Real-time defence against APP fraud: Protecting the future of A2A payments

The Stakes in Real-Time Fraud Defence

Authorised Push Payment (APP) fraud occurs when scammers deceive individuals into voluntarily transferring money to fraudulent accounts, often via impersonation, romance, or investment schemes. In the UK, these scams predominantly exploit Faster Payments, the backbone of real-time account-to-account (A2A) transfers that enable near-instant domestic payments.

The critical change came on 7 October 2024, when the Payment Systems Regulator (PSR) enforced mandatory reimbursement. Sending payment service providers (PSPs) must now refund victims up to £85,000 per claim (with a possible £100 excess, waived for vulnerable consumers), typically within five business days, while receiving PSPs cover half the cost. This replaced a patchy voluntary code, where reimbursement rates hovered around 65% in 2024. By the end of September 2025, the new regime had returned 88% of stolen funds—£173 million—across the first year, with high compliance in quick resolutions.

The real-world toll remains severe. UK consumers lost around £450 million to APP fraud in 2024, a slight dip from prior years but still dominant in payment fraud. Victims, often vulnerable individuals targeted through social engineering, face not just financial hits but emotional and trust erosion in digital banking. Banks and smaller PSPs absorb costs through shared liability, potentially raising fees or tightening controls, while fraudsters adapt by using mule accounts and subtle behavioural patterns that evade legacy systems.

What much coverage overlooks is the deeper trade-off in real-time A2A systems. Instant payments drive economic efficiency and adoption, but their speed leaves scant window for intervention. Traditional fraud checks focus on the sender, yet scammers now manipulate victims into authorising transfers, rendering such monitoring ineffective. The pivot to analysing destination accounts—spotting mule indicators or anomalous behaviour—promises better prevention but risks false positives that could delay legitimate transfers or raise privacy concerns over deeper data scrutiny.

Confirmation of Payee (CoP), mandated for broader rollout by late 2024, adds a pre-payment name-check layer, yet fines like the £3.7 million on Bank of Ireland UK in 2026 highlight uneven implementation. Meanwhile, global fraud forecasts underscore urgency: APP scams are projected to cost $331 billion worldwide by 2027, with the UK positioned as a regulatory pioneer amid evolving international trends.