Do fintechs stand a chance against shapeshifting, faceless fraudsters?

UK Finance’s latest fraud report is out and, like any good read, there are highs and lows: moments of positivity mixed with sobering reasons for pause. 

£1.17 billion was stolen by fraudsters in 2024. This is the same figure UK Finance’s financial institution members reported in 2023.

While we’d like to see that number decline, the fact that total losses remained flat despite increasing efforts from bad actors is a positive sign. It signals evidence of progress by FIs and regulators to get a grip on fraudulent activity: 

First, in 2024 there was a 20% drop in APP fraud cases and a 2% drop in overall APP fraud losses. Some of this can be attributed to the (now defunct) PSR’s rollout of mandatory reimbursement rules for banks to victims of APP fraud, prompting better collaboration between receiving and sending firms to validate and verify suspicious payment recipients. As the rules only came into effect in October 2024, we can look forward to seeing the true impact when a full twelve months has passed. 

Second, the year also saw fewer romance and impersonation scams (down 25% cumulatively year-on-year) - scams that can leave deep emotional marks on their victims. 

On the flip side, however, 3.31 million fraud cases were reported in 2024, a figure that’s risen 12% since 2023. Drilling into the areas of fraud:

• investment scam losses increased - rising for the first time since 2021 by 34% year-on-year. 

• and the number of remote purchase scams (where a consumer is tricked into handing over online login passcodes) also increased to its highest level on record, equating to 7,000 reported cases a day. 

Banks and fintechs mightn’t have yet found the secret formula needed to stop fraud in its tracks (spoiler: there isn’t one), but they have managed to stem the rise of fraud losses in the last year. UK Finance attributes a lot of the improvements banks and fintechs are making to wider investment in fraud prevention technology. In 2024, specifically, UK banks prevented £1.45bn of unauthorised fraud — up 16% year-on-year - thanks to smarter security systems.

The report abounds in positive messages like this, centred on actions to mitigate the risk of fraud losses. Risk managers are increasingly equipped to understand fraud that is evolving constantly and are getting better about being able to respond more quickly and nimbly to that reality. 

The fast evolution of fraud remains a danger point, however. To quote UK Finance directly: “if the industry’s focus pivots to one particular type of [fraudulent] activity, so will the tactics of criminals.”

Add to this, the pervasiveness of these criminals’ actions. Alloy’s own research conducted in Q1 this year revealed that three in four UK fintechs see most fraud cases carried out by criminal gangs, as opposed to opportunistic individuals. 

Where does this leave us? How does a bank or fintech stand a chance against a faceless, shapeshifting  adversary? 

Just as financial criminals are sticking with their strategy to evolve tactics on the spot and exploit vulnerabilities in financial services systems, so too must banks and fintechs strengthen their resolve to never let fraud prevention stand still. 

With agentic AI now helping criminals scale and simplify their attacks, detecting behavioural anomalies and verifying identities in-life (not just at onboarding) is more important than ever.

96% of UK fintechs we’ve spoken to say that they are investing in fraud prevention in 2025, and identity risk solutions are their top investment for reducing fraud. And they are seeing results. Nine in ten agree that the money their organisation saves thanks to fraud prevention outweighs its cost. 

UK Finance rightly calls fraud a “national security issue”, not only because everyone is at risk, but because so many of the perpetrators of fraud operate beyond UK borders and so outside of our own criminal justice system. 

The globalisation of financial crime is a fascinating topic, and one that calls for international interoperability of financial institutions, regulators and governments to adequately tackle. Standardising, sharing and orchestrating the flow of identifying information is at the heart of what it takes to stop fraudsters exploiting vulnerabilities between platforms, and that calls for a cross-sector, multinational response.