APP Fraud Losses (UK / US / EU): 2024 Statistics, Trends, and Analysis

Methodology

This page aggregates figures from three separate reporting frameworks, each with different scope and definitions.

United Kingdom. The PSR and UK Finance publish annual APP fraud statistics covering Faster Payments and CHAPS transactions. The PSR's 2024 APP Scam Performance Data (published February 2026) covers January through September 2024, the period before mandatory reimbursement took effect. UK Finance's Annual Fraud Report 2025 covers the full calendar year across 14 major banks and payment firms. Figures are in GBP and cover both personal and non-personal accounts.

European Economic Area. The EBA and ECB publish a joint annual payment fraud report. The 2025 edition (published December 2025) covers semi-annual data from H1 2022 through H2 2024, drawing on mandatory regulatory reporting from payment service providers across the EU/EEA. The report does not use the term "APP fraud" as a category. The closest equivalent is credit transfer fraud where the payer is manipulated into authorising the transaction, which accounted for 85% of credit transfer fraud losses by value in 2024. Figures are in EUR and exclude the UK.

United States. There is no statutory APP fraud reporting framework equivalent to the UK's. The FTC Consumer Sentinel Network Data Book (March 2025) captures consumer-reported losses by payment method. Bank transfer and wire payment losses are the closest US proxy for APP fraud, though the category includes some non-APP transfers. Figures are in USD.

Currency conversions are not applied. Figures from different jurisdictions measure different scopes and cannot be summed into a single total.

Full data table

Sources: UK Finance Annual Fraud Report 2025; PSR 2024 APP Scam Performance Data (February 2026); EBA/ECB 2025 Report on Payment Fraud (December 2025); FTC Consumer Sentinel Network Data Book 2024 (March 2025).

Key findings

UK case volumes collapsed even as investment fraud surged. Total APP fraud losses fell 2% to £450.7 million in 2024, but the 20% drop in case count to 185,733 is the sharper story. Investment scams bucked that trend completely: £144.4 million stolen, up 34% year-on-year despite a 24% reduction in case numbers. That means fewer victims but larger average losses per case, a shift consistent with fraudsters targeting higher-net-worth individuals through more sophisticated social engineering.

Social media is the dominant APP fraud delivery channel in the UK. PSR data show that 54% of APP scam incidents in 2024 originated on social media platforms. Meta properties (Facebook, Instagram, WhatsApp) alone accounted for approximately £61 million. Fraudsters are treating social platforms as a free-to-access distribution network for investment scams, romance fraud, and impersonation. The PSR has called on platforms to take greater liability for fraud originating on their services.

EU/EEA user-borne credit transfer losses reached roughly €1.87 billion. The EBA and ECB report €2.2 billion in credit transfer fraud losses in 2024, up 16% from 2023. With 85% of those losses borne directly by payers who were manipulated into authorising fraudulent transfers, the APP-equivalent exposure is approximately €1.87 billion. The EBA also found that fraud risk in instant credit transfers is up to ten times higher than in standard transfers, a direct consequence of the ten-second settlement window leaving almost no room for intervention.

US bank transfer fraud grew 13% to $2.09 billion. FTC data covering all of 2024 show bank transfer and wire payment losses at $2.09 billion, up from $1.8 billion in 2023. The CFPB's December 2024 complaint against JPMorgan Chase, Bank of America, Wells Fargo, and Zelle operator Early Warning Services alleged that customers lost more than $870 million over the platform's seven-year history due to inadequate fraud controls. An estimated 80-85% of Zelle scam victims received no reimbursement in 2024.

Reimbursement rates diverge sharply between the UK and the US. UK banks returned £267.1 million (59% of losses) in 2024. Following the PSR's mandatory reimbursement rule on 7 October 2024, the rate jumped to 86% for in-scope claims in the first three months. In the US there is no comparable obligation for authorised payment fraud. The structural gap explains much of the transatlantic difference in reported consumer harm.

Year-over-year trends

UK APP fraud peaked at £583.2 million in 2021, a 39% rise over 2020, driven by pandemic-era social engineering and accelerated digital payment adoption. It dropped to £485.2 million in 2022 (down 17%), then to £459.7 million in 2023 (down 5%), and edged lower still to £450.7 million in 2024 (down 2%). The trajectory looks like a sustained decline, but it's worth applying caution: losses have been relatively flat for three years, and the 2024 improvement in case volumes (down 20%) reflects better detection rather than fewer fraud attempts. The PSR's October 2024 mandatory reimbursement scheme will likely suppress reported losses further in 2025, but may also create incentives that alter what gets reported.

