Abstract
Authorised push payment (APP) fraud represents one of the most significant contemporary threats to financial consumers, with victims voluntarily transferring funds to criminals under false pretences. This dissertation synthesises current academic literature to examine what makes APP fraud prevention effective in practice and identifies populations who remain inadequately protected. Through systematic literature review, the analysis reveals that successful prevention requires alignment across three domains: liability frameworks that incentivise institutional gatekeeping, user journey design incorporating behavioural friction, and network-level technological defences employing artificial intelligence and shared data analytics. Mandatory reimbursement schemes, particularly the United Kingdom’s regulatory approach, demonstrate how shifting liability to payment service providers motivates enhanced protective measures. However, significant protection gaps persist. Consumers in jurisdictions lacking mandatory reimbursement, individuals deemed negligent under restrictive industry codes, digitally excluded populations with low fraud awareness, and small businesses facing business email compromise attacks remain disproportionately vulnerable. The findings underscore that comprehensive APP fraud prevention demands coordinated regulatory, technological, and behavioural interventions whilst highlighting the urgent need for expanded protections addressing currently underserved groups.
Introduction
The proliferation of real-time digital payment systems has fundamentally transformed how individuals and businesses transfer money, offering unprecedented convenience and speed. However, this transformation has simultaneously created fertile ground for sophisticated fraud schemes, among which authorised push payment fraud has emerged as particularly pernicious. Unlike traditional payment fraud where criminals gain unauthorised access to accounts, APP fraud involves victims being deceived into voluntarily initiating payments to accounts controlled by fraudsters. This distinction carries profound implications for liability, consumer protection, and the design of preventive measures.
APP fraud typically manifests through various deceptive schemes, including romance scams, investment fraud, impersonation of legitimate organisations, and business email compromise. Victims, manipulated through social engineering techniques, authorise payments believing them to be legitimate transactions. The real-time, irrevocable nature of faster payment systems means that once funds leave a victim’s account, recovery becomes extremely difficult, with money often rapidly dispersed across multiple accounts or transferred internationally.
The scale of APP fraud has reached alarming proportions. In the United Kingdom alone, APP fraud losses exceeded £485 million in 2022, affecting both individual consumers and businesses across all demographic groups (UK Finance, 2023). This financial impact, however, represents only part of the harm inflicted. Victims frequently experience significant psychological distress, including anxiety, depression, shame, and diminished trust in financial institutions. The emotional toll often exceeds the financial loss, particularly for vulnerable individuals who may lose life savings accumulated over decades.
This topic demands academic attention for several interconnected reasons. First, the liability frameworks governing APP fraud remain contested and evolving, with jurisdictions adopting markedly different approaches to allocating losses between financial institutions and their customers. Understanding which regulatory mechanisms effectively incentivise prevention whilst protecting consumers requires rigorous analysis. Second, the technological arms race between fraudsters and financial institutions raises important questions about the efficacy of various defensive measures, from artificial intelligence-based detection systems to behavioural interventions embedded within payment journeys. Third, emerging evidence suggests that protection against APP fraud is unevenly distributed, with certain populations bearing disproportionate risk despite their heightened vulnerability.
The social and practical significance of this research extends beyond academic discourse. Policymakers designing regulatory frameworks require evidence regarding which interventions demonstrably reduce fraud whilst maintaining payment system efficiency. Financial institutions seeking to implement effective controls need guidance on where to direct resources for maximum protective impact. Consumer advocacy organisations must understand which populations remain inadequately protected to target support and lobbying efforts appropriately.
This dissertation therefore addresses a critical gap in consolidated understanding by synthesising existing research to answer two fundamental questions: what makes APP fraud prevention work in practice, and who remains unprotected despite current measures?
Aim and objectives
The overarching aim of this dissertation is to critically evaluate the effectiveness of authorised push payment fraud prevention mechanisms and identify populations who remain inadequately protected under current frameworks.
To achieve this aim, the following specific objectives guide the analysis:
1. To examine how liability allocation frameworks influence institutional behaviour and consumer protection outcomes in APP fraud prevention.
