As we approach the Christmas shopping frenzy, fraudsters are already engaged in their seasonal folly of unauthorised transactions, authorised push payments and phishing activities.
Why now?
Seasonal shopping periods provide a perfect storm of opportunity for fraudsters to create uncontrollable chaos for firms and customers. Firms face increased transaction volumes, stretched fraud teams and relaxed transaction approval rules, during this ‘fast and furious’ shopping spree. ‘Firms need to be “ten steps ahead” to avoid being overwhelmed by suspicious transaction reports and minimise exposure to customer claims for reimbursement if they fall victim to frauds and scams.’
During this period of heightened transactions, Boards should continually monitor the performance of the firm’s control frameworks, the operational impacts on compliance and customer service teams, and their liquidity risk management frameworks. Senior leaders should review MI trends in fraud and unauthorised transactions – question the root cause of any losses incurred, and understand the control methods used in their fraud prevention systems.
Current scamming trends
The PSR’s most recent APP fraud dashboard reveals a more than 10% increase in reported APP scam claims from the previous quarter – growing from 43,600 to 48,500. We expect these metrics will rise before and during the Christmas period as victims utilise the claims reimbursement mechanism to regain lost funds.
According to UK Finance, losses from authorised push payment (APP) fraud in the UK reached £257.5 million in the first half of 2025, a 12 % increase compared with the same period in 2024. From this, APP fraud is seen to be responsible for approximately 41% of all fraud losses in that period. UK Finance reported that losses from purchase scams continued to be the most common form of APP fraud, accounting for 72% of all cases. Whilst total losses increased by 10 per cent, overall cases fell by 7%.
Clearly, fraudsters continue to adapt and devise new ways to steal victims’ money, funnelling significant sums to criminal enterprises. Maintaining customer trust and confidence is key to firms continued growth and success. Acting early to protect customers and reduce the threat from fraudsters and scammers remains a priority for regulators and should be a priority for firms.
What are the key fraud typologies today?
- Account Takeover Fraud – has been the most common type of APP fraud in recent times and likely to grow during Christmas. This is where scammers trick users into giving up their credentials through fake emails, messages, or websites.
- Exploitation scams – fraudsters take advantage of people’s generosity through the creation of fake charities and mimicking well-known organisations; romance scams with increased monetary requests during the holidays; and social media scams enticing customers with “secret santa” or “gift exchange” schemes to be sent to fake companies.
- Other purchase and delivery scams – parcel delivery methods involving the receipt of a text or email claiming delivery issues, prompting customers to click a link leading to a fake site or malware, or requesting to pay a “fee”; and ticket fraud involving fraudsters selling fake or non-existence tickets for concerts or sporting events.
How should firms respond?
Strengthen identity verification:
- Use Multi-Factor Authentication (adding another security layer)
- Tighten new-account verification (email/sms/online log-ins)
- Test the effectiveness of Confirmation of Payee (CoP) controls
- Review behavioural biometrics to detect suspicious activity
Review the adequacy of fraud monitoring rules:
- Ensure the use of predefined criteria to flag suspicious transactions or behaviours, triggering alerts or immediate actions like blocking a purchase
- Question your false positives and ensure suspicious transactions are not “slipping through the net”
- Activate Artificial Intelligence (AI) features on screening tools or invest in systems using machine learning to analyse data and spot anomalies better and quicker
Ensure real-time detection:
- Implement velocity rules for check-out attempts, card retries, OTP requests
- Employ tighter thresholds for new-device or new-location logins
- Use risk-based routing e.g. low risk transactions are approved quickly, medium risk require lightweight verification (3DS, OTP), and high risk require manual review or auto decline
- Use your MLRO wisely! Sense-check any unusual or anomalous transaction monitoring results. Question and clarify. Document your rationale for rejecting payments.
Refresh fraud detection and prevention training to staff:
- Review the adequacy of your fraud training programme and fill knowledge gaps
- Ensure 1st line, 2nd line and senior management receive up-to-date and practical training to impart an appropriate understanding of fraud awareness and emerging threats
What next?
It’s imperative that firms don’t reduce vigilance after peak time shopping periods pass. In the new year, firms should:
- Review fraud policies, procedures and risk assessments for optimum effectiveness
- Create an ‘early detection’ culture where staff readily identify fraudulent transactions and act immediately to prevent further risk to the customer and firm
- Educate customers about current fraudulent trends and inform them of support available from firms and external authorities
- Continue reviewing and modifying fraud monitoring rules to adapt to increased regulatory risks
Firms should cultivate a ‘lessons learned’ approach after each seasonal shopping period to review if the current and modified controls worked as expected – and if not, what improvements could be planned now for the year ahead. It’s vital that Boards have candid conversations with first and second line leaders about any failures or flaws in their fraud processes and ways of working. A common denominator tends to be a weakness in understanding and imparting fraud awareness to key personnel responsible for fraud response and management.
Further support If you would like to discuss further or require further support in the fraud sphere, please feel free to get in touch with us at Cosegic.
