/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

APP scams to double by 2026 - research

Authorized Push Payment (APP) fraud losses are on the rise and expected to climb to $5.25 billion across the U.S., U.K. and India by 2026 — a record CAGR of 21% — according to Scamscope, a new report by global payments software company ACI Worldwide and GlobalData, a leading global analytics firm.

  9 Be the first to comment

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

APP fraud scams involve fraudsters tricking their victims into willingly making large bank transfers to them – in many cases, this happens via social engineering across social media networks or via telephone. The growth of real-time payments has given rise to this new type of fraud, which in many markets is growing at a much faster rate than card fraud.*

Scamscope also sheds a light on the types of APP fraud, with product (37.8%), romance (18.4%) and investment scams (16.3%) being the most common across all three geographic markets.

On the flipside, the overall growth of real-time payments is predicted to outstrip the growth of APP fraud losses. In 2021, APP fraud losses amounted to $2.7 billion, accounting for 0.047% of the total value of real-time payments across the three markets in the study ($5.8 trillion). In 2026, they are expected to amount to $5.25 billion, accounting for 0.0025% of the total value of real-time payment transactions in 2026 ($20.7 trillion). This means that real-time revenue for financial institutions is expected to grow faster than the risk of loss and that many banks, central infrastructures, and regulatory bodies are taking the necessary steps to combat the threat.

The report outlines four key recommendations for financial institutions to tackle the issue:

• Banks must get ahead of incoming regulatory changes and strengthen and optimize both processes and technologies in the fight against APP scams.
• Robust technology solutions are needed for the collection of more and better customer data – behavioral data is key to tackling social engineering.
• Better collaboration: banks at the initiating and receiving ends of transactions must collaborate more closely to better understand where money is being sent and why. That means creating a network of intelligence based on the sharing of fraud signals in metadata format, and in real time.
• Banks must get serious about disrupting mule account networks. That means monitoring money coming into as well as out of customers’ accounts and analyzing the behavior of those accounts.

“APP fraud is on the rise, and despite many banks stepping up their fraud prevention efforts, this is an issue they can no longer solve on their own,” commented Cleber Martins, head of payments intelligence and risk solutions, ACI Worldwide. “APP fraud does not happen in silos. To contain and stop this kind of fraud, a detailed and holistic view of all payments activity is needed. Financial institutions, social media giants and telco companies need to work together to stop fraudsters in their tracks before the fraudulent transactions take place.”

“Although there are indications that banks are taking the necessary steps to combat the new fraud threat, they must not be complacent regarding these risks,” commented Sam Murrant, senior payments analyst, GlobalData. “Aside from the direct cost of fraud losses, the lack of regulatory protections around reimbursing consumers for APP fraud losses means there is a potential loss of trust, and thus customers, from APP fraud.”

Scamscope Key Findings at a Glance:

• APP fraud losses
o India: 2021 $330 million - 2026 $612 million
o U.K.: 2021 $789.4 million - 2026 $1,564.9 million
o U.S.: 2021 $1,629.4 million - 2026 $3,080.6 million

• Types of scams
o Product (37.8%), romance (18.4%) and investment scams (16.3%) are the most common APP fraud scams across all three markets.
• Values of scams
o One in five (17%) fraudsters in the U.K. disguise their activity by focusing on purchases between £251-£500 ($291-$579), while U.S. fraud transaction values tend to fall in a wider range of $251-$2,500, and one quarter (25%) of fraudulent transactions in India are valued between INR 50,001 and INR 100,000 ($607-$1,217).

• What do victims do after they have been scammed?
o ACI’s report further reveals that fraud victims in the U.K. and India are more likely to choose to keep their account open (28%-33%) in comparison to the U.S. (23%). Brand loyalty is also shown to be maintained across all three countries –whether the victim or their provider close the account, they remain with the same provider.

Note to editors:
*Authorized push payment (APP) scams: The term describes a method of fraud in which criminals coerce legitimate users to initiate a payment to a destination account under their control. Funds leaving legitimate customers’ accounts will travel through one or several mule accounts before being collected by the fraudsters or converted by them into hard-to-trace digital assets, such as crypto or NFTs. Other terms for APP scams include “PIX fraud” in Brazil, “scams” in Australia and “APP fraud” in the U.K. This report uses the terms “APP scam” and “scams” interchangeably to refer to the same problem.  

Sponsored [Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates

Comments: (0)

[Webinar] Unifying Card Programmes: The cost-reduction imperativeFinextra Promoted[Webinar] Unifying Card Programmes: The cost-reduction imperative