2. To evaluate the effectiveness of user journey design interventions, including behavioural friction and warning mechanisms, in preventing APP fraud victimisation.
3. To assess the role of technological defences, including artificial intelligence, network analytics, and data-sharing arrangements, in detecting and preventing APP fraud.
4. To analyse systemic coordination mechanisms across the payment ecosystem and their contribution to fraud prevention efficacy.
5. To identify and characterise populations who remain inadequately protected under current APP fraud prevention frameworks.
6. To synthesise findings into actionable recommendations for policymakers, financial institutions, and consumer protection bodies.
Methodology
This dissertation adopts a systematic literature synthesis methodology to address the research aim and objectives. Given the multidisciplinary nature of APP fraud prevention—spanning financial regulation, behavioural economics, computer science, and consumer protection law—a literature synthesis approach enables comprehensive examination of evidence across these domains whilst identifying patterns, contradictions, and gaps in current understanding.
The literature search strategy employed multiple academic databases, including Scopus, Web of Science, and Google Scholar, supplemented by targeted searches of regulatory publications, government reports, and industry analyses. Search terms included combinations of “authorised push payment fraud,” “APP fraud,” “payment fraud prevention,” “scam reimbursement,” “payment fraud liability,” “behavioural interventions fraud,” and “financial consumer protection.” Searches were limited to English-language publications from 2018 onwards to capture the most relevant contemporary developments, given the rapidly evolving nature of both the threat landscape and regulatory responses.
Inclusion criteria prioritised peer-reviewed journal articles, working papers from recognised academic institutions, official regulatory and government publications, and reports from established financial industry bodies. Exclusion criteria eliminated opinion pieces without empirical or analytical foundation, purely technical documentation without regulatory or protective implications, and publications from sources of uncertain credibility.
The synthesis followed a thematic analysis approach, with literature organised according to the dissertation’s objectives: liability frameworks, user journey design, technological defences, systemic coordination, and protection gaps. Within each theme, evidence was critically evaluated for methodological rigour, generalisability, and practical applicability. Particular attention was paid to contradictory findings and limitations acknowledged by primary researchers.
This methodology acknowledges certain limitations. Literature synthesis cannot generate new primary data and remains dependent on the quality and scope of existing research. The rapidly evolving nature of both APP fraud techniques and preventive measures means that some evidence may become outdated quickly. Additionally, publication bias may result in overrepresentation of successful interventions compared to ineffective measures. Despite these limitations, literature synthesis provides the most appropriate methodology for consolidating current understanding and identifying both effective practices and remaining gaps in protection.
Literature review
The nature and scale of authorised push payment fraud
Authorised push payment fraud fundamentally differs from traditional payment fraud in that victims themselves initiate and authorise the transfer of funds. This characteristic creates distinctive challenges for prevention and liability allocation. Whereas unauthorised fraud allows for relatively straightforward reversal under established payment regulations, APP fraud involves transactions that appear legitimate from a technical perspective, with proper authentication and customer authorisation (Dahlgreen, 2021).
The taxonomy of APP fraud encompasses diverse deceptive schemes. Impersonation scams involve criminals posing as trusted entities such as banks, government agencies, or service providers. Investment scams promise unrealistic returns to lure victims into transferring funds to fraudulent schemes. Romance scams exploit emotional connections developed through online platforms. Business email compromise targets commercial entities through fraudulent payment instruction modification. Each variant employs sophisticated social engineering techniques that exploit psychological vulnerabilities rather than technical weaknesses in payment systems.
Research demonstrates that APP fraud victimisation extends across demographic categories, challenging assumptions that only digitally inexperienced individuals fall victim. Sophisticated professionals, including legal and financial sector workers, have been deceived by increasingly convincing fraudulent communications (Ngan, 2025). This widespread vulnerability underscores that prevention cannot rely solely on consumer education or individual vigilance.
Liability frameworks and institutional incentives
The allocation of liability for APP fraud losses represents perhaps the most consequential factor determining institutional behaviour and consumer protection outcomes. Traditional banking law positions followed the principle that loss “lies where it falls,” with customers who authorised payments bearing the consequences regardless of deceptive circumstances. This approach reflected established contract law principles but failed to account for the sophisticated manipulation underlying APP fraud or the information asymmetries between financial institutions and their customers (Dahlgreen, 2021).
