A £460M Problem UK Banks Can No Longer Ignore

In a previous blog post, we explored the new rules tackling social engineering fraud in the UK and what they mean for banks. Now let's dig into the real pain these regulations address: Authorised Push Payment (APP) fraud – a growing crisis that's hitting UK banks hard and demanding immediate action.

UK bank customers are losing money at an alarming rate to scammers. In 2023 alone, people lost nearly £460 million to APP fraud. That's when someone tricks you into willingly sending them money.

Why should you care? Because as of October 2024, UK banks must reimburse most victims by default. If they can't stop these scams, they pay up. Let's break down what this means for everyone involved.

What Is APP Fraud, Really?

APP fraud happens when someone convinces you to send them money by pretending to be someone you trust.

The key part: you press the button to make the payment yourself. Your bank sees it as a legitimate transfer because technically, you authorised it. But you were deceived.

This is different from someone stealing your card details. With stolen cards, banks typically refund you right away because it's clearly unauthorised. With APP fraud, victims historically struggled to get their money back because they "approved" the payment. That's exactly why regulators stepped in.

How These Scams Actually Work

Scammers have gotten very good at tricking people. Here are the main tactics they use:

Bank Impersonation Scams

A scammer calls pretending to be your bank's security team: "This is Barclays security – we've detected fraud on your account! Transfer your money to this safe account immediately."

In reality, the "safe account" belongs to the criminals. Only about 16% of APP scams happen over the phone, but they're often high-value – phone scams account for 43% of all losses. Remember: a real bank will never ask you to move money to another account for safety.

Romance Scams

These break hearts and bank accounts. Criminals create fake dating profiles and build emotional relationships over weeks or months. Then they invent emergencies – medical bills, visa problems, travel issues – and ask for money.

UK victims lost nearly £100 million in a single year to romance scams. One victim, a widow from the Midlands, lost her life savings of £50,000 to someone she thought loved her. The scammer went to jail, but her money was never returned.

Investment Scams

These target people looking for better returns on their money. Fraudsters offer fake investment opportunities in cryptocurrency, bonds, or even rare wine. They promise high returns that never materialize.

These are less common but devastating – only 4% of APP fraud cases in early 2024, but they represented 25% of all money lost. In the first half of 2024, Britons lost £56 million through investment scams.

Victims range from young professionals attracted by crypto hype to retirees trying to boost their pensions.

Purchase Scams

You find a great deal online for concert tickets, a puppy, or a used gadget. You transfer the money, but the item never arrives.

These are the most common type of APP fraud – 70-76% of cases start online. Individual losses are smaller (usually hundreds of pounds), but they add up to 25-30% of all APP fraud losses. The red flag: deals that seem too good to be true, with sellers insisting on bank transfers.

Business Email Compromise (BEC)

Businesses aren't immune. In these scams, criminals impersonate a company's supplier or partner. They send an invoice with "updated bank details," and the business pays the fake account.

UK businesses lost at least £92.7 million to invoice scams in one recent year. The average affected business loses around £300,000. This type of fraud now accounts for about half of all fraud losses in the UK when including corporate cases.

The common thread: victims authorize payments to criminals who quickly move the money to other accounts, often overseas, making recovery nearly impossible.

Why Banks Are Now Feeling the Pain

Until recently, if you fell for an APP scam, you usually absorbed the loss unless your bank decided to refund you as a goodwill gesture. That's changing fast – and banks are now directly in the firing line:

Trust Issues

APP fraud devastates customers. Life savings disappear, house deposits vanish, people suffer financially and emotionally. This erodes trust in banks. When customers don't feel safe using online banking, it hurts digital finance adoption.

Reputation Damage

Media and politicians increasingly highlight scam victims. In 2023, some banks reimbursed 96% of scam victims, while others reimbursed only 3%. Guess which ones received praise and which got criticized? Poor handling of fraud cases leads to public backlash and brand damage.

Regulatory Pressure

The Financial Conduct Authority (FCA) and Payment Systems Regulator (PSR) have made reducing fraud a top priority. The new reimbursement rules create potential enforcement action or fines for non-compliance. The FCA has tied scam outcomes to their Consumer Duty requirements – banks must support fraud victims or face regulatory consequences.

