Industry views
30 Oct 2025
by Ksenia Duxfield-Karyakina

Breaking the silos: how APP fraud redefines digital risks

Here we explore how tech and payment industries can work together to address APP fraud across UK’s digital economy.

 

Key takeaways:

APP fraud marks a systemic shift in digital risk, reflecting the convergence of financial crime, cyber threats, and social engineering. Addressing it requires a whole-of-ecosystem response that extends beyond traditional detection measures.

Fragmented data and siloed accountability remain among the core structural vulnerabilities. Without shared intelligence between banks, payment providers, telecoms, and technology platforms, fraudsters will continue to exploit blind spots that no single sector can close alone.

Behavioural defences and user literacy campaigns no longer appear sufficient against increasingly sophisticated, (often AI-enabled) deception. The next frontier of deterrence lies in integrating data-led, identity, and network intelligence systems to enable real-time intervention.

Initiatives like the Home Office’s O3C and the FCA’s AI Sandbox demonstrate how government and regulators can foster adaptive, intelligence-led collaboration across sectors - bridging the gap between policy, technology, and consumer protection. However, the much-anticipated new Fraud Strategy is unlikely to move the needle on APP fraud.

 

APP fraud as a new frontier

Authorised Push Payment (APP) fraud has redrawn the contours of financial crime across the UK’s digital economy. Unlike traditional frauds that exploit system vulnerabilities, APP scams manipulate human behaviour - preying on trust, urgency, and social engineering. In 2023 alone, UK consumers lost an estimated £460 million to APP fraud - roughly 40% of all payment fraud. Global forecasts suggest cumulative APP-related losses could reach $331 billion by 2027, underscoring how this risks becoming the dominant vector of digital financial crime.

The landscape has also been reshaped by the Mandatory Reimbursement Scheme (MRS), which shifted liability for reimbursement to banks and payment service providers. This was intended to incentivise proactive prevention, though no equivalent accountability framework exists for technology platforms.

The UK payments ecosystem remains structurally constrained by fragmented data flows and limited cross-sector intelligence sharing. Fraudsters exploit these gaps, operating across silos that banks, telecoms, and tech platforms cannot/would not yet bridge. The traditional “friction-based” model - pop-up warnings, transaction pauses, or manual verification - is faltering. Some evidence indicates that two-thirds of users ignore on-screen prompts, demonstrating that behavioural interventions or literacy programmes alone are no longer an effective deterrent.

 

The implications for finance and tech are both operational and systemic

At its core, APP fraud signals a shift in the frontline of digital risk. Erosion of consumer trust is consequent of repeated exposure to APP scams undermining public confidence in digital payments and online platforms at large. As deception grows more sophisticated - incorporating AI-generated phishing messages, deepfakes, and cloned voices - the boundary between legitimate and fraudulent interaction is becoming more indistinguishable to the ordinary user.

On the other hand, we observe a technological lag with many fraud detection systems still being rule-based, reactive (vs prevention-oriented), and relying on data-sets with many inherited limitations.

To shift from reactive defence to real-time, intelligence-driven prevention, industries - tech, finance and digital payments - need to work together for the benefit of the consumer - who is the shared end-client for all.

 

APP fraud and tech

The next phase of defence lies in uniting fraud detection and cybersecurity. APP scams exploit both human trust and digital infrastructure; the response must integrate behavioural, identity, and network intelligence.

Three emerging technologies would arguably define this convergence:

  • Network and relationship analysis – using link analysis and shared identifiers to map criminal networks and fund flows across institutions.
  • Behavioural biometrics – recognising deviations in typing cadence, device handling, or navigation patterns that signal manipulation or coercion.
  • Recipient intelligence and payment conditionality – dynamically scoring recipient accounts by fusing KYC data, device signatures, and confirmation-of-payee intelligence, enabling payments to be delayed or declined based on contextual risk.

The goal is to move from static fraud flags to ultra-low-latency prevention engines capable of detecting adversarial behaviour as it unfolds.