The United Kingdom pioneered regulatory intervention through the Contingent Reimbursement Model Code, subsequently strengthened through mandatory reimbursement requirements under Payment Systems Regulator rules effective from 2024. This framework shifts liability to payment service providers, requiring reimbursement of victims within five business days unless the customer acted with gross negligence. The theoretical foundation rests on the economic principle that parties best positioned to prevent harm should bear the costs of failure, thereby incentivising appropriate preventive investment (Yang, 2025).
Empirical analysis suggests that mandatory reimbursement reinforces banks’ gatekeeping duties, incentivising stronger controls and monitoring systems. When financial institutions bear financial consequences for fraud occurring through their systems, rational economic behaviour dictates investment in prevention to the point where marginal prevention costs equal marginal expected losses. This alignment of institutional incentives with consumer protection objectives represents a fundamental mechanism through which liability frameworks influence practical outcomes (Abadi and Murdoch, 2023).
However, critics identify potential weaknesses in liability-based approaches. Banks may pass reimbursement costs to consumers through increased fees or reduced service quality, diluting the protective intent of mandatory schemes. Terzić (2023) notes that opaque charging structures could permit institutions to socialise fraud losses whilst maintaining inadequate preventive measures. Furthermore, the discretion afforded to banks in assessing customer negligence creates potential for inconsistent outcomes and disputed claims (Yang, 2025).
Comparative analysis reveals stark differences between jurisdictions. The United States, operating primarily through the Electronic Fund Transfer Act framework designed for unauthorised transactions, provides minimal statutory protection for APP fraud victims. Australian consumers similarly lack comprehensive mandatory reimbursement, although regulatory reviews have recommended strengthening protections. These jurisdictional variations create uneven global protection, with consumer outcomes depending substantially on geographic location rather than objective circumstances of victimisation.
User journey design and behavioural interventions
Recognition that APP fraud exploits psychological vulnerabilities rather than technical weaknesses has generated substantial interest in behavioural interventions integrated within payment user journeys. The premise underlying this approach holds that carefully designed friction points can interrupt the psychological manipulation inherent in fraud scenarios, providing victims opportunity to reconsider before completing irreversible transfers.
A behavioural experiment conducted within a mobile banking application provides particularly compelling evidence. Akesson, Gathergood and Quispe-Torreblanca (2023) tested various intervention designs against control conditions, measuring their effectiveness in preventing simulated APP fraud scenarios. Their findings revealed substantial differential effects across intervention types. Standard warning messages, such as generic alerts to be careful about payment recipients, produced only weak protective effects. Victims under psychological pressure from fraudsters appeared to process such warnings superficially or dismiss them as inapplicable to their particular circumstances.
In contrast, redesigned calls-to-action that made proceeding with payments more effortful dramatically reduced APP fraud success rates. These interventions included requiring users to actively type confirmation phrases, introducing mandatory waiting periods before high-risk payments could complete, and restructuring button placements to make cancellation the default prominent option. The effectiveness of these friction-based interventions supports theoretical models suggesting that creating opportunity for cognitive reflection can interrupt the automatic processing that fraudsters exploit.
Doeland (2019) extends this analysis to identify specific high-risk moments within payment journeys where friction interventions deliver maximum protective value. First payments to new payees represent elevated risk points, as do high-value instant payments and transactions to accounts flagged through fraud intelligence sharing. Targeting interventions at these moments allows institutions to implement meaningful protection whilst minimising disruption to legitimate routine transactions.
The design literature emphasises that effective friction must avoid the pitfalls of both excessive burden, which drives customers to circumvent controls or abandon legitimate transactions, and insufficient salience, which allows warnings to become background noise that victims disregard. Calibrating this balance requires understanding both the psychological dynamics of fraud victimisation and the practical constraints of payment system usability.
