Fraud Remains a National Security Threat as Criminals Steal Almost £1.3 Billion

WHY THIS MATTERS: The financial sector is no longer the sole gatekeeper of security. With fraud losses hitting over £1.2 billion, we are seeing the collapse of traditional perimeter security. The real issue is that 66% of Authorised Push Payment (APP) fraud originates online, placing the burden squarely on tech platforms and telecommunications, rather than just banks. This data exposes the widening gap between the rapid digitization of commerce and the sluggish implementation of cross-sector defensive frameworks. For the fintech ecosystem, this marks a critical inflection point: fraud prevention is shifting from a bank-led exercise to a systemic operational requirement. We are witnessing the birth of a new regulatory landscape where shared responsibility is the new mandate. Companies that fail to integrate robust digital identity and verification checks across their customer journeys are not just experiencing friction—they are becoming the primary infrastructure for financial crime.

UK Finance’s latest Annual Fraud Report shows its members reported that criminals stole £1.28 billion through payment fraud in 2025, an increase of four per cent. This demonstrates how fraud continues to operate on an industrial scale and is a national security threat.

The report also shows that most Authorised Push Payment (APP) fraud cases still start online (66 per cent) or through telecommunication networks (17 per cent) and, building on the government’s Fraud Strategy,  UK Finance is therefore calling for stronger, enforceable responsibilities to be placed on companies in these sectors, including:

• Tackling fraudulent advertising by having Ofcom place stronger and proactive fraud prevention obligations on high-risk platforms. This would help address investment fraud, which often starts through fraudulent advertising on social media.
• Requiring online marketplaces to verify their sellers and use secure payment mechanisms rather than allowing separate bank transfers to take place off the platform. This would address purchase fraud, which often starts on marketplace sites.

• Firms in the tech and telecommunications sectors should be required to contribute financially, as well as sharing expertise, intelligence and capabilities to support proactive fraud prevention.

Ruth Ray, Managing Director of Economic Crime at UK Finance, said:  “Fraud operates on an industrial scale, harming people, businesses and the UK economy, typically funding serious and organised crime in the UK and globally. The financial sector invests huge amounts in protecting customers, but we cannot be the only line of defence. Almost £1.3 billion was stolen again last year and it is clear we are not tackling the underlying problem effectively enough. Given most APP fraud still starts via online tech platforms or via telecoms, we urgently need stronger, enforceable responsibilities to be placed on these sectors. This is the way to reduce the harm and stop criminals and tech companies profiting from these devastating crimes.”

Unauthorised fraud losses

Unauthorised fraud losses were down five per cent to £703.4 million and there were 3.81 million fraud cases reported (up 11 per cent).

Criminals continued to deploy increasingly sophisticated social engineering tactics in 2025, including compromising one‑time passcodes to register digital wallets or make fraudulent transactions.

Breakdown:

• Remote purchase card fraud losses, where criminals use stolen card information to make online purchases, rose by three percent to £423.5 million, and case numbers were up 13 per cent to 3.2 million.

• Lost and Stolen fraud losses fell by two per cent to £109.8 million, whilst cases increased by two per cent to 449,189.

• Remote banking fraud losses fell by 27 per cent to £104.4 million, whilst cases increased 11 per cent to 37,646, driven by a 21 per cent increase in mobile banking cases.

• Contactless fraud losses increased eight per cent to £46.8 million.

• The industry prevented £1.68 billion in unauthorised fraud from being stolen.

Authorised Push Payment fraud losses

Online platforms continue to be exploited by criminals to manipulate victims into authorising payments themselves.

APP fraud losses rose sharply to £576.4 million (up 19 per cent) and there were 248,070 cases recorded (up seven per cent). This reflects the growing scale and sophistication of scams that manipulate people into transferring money for goods, services or opportunities that never materialise.

Breakdown:

• There were £500.8 million in personal losses and £75.6 million in business losses.

• Purchase scams accounted for 71 per cent of all cases, with losses rising 20 per cent to £118.1 million.

• Investment fraud accounted for the highest proportion of losses at £221.5 million, up 40 per cent year-on-year, and case numbers increased 26 per cent to 14,893.

• Romance fraud losses increased 23 per cent to £39.2 million and case numbers were up 22 per cent.

• Impersonation fraud, where criminals pose as a bank, the police or an organisation and convince victims to transfer money to a “safe account”, fell again in 2025, with losses down 12 per cent and case numbers down 11 per cent.

Where Authorised Push Payment fraud starts

APP fraud losses continue to be driven by the abuse of online platforms and telecommunications.

• 66 per cent of APP cases originated online, accounting for 32 per cent of losses.

17 per cent of cases began via telecommunications, typically involving higher value scams and accounting for 28 per cent of losses.

Reimbursement

Reimbursement is important but alone cannot stop criminals, as the stolen money still ends up in the hands of organised crime groups.

• Victims of unauthorised fraud are legally protected, and banks refund almost all cases.
• In 2025, banks reimbursed £354.3 million to victims of APP fraud, equivalent to 61 per cent of losses.

The PSR reported that 89 per cent of in scope APP fraud was reimbursed to victims in the 15 months of their new rules being in operation. UK Finance data covers a wider range of payments and account types than the PSR rules, which is why there are different reimbursement percentage figures.

Jonathan Frost, Global Advisory Director at BioCatch, said:  “Banks are winning the fight against traditional fraud, but criminals have adapted, shifting from hacking systems to manipulating people, and authorised losses are surging as a result. Financial institutions must detect social engineering in real-time, intervening before funds leave an account, and disrupt the mule accounts that fraudsters rely on. Behavioural intelligence can expose manipulation and flag mule accounts in real time, but no single institution can win this alone. A connected industry can deny criminals the proceeds of crime at scale. A fragmented one cannot.”

Kamlesh Harry, Principal Strategic Advisor for Nasdaq Verafin, said:  “These figures are a measure not just of criminal ambition but of the technological advantage fraudsters currently enjoy. Criminals are exploiting advances like AI to industrialise operations, tailor cross-border scams, and target British victims through global platforms and social networks to drive a surge in authorised fraud. We need an equally technology-led and joined up approach to tackle the problem: smarter use of digital tools, greater commitment to data sharing, and shared accountability across financial institutions, technology platforms and law enforcement. This will drive an urgently needed shift from reactive detection to real-time prevention, identifying and acting on fraud signals early, before funds are lost, and lives are devastated.”

FF NEWS TAKE: The shift from unauthorized to authorized fraud proves that criminals are winning the psychological war, not the technical one. If tech platforms continue to operate without strict financial liability, the systemic bleeding will persist. The industry must move beyond reactive reimbursement and toward predictive intelligence. Moving forward, expect regulators to force tech giants into the financial oversight perimeter, effectively making social media and telecoms liable for the criminal content they monetize.