Social engineering scams are on the rise — this is how we stop them

In the UK, the first half of 2025 saw £629.3 million stolen by fraudsters, with more than 2 million confirmed cases of fraud. While total losses increased by 3% between the first half of 2024 and the first half of 2025, progress has been made. The fight against unauthorised fraud has seen losses in the UK drop 3% in the same timeframe, thanks to the successful implementation of authentication, authorisation and transaction monitoring.

However, criminals have adapted. There has been a pivot to authorised push payment (APP) fraud, where criminals socially engineer victims into approving the transactions themselves through techniques like investment and romance scams. APP fraud losses are on the rise in the UK, increasing 12% to £257.5 million between the first half of 2024 and the same period in 2025.

These shifting tactics demonstrate that stopping transactions isn’t enough. By the time fraud has reached its destination, it’s too late. Instead, there must be an equal focus on stopping risk further upstream and throughout its journey.

Generating friction for criminals

Regulators are acknowledging the need for friction. The UK’s Payment Systems Regulator (PSR), for example, now requires payment service providers (PSPs) to provide tailored, real-time warnings before a suspicious transaction is made.

This allows financial institutions to determine whether customers have been grossly negligent — in context, including other factors such as the complexity of the scam and consumer vulnerability — deciding their eligibility for fraud reimbursement.

While the PSR’s mandatory reimbursement scheme has undoubtedly strengthened consumer protection, returning millions to victims, this focus on transactional risk profiling has failed to prevent the increase in APP fraud losses in the UK.

Leveraging behavioural monitoring

To address social engineering, financial institutions must monitor for behavioural risks in customer journeys, such as adding new payees, increasing payment limits, and viewing card or PIN details.

Banks in Australia have put behaviour at the heart of their approach. While this poses challenges, such as balancing friction for criminals with friction for customers, Australian financial institutions remove friction in situations that appear low-risk, and up the ante when there’s a risk of consumer detriment.

Australia’s Scams Prevention Framework (SPF) requires banks to take reasonable steps to prevent scams, enabling them to hold or stop payments in critical cases. Unlike the UK, however, the largest Australian banks have set up a real-time intelligence-sharing network, covering more than 85% of the country’s banked population. Importantly, this allows them to consider both risks in the paying customer’s journey and any risks surrounding the destination account.

This is a game-changer. National Australia Bank (NAB) successfully stopped and recovered $48 million of customers’ money in the six months between October 2024 and March 2025, as well as preventing more than $195 million in suspicious payments during that timeframe.

The benefits of this approach are being noticed in other regions, with the UK beginning to deploy similar tactics of increasing smart friction. Santander UK trialled issuing dynamic, transaction-specific warnings when customers attempted a bank transfer via online or mobile banking to purchase items on Facebook Marketplace in a bid to stop purchase scams.

Between December 2023 and May 2024, Santander prevented approximately 1,899 customers from completing a Facebook Marketplace payment after they acknowledged they had yet to see the item in person, and just 240 out of 45,427 attempted transfers ended up being successful scams.

Utilising smart friction has shown proven results in reducing the operational impact of scammers’ activities, removing the need for inbound and outbound contact with customers. Now it’s about how regulations and technology can work together to make a meaningful, wide-scale impact in combatting social engineering.

Collaboration for impact

Financial institutions now have access to behavioural technology that can detect signs of APP fraud, providing real-time visibility into risky behaviours across a customer’s journey. Such technology makes decision-making easier for banks, providing them with accurate risk scoring and alerts on when to intervene. This simplifies the process of determining when to intervene, delay, or block a payment.

Along with deploying better fraud detection tools and behavioural technology, financial institutions must work together. Australia’s real-time intelligence-sharing network reviewed $330 billion in payments between August and September, analysing $60 million in fraudulent payment attempts. Such networks can dramatically improve scam detection without adding friction for customers.

However, banks can’t do it alone. Beyond working with each other, they require the assistance of regulators to implement friction for criminals, as well as a more tech-centric approach to governance and compliance.

Much like the notion that the faster you drive, the further ahead you must look, faster payments require more forward-looking risk strategies. Similarly, solely relying on historical transaction patterns or neither the journey or destination is the equivalent of trying to drive while relying on only the rearview mirror.

As APP fraud continues to rise, and collaboration across the entire ecosystem, from financial institutions to regulators, will be vital in cracking down on scams.