Technological defences and artificial intelligence applications
The technological dimension of APP fraud prevention encompasses detection systems, authentication mechanisms, data-sharing infrastructure, and emerging cryptographic approaches. Artificial intelligence has attracted particular attention for its potential to identify fraudulent transactions in real-time by recognising patterns imperceptible to rule-based systems or human reviewers.
Fei, Dhot and Raza (2023) examine how AI-based models can manage APP scams by combining liability rule awareness with real-time pattern analysis and risk scoring. Machine learning algorithms trained on historical fraud data can identify anomalous transaction characteristics, unusual behavioural patterns, and network features associated with fraudulent schemes. Integration with liability frameworks allows these systems to adjust intervention thresholds based on institutional risk tolerance and regulatory requirements.
The effectiveness of AI-based detection depends critically on data quality and scope. Single-institution models, whilst capturing customer-specific behavioural baselines, cannot detect patterns visible only at network level. Mule accounts receiving fraudulent payments may appear unremarkable within one bank’s view whilst exhibiting distinctive characteristics across the broader payment network.
Loecker et al. (2023) analyse network-wide data hubs and graph analytics implemented across banking systems, demonstrating superior mule-account detection and fund recovery rates compared to siloed institutional approaches. Graph-based analysis can identify networks of connected accounts exhibiting characteristics associated with fraud operations, enabling preemptive action against receiving accounts before losses become irrecoverable.
Emerging cryptographic protocols offer additional protective possibilities. Abadi and Murdoch (2023) propose payment with dispute resolution protocols that would allow victims to efficiently prove their innocence for reimbursement purposes through cryptographic verification of circumstances surrounding fraudulent transactions. Such mechanisms could streamline reimbursement processes whilst reducing potential for fraudulent claims. However, these approaches remain at proof-of-concept stages without large-scale deployment, and questions remain regarding implementation complexity and user experience implications.
Systemic coordination across the payment ecosystem
APP fraud prevention effectiveness depends not only on individual institutional measures but on coordination across the payment ecosystem. Fraudsters exploit seams between institutions, moving funds rapidly through chains of accounts that cross organisational boundaries faster than bilateral communication can facilitate intervention.
Van Rijn (2025) argues that strengthening core banking capabilities to combat fraud requires recognition that banks operate within interconnected systems where defensive weaknesses at any point create vulnerabilities exploitable by sophisticated criminal networks. National-level cooperation, shared fraud intelligence, and coordinated mitigation across the payment chain represent essential components of effective system-wide defence.
Coordination mechanisms include fraud intelligence sharing platforms that enable real-time alerts regarding known fraudulent accounts, coordinated intervention protocols that allow receiving institutions to freeze funds pending verification, and standardised data formats that facilitate automated information exchange. The effectiveness of such mechanisms depends on participation rates, information quality, latency, and legal frameworks governing data sharing.
Regulatory bodies play crucial roles in mandating and facilitating coordination. Payment system operators can require participating institutions to implement shared defensive standards as conditions of network membership. Central banks and financial regulators can create legal frameworks enabling information sharing that might otherwise conflict with data protection or banking secrecy requirements.
Populations remaining inadequately protected
Despite advances in prevention frameworks, substantial populations remain inadequately protected against APP fraud. Understanding these protection gaps requires analysis across jurisdictional, procedural, demographic, and institutional dimensions.
Consumers in jurisdictions without mandatory reimbursement or clear bank duties face stark protection deficits. Where losses typically fall on individuals regardless of circumstances, victims bear both financial and emotional consequences whilst institutions lack incentives for preventive investment beyond reputational considerations. The contrast between protection levels across jurisdictions raises fundamental questions about equity and the appropriate scope of financial consumer protection (Yang, 2025; Dahlgreen, 2021).
Even within protective frameworks, victims whose behaviour is framed as negligent under narrow industry codes may find themselves excluded from reimbursement. Ngan (2025) documents how discretionary assessments of customer conduct can produce inconsistent outcomes, with similar circumstances yielding different decisions across institutions. Opaque decision-making processes compound this problem, leaving denied claimants uncertain about grounds for rejection or appeal possibilities.