In the EU/EEA, the direction is opposite. Total payment fraud held at €3.4 billion in 2022, moved to €3.5 billion in 2023, then jumped to €4.2 billion in 2024, a 17% increase. The EBA and ECB attribute the acceleration partly to the rapid expansion of instant payment volumes, which reduces the detection window from hours to seconds. Fraudsters adapted quickly: rather than attacking authentication directly, they now manipulate users into authorising transactions themselves, bypassing strong customer authentication entirely. That's the structural shift that makes the 2024 figures so significant.

In the US, the trend is consistent upward growth. Bank transfer fraud rose from $1.8 billion in 2023 to $2.09 billion in 2024 (13%). Total consumer fraud hit $12.5 billion, a 25% annual jump. Investment scams, many of which involve APP-style fund movements, grew 24% to $5.7 billion.

Three drivers appear across all jurisdictions: real-time payment rails that compress detection windows, social media platforms as cheap fraud distribution infrastructure, and generative AI reducing the cost of producing convincing impersonation content at scale. The UK regulatory response (mandatory reimbursement, Confirmation of Payee) is structurally more advanced. The EU's Verification of Payee requirement under the Instant Payments Regulation is rolling out through 2025-2026. The US has neither obligation in place.

What this means for compliance teams

APP fraud sits awkwardly in most compliance frameworks. It's payment fraud rather than money laundering, yet the controls that catch it overlap directly with AML infrastructure.

The most immediate implication is for transaction monitoring. Standard AML rules flag unusual outbound transfers by counterparty risk score or volume thresholds. APP fraud involves fully authorised transactions to beneficiaries the customer has often never paid before. Detection requires first-time payee velocity analysis, behavioural baselines, and mule account scoring, none of which are built into legacy rule engines by default. Banks that haven't adapted their monitoring logic are carrying unquantified APP exposure.

The PSR's mandatory reimbursement regime creates direct financial liability that focuses attention quickly. The scheme also creates an incentive to invest in AI-Powered Fraud Detection: the institutions with the lowest reimbursement rates under the old voluntary code were also those with the least sophisticated detection tooling, a relationship the PSR's published performance data makes visible by bank.

On the EU side, the Instant Payments Regulation already requires payment service providers to screen all outgoing transfers against sanctions lists within ten seconds. That constraint makes Sanctions Screening infrastructure a direct operational dependency for any institution processing instant credit transfers at volume. The same ten-second window is what makes APP fraud via instant payments so difficult to interrupt once the manipulation has occurred.

Beneficiary account validation is frequently underweighted in fraud control design. The UK's Confirmation of Payee scheme is a mandatory name-check layer on Faster Payments. The EU's Verification of Payee requirement follows the same model. Neither eliminates APP fraud, but both reduce the subset where victims were misdirected by account number spoofing or impersonation of legitimate payees.

Customer Due Diligence processes should also account for mule accounts as a distinct risk typology. APP fraud losses don't disappear; they route through networks of mule accounts before extraction. Detecting mule account behaviour at onboarding and through ongoing monitoring is one of the highest-leverage interventions available. Banks that treat this as a fraud team problem rather than a CDD problem are missing the structural overlap.

The CFPB's December 2024 lawsuit against the three major US banks and Zelle signals that US regulators are prepared to treat APP fraud reimbursement as a regulatory obligation even without specific legislation. Institutions operating across all three jurisdictions should treat the current period as a convergence window and align their controls now.

Sources

• UK Finance, Annual Fraud Report 2025, May 2025
• Payment Systems Regulator, 2024 APP Scam Performance Data, February 2026
• EBA and ECB, 2025 Report on Payment Fraud (EBA/REP/2025/40), December 2025
• FTC, Consumer Sentinel Network Data Book 2024, March 2025
• CFPB complaint against JPMorgan Chase, Bank of America, Wells Fargo, and Early Warning Services (Zelle), December 2024, via CBS News
• Federal Reserve Bank of Kansas City, Combating Authorized Push Payment Scams in Fast Payment Systems, 2024