Traditional machine learning models are constrained by data imbalance with genuine transactions vastly outnumbering fraudulent ones. This often leads to skewed training sets and false negatives. Generative AI can rebalance this equation by simulating emerging scam typologies and stress-testing detection models against synthetic but realistic adversarial inputs. When coupled with continuous retraining and adversarial testing, GenAI enables systems that evolve in parallel with fraudsters, rather than behind them.

 

Policy and regulatory response

Although APP fraud is unlikely to feature prominently in the forthcoming Home Office Fraud Strategy, the Government’s new Online Crime Coordination Centre (O3C) could form part of its forward-looking response to this challenge.

The Centre’s mandate spans research and development into criminal AI misuse, disruption of fraud infrastructure, and the design of cross-sector data-sharing frameworks. O3C is expected to prioritise pilot projects across tech and payments, making APP fraud a good candidate for early action.

In parallel, the FCA’s AI Sandbox - designed to provide a regulatory testbed for industry-led AI deployment- could help accelerate the experimentation with AI-led prevention tools for APP fraud across UK firms.

 

Conclusions

APP fraud is fast becoming a defining fault line in the UK’s digital risk ecosystem. Addressing this challenge at scale will require more than regulatory compliance or consumer education; it demands new alliances between the finance, technology, and government sectors to fuse intelligence, identity, and innovation.

By integrating behavioural, identity, and network-level defences, and by building cross-industry data-sharing frameworks (including those based on DUA implementation), the UK can shift from reactive mitigation to proactive deterrence across its digital economy.

 

Financial Services Programme activities

The techUK Financial Services programme connects tech firms, the FS industry, and regulators to ensure innovation and technology can be fully embraced. Through market engagement activities and events, we help to empower decision makers and aid collaboration.

 

Upcoming events

13 November 2025

Combatting Fraud: techUK's 2025 Report Launch Breakfast & Panel

London
18 November 2025

Tech and the City – AI in Financial Services

London Conference
25 November 2025

Scaling in...Insurance

Panel discussion

Latest news and insights 

Learn more and get involved

 

Financial Services updates

Sign-up to get the latest updates and opportunities from our Financial Services programme.

 

 

Here are the five reasons you should join the Financial Services programme.

Learn about the value members get from our work.

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

 

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

Meet the team  

James Challinor

James Challinor

Head of Financial Services, techUK

James leads our financial services programme of activity. He works closely with member firms from across the sector to ensure innovation and technology are fully harnessed and embraced by both industry and regulators. 

Prior to joining us James worked at other business organisations including TheCityUK and the Confederation of British Industry (CBI) in roles focused on supporting the financial & related professional services eco-system, with a particular focus on financial technology and market infrastructure. 

He holds degrees from King's College London and Oxford Brookes University, and outside of work enjoys socialising, exercising, and travelling to new locations.

Email:
[email protected]
LinkedIn:
https://www.linkedin.com/in/james-challinor-105212177/

Read lessmore

Lucas Banach

Lucas Banach

Programme Assistant, Data Centres, Climate, Environment and Sustainability, Market Access, techUK

Lucas Banach is Programme Assistant at techUK, he works on a range of programmes including Data Centres; Climate, Environment & Sustainability; Market Access and Smart Infrastructure and Systems.

Before that Lucas who joined in 2008, held various roles in our organisation, which included his role as Office Executive, Groups and Concept Viability Administrator, and most recently he worked as Programme Executive for Public Sector. He has a postgraduate degree in International Relations from the Andrzej Frycz-Modrzewski Cracow University.

Email:
[email protected]
Phone:
020 7331 2006
Twitter:
@techUK
Website:
www.techuk.org
LinkedIn:
https://www.linkedin.com/in/lucas-banach-50139650

Read lessmore

 

 

 

Authors

Ksenia Duxfield-Karyakina

Ksenia Duxfield-Karyakina

Managing Director, Emerging Tech , Forefront Advisers

Return to listing