Demographic factors correlate with vulnerability but also with awareness and protective behaviour. Lonkar et al. (2024) identify digitally excluded users and those with limited fraud-risk awareness as particularly vulnerable populations. Their research in the Indian context demonstrates significant variation in consumer preparedness for digital payment fraud, with less aware groups scoring low on both recognition of fraud indicators and implementation of protective behaviours. These populations face elevated risk precisely because preventive measures assuming baseline digital literacy may fail to reach them.
Small businesses occupy a distinctive position within protection frameworks. Business email compromise and similar schemes targeting commercial entities can result in substantial losses, yet small businesses typically fall outside consumer-focused protection schemes. Terzić (2023) notes that commercial entities face large-value APP fraud with limited chargeback options and minimal regulatory protection, creating asymmetry between their vulnerability and available recourse.
Discussion
The synthesis of evidence regarding APP fraud prevention reveals a complex landscape where effectiveness depends on alignment across regulatory, technological, and behavioural domains. This discussion examines how findings address each research objective and considers their broader implications for policy and practice.
Liability frameworks as foundational mechanisms
The evidence strongly supports the proposition that liability allocation fundamentally shapes institutional behaviour regarding APP fraud prevention. The United Kingdom’s progression from voluntary industry codes to mandatory reimbursement demonstrates a regulatory trajectory responding to inadequate voluntary measures. When institutions bore no consequences for fraud occurring through their payment channels, rational cost-benefit analysis provided minimal incentive for investment in sophisticated prevention beyond baseline compliance requirements.
Mandatory reimbursement alters this calculus by internalising fraud costs that were previously externalised to victims. The economic logic suggests that institutions will invest in prevention up to the point where additional preventive expenditure exceeds expected reimbursement savings. This theoretical alignment of institutional and consumer interests represents the primary mechanism through which liability frameworks influence practical outcomes.
However, the evidence also reveals important limitations and potential distortions. The ability to pass costs to consumers through fee structures could undermine protective intent if not carefully monitored. Additionally, the gross negligence exception creates discretionary space that institutions might interpret expansively to limit reimbursement obligations. Regulatory oversight and ombudsman adjudication therefore remain essential complements to liability frameworks, ensuring that theoretical protections translate into practical outcomes.
Jurisdictional variation in liability approaches creates inequitable global protection. Consumers engaging in identical transactions with identical victimisation circumstances receive fundamentally different treatment depending on geographic location. This variation supports arguments for international coordination on APP fraud liability standards, though practical implementation challenges remain substantial given differences in legal traditions and regulatory capacity.
Behavioural interventions and user journey design
The experimental evidence regarding behavioural interventions provides unusually direct insight into what works in APP fraud prevention. The finding that standard warnings produce minimal protective effect whilst designed friction dramatically reduces fraud success rates carries significant practical implications.
This differential effectiveness aligns with psychological models of how fraud victimisation occurs. Victims under active manipulation experience elevated stress, cognitive load, and social pressure that impair careful deliberation. Generic warnings addressed to hypothetical future scenarios cannot penetrate this psychological state. In contrast, friction that requires effortful action creates mandatory pause points that may interrupt the automated compliance that fraudsters exploit.
The implications for financial institution practice are clear: investment in user journey design should prioritise friction-based interventions over informational warnings. However, implementation requires careful calibration. Excessive friction generates customer frustration, abandonment of legitimate transactions, and potential competitive disadvantage. The evidence suggests targeting friction at demonstrably high-risk moments—new payees, high values, flagged recipients—rather than universal application.
This finding also carries implications for regulatory requirements. Mandating specific warning language, as some regulatory approaches have adopted, may prove less effective than requiring demonstrably protective journey design regardless of specific implementation. Performance-based standards that measure fraud prevention outcomes may incentivise more innovative and effective interventions than prescriptive process requirements.
Technological capabilities and network-level defences
Artificial intelligence and network analytics represent powerful tools for APP fraud detection, but their effectiveness depends critically on deployment context. Single-institution AI models provide valuable detection capabilities but cannot identify patterns visible only across the payment network. The evidence strongly supports investment in shared data infrastructure enabling network-level analytics.
