Authorised Push Payment (APP) fraud remains one of the most serious threats facing businesses and consumers in the UK. Fraudsters exploit trust, emotion, and digital reach to trick people into transferring money to fraudulent accounts. In 2023 and 2024, losses have been in the hundreds of millions, with business and consumers alike exposed to risk.
In this article, we explain what APP fraud is, share the latest statistics, outline best practices for prevention, and show how SOTpay helps businesses safeguard remote payments across multiple channels.
What Is APP Fraud?
APP fraud happens when someone is deceived into authorising a payment themselves — believing they are paying a legitimate business or individual. These scams often use social engineering, phishing, spoofed websites or messages, impersonation, or investment fraud.
Unlike unauthorised fraud (where someone uses another’s account or card without permission), APP fraud depends on tricking the payer into willingly making the payment. That makes prevention more complex: it’s not just about technology, but also communication, verification, trust, and channel integrity.
Recent Statistics & Trends in the UK
To stay ahead, knowing the scale and how it’s changing is crucial. Here are some of the freshest figures as of 2024-2025:
-
In 2024, losses from APP fraud in the UK were approximately £450.7 million, only about 2% lower than in 2023. This represents a modest improvement, but still a very high number.UK Finance Outseer
-
The number of APP fraud cases dropped by ~20% in 2024, to under 186,000 cases. UK Finance
-
Purchase scams (where goods or services are paid for but never delivered) remain the most common type of APP fraud. Losses in this category in 2024 stood at about £87.1 million, though case numbers fell. UK Finance
-
Investment scams are increasing in loss value, even where case numbers decline, meaning fraudsters are targeting larger sums per scam. UK Finance
-
Reimbursement rules introduced by the Payment Systems Regulator (PSR) in October 2024 now require banks/payment firms to reimburse victims of APP fraud under certain conditions. Early data shows that in the first three months under the new rules, 86% of the value stolen in-scope was returned to victims. UK Finance
These figures make it clear: while the trend is moving slowly in the right direction, APP fraud remains a major threat and one that demands serious mitigation at business level.
Why Remote Payments Are Particularly at Risk
Remote payments — meaning payments initiated over email, SMS, live chat, social media, or messaging apps — are especially vulnerable to APP fraud for several reasons:
-
No face-to-face verification. Fraudsters can impersonate businesses, send spoofed links, or impersonate personnel.
-
Social engineering is easier: urgency, fear, or reward can be used to trick people into acting without full verification.
-
Phishing and fake websites or fake invoice requests are more effective remotely.
-
Payment links or instructions delivered via insecure or unbranded channels increase risk.
Businesses that rely on remote payments must assume risk isn’t hypothetical — it’s ongoing and evolving.
How Businesses Can Prevent APP Fraud
Here are best practices every business should incorporate to reduce exposure:
-
Use Branded, Verified Communication
Ensure that payment requests, invoices, links, or messages come from your official domain/email address or verified channels. Customers should recognise your branding in communications.
-
Confirmation of Payee (CoP)
Use services that allow payers to verify the name of the payee account before sending funds. This helps prevent impersonation scams.
-
Secure Payment Links
Rather than taking card details over the phone or via voice calls, send secure pay-by-link requests that are encrypted and authenticated.
-
Education and Clear Policies
Make your billing, refund, and cancellation policies transparent. Educate both staff and customers about common scams, social engineering tactics, and how to report suspicious activity.
-
Multi-channel Verification and Authentication
Apply authentication such as digital 3D Secure, use one-time passcodes, or bank app verifications when appropriate.
-
Monitor Fraudulent Patterns and Use Data & Tools
Track dispute and fraud rates, use threat detection, anomaly detection, and collaborate with banks, telecoms, and fraud prevention organisations.
-
Implement Strong Reimbursement Measures
Know the rules (e.g. PSR’s reimbursement regime), and ensure your processes help victims get refunded where you are obligated. This includes acting fast, being transparent, and avoiding delay in investigations.
How SOTpay Prevents APP Fraud and Secures Remote Payments
SOTpay is designed from the ground up to address these risks. Here’s how we help businesses protect themselves:
-
Secure Payment Links via Trusted Channels
SOTpay supports sending secure pay-by-link via SMS, email, live web chat, WhatsApp, and social media. These links are encrypted, uniquely generated, and avoid risk of impersonation or interception common in informal communication.
-
Branded Communication & Domain Display
All payment link-related communications come under the merchant’s branding and own domain wherever possible. That helps customers immediately recognise you, reducing confusion and preventing phishing.
-
Confirmation of Payee (CoP) Integration
Where available, SOTpay integrates CoP services so customers verify the business or merchant account name before authorising payments.
-
Fraud Related Chargeback / Reimbursement Support
SOTpay works with reimbursement regimes and offers protections to merchants from financial loss due to fraud-related chargebacks. Helping ensure that even when bad actors attempt fraud, the burden does not fall entirely on the merchant.
-
Real-Time Fraud Prevention & Monitoring
SOTpay’s systems monitor transaction patterns, look out for anomalies, and adapt to emerging fraud schemes. When risk is detected, extra verification steps can be applied.
-
Customer Verification Advice
SOTpay encourages merchants to require verification before goods/services are delivered—e.g., showing payment receipts or verifying identity—especially for high-value or remote orders.
FAQs
What is APP fraud exactly?
It’s when someone is tricked into authorising a payment themselves, to an account controlled by a fraudster — believing they are paying a legitimate business or individual.
How big is the APP fraud problem in the UK now?
In 2024 the UK saw approximately £450.7 million in APP fraud losses, with about ~186,000 cases. That’s a drop in both losses and volume compared with prior years, but the scale remains serious.
What role does Confirmation of Payee (CoP) play?
CoP allows the payer to see the registered name of the account they are sending money to. It helps prevent impersonation scams, which are a major contributor to APP fraud.
How does SOTpay’s secure payment link help?
Secure pay-by-link avoids giving card or account details over insecure channels. The link is sent via verified channels, encrypted, and leads to a secure page with authentication — greatly reducing risk of spoofing or interception.
What are the reimbursement rules for APP fraud?
Since October 2024, the PSR mandates that victims of in-scope APP fraud be reimbursed by payment firms under certain conditions. Early data shows high return rates of stolen value under these rules.
Are there emerging trends to watch?
Yes — investment fraud losses rising in value, fraudsters targeting larger sums; remote or digital channels being exploited; higher risks in messaging/social media; increasing need for multi-layer verification and fraud detection.
Every remote payment your business accepts is an opportunity — but also a risk. In a landscape where APP fraud losses are still in the hundreds of millions and regulation is tightening, doing nothing is not an option.
Book a free SOTpay demo today and discover how we can harden your payments, protect your brand, and ensure your customers—and your bottom line—stay protected.
