, often starting online or through a message or phone call. By the time a victim reaches the payment screen, they may already have been groomed for days, weeks or months.
Banks must identify high-risk transactions before funds leave the system. Technology platforms must improve user verification, advertiser checks and the detection of fraudulent activity. Telecoms providers must address high-risk traffic linked to scam calls and messages. Regulators must ensure accountability is distributed across the full journey, not concentrated at the final payment stage.
The overriding principle is that every organisation with visibility of scam activity should have a responsibility to act.
From collaboration to real-time interdiction
Real-time fraud prevention also depends on banks being able to share intelligence about receiving accounts before funds move.
Australia’s largest banks helped create the world’s first interbank, real-time fraud intelligence-sharing network, allowing participants to assess the risk of the receiving account before money is transferred. Through this collaborative approach, participating institutions successfully identified more than A$60m in attempted fraud payments within just three months.
One participating bank, National Australia Bank, prompted customers to abandon nearly A$50m in suspicious payments within two months and identified thousands of potential money mules.
The value lies in bringing payee-side intelligence into the decisioning process, so banks can identify mule accounts and scam infrastructure before the payment is completed.
The lesson for the UK is that we need a shift towards prevention before payment, intelligence sharing before loss, and disruption of mule networks before criminal proceeds disappear.
Stopping the money before it moves
The UK must be more ambitious in tackling scams.
First, the UK should make real-time receiving-account risk a core part of scam prevention. Banks need to know whether the beneficiary account shows signs of mule activity, account takeover, rapid beneficiary rotation, device sharing, guided activity or coordinated fraud.
Second, the UK must establish real-time intelligence flows from technology platforms to financial institutions to stop fraud before payment occurs. This gives banks visibility of scam campaigns, fake advertiser networks and coordinated fraud activity, empowering organisations to identify risk and intervene in transactions before losses occur, armed with intelligence that only upstream platforms can provide.
Third, accountability must extend to technology platforms and telecoms providers. Banks are too often the last line of defence against scams that originated elsewhere. Organisations must face meaningful commercial consequences for failing to act on fraud intelligence, whether through direct platform liability, a notification-and-remove framework, or platform contributions to a shared prevention fund. Without stronger upstream accountability for fake adverts, impersonation, phishing, scam calls and messaging, banks will continue fighting fires started elsewhere.
Finally, ministers should measure a successful policy framework not by reimbursement rates, but by outcomes. High reimbursement rates are important for victim protection, but they should not be mistaken for victory. A successful regime should reduce scam losses, reduce mule activity, increase funds prevented from reaching criminals and improve cross-sector disruption through prevention, not just compensating losses after the fact.
The UK is a global leader in consumer protection. But ministers must now choose between using the PSR review to refine a compensation regime or as a springboard to chart a prevention-led course that Australia is already taking. This will be the difference between compensating fraud and actively disrupting it at source.
Jonathan Frost, Director of Global Advisory at BioCatch