The practical barriers to network-level data sharing—competitive sensitivity, data protection requirements, technical interoperability—require active regulatory facilitation to overcome. Payment system operators and financial regulators hold unique positions to mandate participation in shared defensive infrastructure as conditions of system access. The evidence suggests that such mandates would yield substantial detection improvements justifying the coordination costs.
Emerging cryptographic approaches to streamlined dispute resolution remain speculative in their practical potential. Whilst technically elegant, questions regarding implementation complexity, user experience implications, and institutional adoption willingness require resolution before these concepts can contribute to practical protection.
Protection gaps and equity concerns
The identification of populations remaining inadequately protected raises fundamental questions about the equity and comprehensiveness of current frameworks. The evidence reveals protection gaps across multiple dimensions that demand differentiated responses.
Jurisdictional gaps require international policy coordination, though this represents a long-term objective given the complexity of harmonising financial regulation across legal systems. More immediate progress may be achievable through bilateral agreements, industry voluntary standards, and consumer advocacy highlighting cross-border inequities.
Procedural gaps arising from negligence assessments and opaque decision-making represent more tractable problems. Regulatory guidance clarifying negligence standards, mandatory disclosure of decision criteria, and accessible appeals mechanisms could substantially improve consistency and fairness within existing frameworks.
Demographic gaps affecting digitally excluded populations require interventions beyond mainstream technological solutions. Targeted education, simplified protective mechanisms, and recognition that universal protective standards must accommodate diverse digital literacy levels all contribute to addressing these gaps.
Small business protection deficits represent a significant policy gap requiring explicit attention. The distinction between consumer and commercial transactions in protection frameworks fails to account for the vulnerability of small enterprises, which may lack sophisticated treasury functions whilst facing substantial fraud exposure.
Synthesis and integration
The evidence supports a model of effective APP fraud prevention requiring simultaneous attention to liability frameworks, user journey design, technological defences, and systemic coordination. Weakness in any dimension undermines overall protection, whilst strength across all dimensions produces synergistic effects.
Liability frameworks provide foundational incentives but require complementary operational measures to translate incentives into practical protection. User journey interventions directly protect consumers at the moment of potential victimisation but function most effectively within institutional contexts incentivised to implement them rigorously. Technological defences enhance detection capabilities but require network-level coordination to achieve full potential. Systemic coordination enables information sharing and collective action but depends on institutional willingness shaped by liability frameworks.
This integrated understanding implies that partial approaches—whether purely regulatory, purely technological, or purely behavioural—will yield suboptimal results. Comprehensive protection requires coordinated development across all dimensions, with attention to the specific populations and circumstances that current measures fail to adequately address.
Conclusions
This dissertation has examined what makes APP fraud prevention effective in practice and identified populations who remain inadequately protected under current frameworks. Through systematic literature synthesis, the analysis addresses each stated research objective whilst highlighting implications for policy and practice.
Regarding liability frameworks, the evidence demonstrates that mandatory reimbursement schemes reinforce institutional gatekeeping duties by aligning economic incentives with consumer protection objectives. However, effectiveness depends on preventing cost pass-through to consumers, maintaining appropriate oversight of negligence determinations, and ensuring accessible dispute resolution mechanisms. The first objective has been achieved through analysis demonstrating clear connections between liability allocation and institutional behaviour.
The evaluation of user journey design interventions reveals that friction-based approaches dramatically outperform informational warnings in preventing APP fraud victimisation. This finding, supported by experimental evidence, carries significant implications for how financial institutions and regulators should prioritise intervention design. The second objective has been achieved through critical comparison of intervention types and their differential effectiveness.
Technological defences, particularly AI-based detection systems, contribute valuable capabilities that function most effectively at network level rather than within institutional silos. Shared data infrastructure enabling cross-institutional analytics substantially improves mule-account detection and fund recovery. The third objective has been achieved through assessment of technological approaches and their contextual requirements for effectiveness.
Systemic coordination mechanisms—including shared fraud intelligence, standardised intervention protocols, and regulatory facilitation of data sharing—represent essential complements to institution-level measures. The fourth objective has been achieved through analysis of coordination requirements and their contribution to system-wide defence.
