The UK’s fraud problem did not shrink in 2024, but it did change shape.
According to the UK Finance Annual Fraud Report 2025, total fraud losses across authorised and unauthorised channels reached £1.17 billion, broadly unchanged from 2023. On the surface, that suggests progress. Look deeper, however, and a more complex picture emerges: confirmed fraud cases rose 12% to 3.31 million, the highest level in the comparable data series.
This divergence, flat losses but sharply higher case volumes, is the defining feature of the current fraud landscape. Criminals are no longer maximising value per victim. Instead, they are scaling volume, targeting more people, more often, for smaller amounts, while adapting rapidly to new controls.
APP fraud retreats, but not because criminals gave up
Authorised Push Payment (APP) fraud has been the industry’s dominant concern for several years, and 2024 marked a genuine inflection point.
- APP losses fell 2% to £450.7m
- APP cases dropped 20% to 185,733, the lowest since 2021
This improvement did not occur by accident. It reflects sustained investment by banks and payment firms, extensive consumer education, and the run-up to mandatory reimbursement rules introduced by the Payment Systems Regulator in October 2024.
Crucially, the data shows these declines began before reimbursement became mandatory. This matters because it undercuts the idea that reimbursement alone changes criminal behaviour. Reimbursement protects victims, but it does not remove incentives for fraudsters. What it does do is force banks to intervene earlier and more aggressively in the payment journey.
Criminal adaptation is immediate and predictable
As pressure increased on APP scams, criminals did not retreat. They reallocated effort.
The clearest beneficiary of this shift is remote purchase (card-not-present) fraud, which surged in 2024:
- Cases up 22% to 2.59 million
- Losses up 11% to £399.6m
Remote purchase fraud is now the single largest fraud category by volume. Unlike APP scams, these attacks are typically low value, high frequency, often linked to compromised card details, social engineering, and the interception of one-time passcodes used to register digital wallets.
The average loss per remote purchase case has fallen sharply over time, but the sheer scale of attempts makes this channel attractive to criminals seeking consistency rather than big wins.
This is not a failure of controls; it is evidence that controls work locally but displace risk globally.
A typical APP scam once involved convincing a victim to send a large bank transfer, for example, a £40,000 payment to a fake supplier account. Stronger checks, warnings and reimbursement rules now make these payments harder to execute.
Instead, criminals shift to remote purchase fraud. Using phishing texts or emails, they intercept one-time passcodes or card details, register the card to digital wallets, and run dozens of small online transactions; £20, £30, £50 at a time. Each payment looks routine, but at scale the returns become predictable. If you saw a £9.99 Apple or O2 receipt, would you question it?
This is why fraud volume rises even as average losses fall: controls work locally, but criminal effort is displaced to lower-friction channels.
Unauthorised fraud: prevention rises as attacks scale
Unauthorised fraud, where the customer does not approve the transaction, rose modestly in value but sharply in volume:
- Losses up 2% to £722m
- Cases up 14% to 3.13 million
At the same time, banks prevented £1.45 billion of unauthorised fraud, equivalent to 67p of every £1 attempted. That prevention figure increased 16% year-on-year, reinforcing a key theme of the report: fraud attempts are rising faster than fraud losses.
This dynamic, escalating attack volumes met by equally escalating controls, explains why losses appear stable even as pressure on systems, staff, and customers intensifies.
Remote banking fraud quietly improves
One of the more under-reported positives in the data is the sustained decline in remote banking fraud:
- Cases down 17%
- Losses down 7%
- Lowest levels since records began in 2015
Mobile banking fraud cases fell for the first time since 2018, while internet banking fraud reached its lowest loss and case totals on record. This reflects the maturity of behavioural analytics, transaction monitoring, and in-app intervention tools.
It also reinforces a broader conclusion: when detection is embedded early and continuously, fraud volumes fall.
Where fraud really starts: outside the banking system
UK Finance is explicit on one point: most fraud originates beyond banks’ direct control.
In 2024:
- 70% of fraud cases were enabled online, accounting for 29% of losses
- 16% originated via telecommunications, but accounted for 36% of losses
Banks increasingly act as the last line of defence, intercepting fraud only once the victim has already been manipulated. This is why UK Finance continues to push for greater accountability and data-sharing across technology platforms, telecoms providers, and online marketplaces.
Without intervention earlier in the scam lifecycle, fraud will remain a displacement problem rather than a solved one.
Mandatory reimbursement: protection, not prevention
The introduction of mandatory APP reimbursement in October 2024 has already resulted in 86% of in-scope losses being returned to victims in early PSR data, broadly in line with expectations.
However, the report is clear-eyed about its limitations. Reimbursement:
- Does not deter criminals
- Does not repair psychological harm
- Does not reduce upstream scam activity
It is a consumer protection measure, not a crime-reduction strategy. The long-term effectiveness of the UK’s approach will depend on cross-sector disruption, not just financial redress.
Fraud as a structural, not cyclical, risk
The most important conclusion in the report is strategic rather than statistical: fraud should now be treated as a persistent national security and economic risk, not a series of isolated incidents.
Criminals are organised, adaptive, international, and increasingly automated. As one vulnerability closes, another opens. The data from 2024 shows that success in one area almost guarantees pressure elsewhere.
The implication for the industry is clear. Fraud strategy cannot be episodic or reactive. It must be layered, coordinated, and permanent.
Looking ahead
If 2024 proved anything, it is that progress against fraud is possible, but never final.
Losses may stabilise. Case numbers may surge. Tactics will continue to mutate. The only constant is adaptation, on both sides.
For those navigating payments, banking, or financial risk in the UK, understanding how fraud is changing now matters more than celebrating headline improvements.