Mounting Costs

APP fraud already cost banks money through voluntary refunds and investigation overhead. Now, with mandatory reimbursements, these costs will skyrocket for banks that don't prevent scams.

Think about it: criminals stole £459.7 million via APP scams in 2023. Only about 62% was returned to victims under the old voluntary approach. Going forward, virtually all of that must be refunded. If fraud levels remain high, banks collectively face hundreds of millions in reimbursement costs.

Operational Burden

Preventing and handling fraud cases requires significant resources. Banks need teams to monitor transactions, support victims, trace funds, and process reimbursement claims. They must integrate with Pay.UK's scam claim system, determine customer negligence in each case, handle disputes, and report data to regulators.

Without effective prevention, banks could drown in casework as APP fraud continues rising.

The New Rules: Banks Now Pay for Scams

The UK has introduced sweeping new rules that fundamentally shift liability to banks. From October 7, 2024, all UK banks and payment companies must reimburse most APP fraud victims by law. Here's what this means:

Quick Refunds Are Now Required

If a customer falls victim to an APP scam, their bank must refund them within 5 working days in most cases. The default assumption is that the customer is innocent unless proven grossly negligent. Banks can no longer simply say "tough luck" when someone gets conned.

Who Gets Protected

The mandatory reimbursement covers:

• Individual consumers

• Micro-enterprises (businesses with under 10 staff/small turnover)

• Charities

It applies to domestic UK payments made through Faster Payments (instant bank transfers) and CHAPS (high-value transfers). Most APP scams happen via these payment methods.

All Major Banks Must Comply

All payment providers using Faster Payments must follow these rules – from major high-street banks to digital challengers and e-money firms. No one gets a free pass.

Costs Split 50/50 Between Banks

To encourage both sending and receiving banks to fight fraud, the cost of reimbursement is split equally between them.

Example: If Bank A's customer is scammed into sending £5,000 to an account at Bank B, Bank A refunds the customer £5,000, then Bank B reimburses £2,500 to Bank A. This makes receiving banks accountable for policing fraudulent accounts.

Reimbursement Cap: £85,000

The scheme caps reimbursements at £85,000 per case. This covers 99% of scam cases by volume and about 90% of losses by value. In 2023, only 411 cases out of more than 250,000 involved losses above £85,000.

No Minimum Claim Amount

There's no minimum scam amount for a claim – even £20 losses qualify for reimbursement. Banks can apply a modest £100 "excess" per claim (like an insurance deductible), but this cannot apply to vulnerable customers, who receive full reimbursement.

Limited Exceptions

Banks don't have to refund if they can prove:

• Customer fraud or collusion

• Gross negligence

• Standard of caution breach

The bar for "gross negligence" is high – simple mistakes or being duped by a clever scammer doesn't qualify. The burden of proof lies with the bank, not the customer. Vulnerable consumers receive explicit protection.

Faster Processing and Accountability

The process follows strict timelines. Banks must provide refunds within 5 business days of fraud reports in most cases. If they need more investigation time, they can extend but must provide a final answer within 35 business days.

Banks must also notify customers of their rights, update their terms by April 2025, and regularly report data on scams and reimbursement performance to regulators.

This represents a fundamental shift in liability. Regulators decided the industry wasn't addressing the problem quickly enough, so they mandated action. The days of inconsistent voluntary reimbursements are over.

For banks, the choice is clear: invest in stopping fraud upfront or pay refunds after the fact.

How Banks Can Fight Back: Your Fraud Prevention Checklist

With liability now on banks' shoulders, prevention is critical. Here's a practical checklist of measures every bank should implement:

1. Enhance Fraud Detection Systems

Deploy advanced monitoring tools and AI models to identify suspicious payments in real-time. Flag out-of-character transactions, like a customer who typically sends £50 suddenly transferring £5,000 overseas.

UK law now allows banks to delay payments by up to 48 hours (4 business days) if they suspect fraud. Use this power when something looks suspicious. A brief verification with the customer can prevent disaster.

Some banks are exploring technology that checks if a customer is on a suspicious phone call while making a transfer – combining telecom data with payment information to intervene immediately.