The identification of inadequately protected populations reveals that protection gaps persist across jurisdictional, procedural, demographic, and institutional dimensions. Consumers in weak-duty jurisdictions, individuals deemed negligent under narrow codes, digitally excluded populations, and small businesses all face elevated vulnerability relative to protective measures available to them. The fifth objective has been achieved through systematic characterisation of these protection gaps and their underlying causes.
The synthesis of findings into actionable recommendations addresses the sixth objective. Policymakers should prioritise mandatory reimbursement frameworks whilst ensuring robust oversight of implementation. Financial institutions should invest in friction-based user journey design targeted at high-risk moments. Industry coordination bodies should facilitate network-level data sharing and analytics. Consumer protection organisations should advocate for expanded protections addressing currently underserved populations.
Future research should address several identified gaps. Longitudinal evaluation of mandatory reimbursement schemes would provide evidence regarding sustained effectiveness and potential unintended consequences. Comparative analysis of friction intervention designs across cultural contexts would enhance generalisability of findings. Investigation of small business protection mechanisms would address a significant gap in current frameworks. Development and evaluation of interventions specifically targeting digitally excluded populations would support more inclusive protection.
The significance of this research lies in its consolidation of currently fragmented evidence into an integrated understanding of effective APP fraud prevention. As real-time payment systems continue expanding globally and fraud techniques evolve in sophistication, the principles identified here—liability alignment, designed friction, networked technology, systemic coordination, and attention to underserved populations—provide foundations for continued development of protective frameworks that serve all members of society equitably.
References
Abadi, A. and Murdoch, S., 2023. Payment with dispute resolution: a protocol for reimbursing fraud victims. *Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security*. https://doi.org/10.1145/3579856.3595789
Akesson, J., Gathergood, J. and Quispe-Torreblanca, E., 2023. Preventing payments fraud in the FinTech era: new evidence from a behavioural experiment. *SSRN Electronic Journal*. https://doi.org/10.2139/ssrn.4532757
Dahlgreen, J., 2021. Catastrophic fraud loss lies where it falls? Push payment scams and the bank’s duty of care to its customer. *Journal of Financial Crime*. https://doi.org/10.1108/jfc-10-2021-0223
Doeland, M., 2019. How to keep payments safe and secure in a changing world. *Journal of Payments Strategy & Systems*. https://doi.org/10.69554/fslk7337
Fei, K., Dhot, T. and Raza, M., 2023. Considerations for using artificial intelligence to manage authorized push payment (APP) scams. *IEEE Engineering Management Review*, 51, pp. 166-179. https://doi.org/10.1109/emr.2023.3288432
Loecker, F., Ramadiah, A., Soramäki, K. and Towning, W., 2023. Building robust anti-fraud and scam capabilities at the national level. https://doi.org/10.69701/ektb6000
Lonkar, A., Dharmadhikari, S., Dharurkar, N., Patil, K. and Phadke, R., 2024. Tackling digital payment frauds: a study of consumer preparedness in India. *Journal of Financial Crime*. https://doi.org/10.1108/jfc-01-2024-0029
Ngan, J., 2025. “The view from below”: resistance and change in authorised push payment fraud. *Journal of Economic Criminology*. https://doi.org/10.1016/j.jeconc.2025.100166
Payment Systems Regulator, 2023. *PS23/3: Fighting authorised push payment fraud: a new reimbursement requirement*. London: Payment Systems Regulator.
Terzić, B., 2023. The liability of the payer’s bank in case of authorised push payments fraud. *Bankarstvo*. https://doi.org/10.5937/bankarstvo2304104t
UK Finance, 2023. *Annual fraud report 2023*. London: UK Finance.
Van Rijn, M., 2025. Strengthening the core: what is next in banking to combat fraud?. *Journal of Payments Strategy & Systems*. https://doi.org/10.69554/oxph5694
Yang, C., 2025. Protecting financial consumers from authorized push payment fraud: is reimbursement an optimal solution?. *Journal of Financial Regulation and Compliance*. https://doi.org/10.1108/jfrc-11-2024-0225
