Fraudsters are shifting their tactics to buy items online using stolen details, and sometimes tricking people into disclosing their one-time passcodes, according to a banking and finance industry body.
Cases where criminals used stolen details to buy items online helped to push up the number of unauthorised fraud payments last year.
UK Finance recorded 3.13 million cases of unauthorised fraud in 2024 – where money is taken from someone’s account by a third party, without the account holder’s consent.
This was a 14% increase compared with 2023. Unauthorised fraud losses totalled £722 million in 2024 – a 2% annual increase.
One of the main reasons for the rise was an increase in remote purchase fraud, which had been falling in recent years, UK Finance said.
With this type of fraud, criminals use stolen card details to buy something on the internet, over the phone or through mail order.
Remote purchase fraud case numbers increased by 22% to nearly 2.6 million, and losses increased by 11% to nearly £400 million.
UK Finance said criminals are using social engineering to trick people into divulging one-time passcodes (OTPs).
Once they have an OTP, a criminal is often able to authenticate fraudulent transactions or to register compromised card details for digital wallets.
Victims of unauthorised fraud cases are legally protected against losses and UK Finance research indicates that customers are fully refunded in more than 98% of unauthorised fraud cases.
Meanwhile, the number of authorised push payment (APP) fraud cases, where people were tricked into transferring money to fraudsters, fell by a fifth (20%) last year.
Some 186,000 APP fraud cases were recorded by UK Finance – the lowest figure since 2020.
APP losses fell by 2% to just over £450 million in 2024.
Despite the fall in APP scam reports, UK Finance said there was a “notable increase” in international payments being made as part of APP fraud, with criminals likely trying to persuade people to send money outside of the UK.
International payments accounted for 11% of APP losses in 2024, up from 6% in 2023.
The general decline in APP fraud cases was driven by a range of factors, including investing in technology that can help identify and flag potentially fraudulent activity, as well as consumers being made aware of frauds, the report said.
The biggest amount of APP losses was due to investment fraud, which happens when a criminal convinces their victim to move their money to a fictitious fund or to pay for a fake investment.
UK Finance said £144.4 million was stolen through this type of fraud in 2024, rising by a third (34%) compared with 2023, despite a reduction in cases.
Purchase scams, when a victim pays in advance for goods or services that are never received, continued to be the most common type of APP fraud.
New rules, overseen by the Payment Systems Regulator (PSR), require banks to give people their money back when they have been tricked into transferring it to criminals.
An authorised push payment (APP) reimbursement limit of £85,000 has been applied under the rules, although banks can choose to go further than this and repay higher amounts.
The rules were introduced in October 2024 and the PSR recently said that a “high proportion” of scam victims are getting their money back.
Looking at compliance data reported by payment service providers, the PSR recently said that in the first three months of the initiative, 86% of money lost to APP scams was returned to victims.
Before the rules were introduced, many banks had signed up to a voluntary code to reimburse customers.
UK Finance’s figures showed that, last year, £267.1 million of APP fraud was reimbursed to victims by banks, representing around 59% of the money stolen from APP fraud.
It said that its data covers a wider range of payments and account types than those covered by the new rules from the PSR which means that they are not directly comparable.
UK Finance said 70% of APP fraud cases were confirmed as having started on online platforms, leading to 29% of losses. However, frauds starting by telecoms accounted for bigger losses, at 36%.
In total, criminals stole £1.17 billion through unauthorised and authorised fraud in 2024, which was broadly unchanged from 2023, UK Finance said.
However, case numbers jumped by 12% last year, compared with 2023, to stand at 3.31 million.
The report said: “While this points to a reduction in the average loss per case, criminals are targeting ever more victims in order to maintain flows of illicit funds with more people having to deal with the resulting stress, inconvenience and emotional harm that entails.”
Banks prevented £1.45 billion of unauthorised fraud last year.
Ben Donaldson, managing director of economic crime at UK Finance, said: “Fraud continues to blight this country, with over £1 billion stolen by criminals in 2024.
“This causes severe harm to individuals, society and our economy as the stolen money goes to serious organised crime groups, both here and abroad.
“The financial services industry works tirelessly to protect customers and prevent billions more being stolen by fraudsters, but we know that criminals are always looking for new ways to exploit victims.
“To deal with this threat, we need a more proactive approach with the public and private sectors working more closely together and using data and intelligence more effectively.”
Jim Winters, head of financial crime at Nationwide Building Society, said: “While it’s positive to see authorised push payment cases coming down following regulatory changes and investment in technology, fraud-related crimes remain chronically unreported.”
Santander UK’s head of fraud risk management, Chris Ainsley, said: “If the 70% of authorised push payment cases which originated online, and the 16% which emerged through telecoms networks, were prevented at source, it’s obvious that fraudsters would not have the opportunity to target the vast number of consumers that they do today.”
Here are the sources of APP fraud in 2024, with the number of cases this represents as a percentage, followed by the value of losses this represents as a percentage, according to UK Finance:
Online, 70%, 29%
Telecommunications, 16%, 36%
Email, 1%, 10%
Other, 3%, 7%
Unknown, 10%, 18%