2. Leverage Confirmation of Payee (CoP)

This service checks whether the recipient account name matches what the customer entered. If John Doe sends money to "Alice Smith" but the account belongs to "XYZ Trading," the bank warns John.

CoP performed over 2 billion name-checks in 2024 alone. Banks should fully implement this service and warn customers when names don't match. With 350+ firms joining CoP by the end of 2024, this protective measure is expanding.

3. Educate and Alert Your Customers

The human element is crucial. Participate in public campaigns like Take Five to Stop Fraud and implement in-app warnings.

When customers transfer large amounts to new recipients, display a checklist: "Have you verified this request independently? Could this be a scam? Remember, your bank will never ask you to move money to a 'safe account'."

Send regular updates about new scam tactics through emails, texts, or app notifications. An informed customer is less likely to become a victim.

4. Streamline Your Reimbursement Process

Despite best efforts, some scams will succeed. Create dedicated fraud response teams that can handle claims efficiently and compassionately.

Make the refund process simple: provide clear guidance on reporting fraud, train staff to support victims, and establish connections with law enforcement.

Integrate with Pay.UK's centralized reimbursement system to coordinate claims between sending and receiving banks. Test these workflows and train staff now to handle cases smoothly.

Update account terms and customer materials about the new rights before the April 2025 deadline.

5. Target Mule Accounts

Address the receiving end of fraud by enhancing checks on new account openings and monitoring for suspicious incoming payments.

Watch for dormant accounts that suddenly receive multiple large transfers from different people and immediately move the money out.

Use analytics to identify likely mule activity and freeze suspicious accounts promptly. Under the new 50/50 cost-sharing model, receiving banks now have financial incentives to shut down mule accounts.

6. Share Intelligence Across the Industry

Fraudsters target multiple banks, so collaboration is essential. Share data on known scammers, mule accounts, and suspicious patterns.

Join initiatives like Stop Scams UK, where banks, tech companies, and telecom providers share fraud intelligence. Major banks are already pooling information with companies like Google, Meta, and BT to quickly flag scam websites, phone numbers, and mule accounts.

Use shared databases like the Cifas fraud network to blacklist known bad actors. When one bank identifies a new fraud method, sharing that information can prevent it from spreading.

7. Keep Innovating and Adding Smart Friction

Continuously adapt your security measures. Implement features that add just enough friction at critical moments.

Consider debit card-style protections for transfers: if a transfer seems unusual for a customer, ask for additional confirmation or require them to speak with staff.

Explore "cooling-off" periods for large transfers, giving customers time to reconsider potentially fraudulent transactions.

The Bottom Line and How Enlace Helps

APP fraud isn't someone else's problem anymore – it's now every UK bank's responsibility. The fraudsters are sophisticated and constantly changing tactics, but the industry and regulators are responding with unprecedented unity.

For banks, success means making fraud prevention part of your DNA – investing in technology, training, and collaboration to stay ahead of scammers. Those that do will avoid hefty reimbursement costs and regulatory problems while earning something invaluable: customer trust.

The mandatory reimbursement regime is here, and the scammers aren't waiting. Banks that treat APP fraud as the crisis it is will not only comply with new rules but position themselves better in the market.

That’s where Enlace comes in. Our plug-and-play API helps banks meet APP fraud regulations instantly. With real-time monitoring, adaptive authentication, and dynamic step-ups powered by our Risk Scoring Engine, Enlace stops scammers before they strike.

Stay compliant, protect your customers, and reduce fraud losses—all through our fraud prevention platform. Get started with Enlace today.

Want to learn more? Contact sales today to see how Enlace can help your bank.

The insights in this post are based on industry research, conversations with banks and fraud prevention experts, as well as our own experience. The content is for general information only and not intended as legal, financial, or technical advice. While Enlace strives for accuracy, the information may not reflect the latest developments.

Additional sources:

Payment Systems Regulator, 2024; Hogan Lovells, 2024; PSR Consumer Guide, 2024; UK Finance, 2023; The Guardian, 2025; The Guardian, 2022; Take Five Campaign via UK Finance, 2024; Take Five (Business), 2024; Norton Rose Fulbright, 2024; FCA “Dear CEO” Letter, 2024; Computer Weekly, 2024.