In 2025, more than 444,000 fraud cases were recorded on the National Fraud Database, the highest annual total ever reported by Cifas. The UK’s Fraud Strategy 2026–29 rightly recognises the scale of this challenge, and much of the industry’s attention remains focused on the most visible threats: unauthorised payments, fake IDs and anomalous transactions. Yet the most scalable, least-detected and most preventable fraud occurs much earlier: at the point of application.
The issue is that application fraud is often overlooked, not because controls are weak, but because applications are assessed in silos. Viewed one by one, even coordinated criminal activity can appear entirely legitimate. The Bounce Back Loan scheme illustrated this clearly. During the pandemic, multiple or fabricated applications were submitted by the same actors, slipping through lender-specific checks and ultimately contributing to £11bn in fraudulent losses. The structural weakness that enabled this (fragmented, isolated reviews) persists today.
Clearly, coordinated effort and intelligence sharing are essential at the application stage to reduce downstream losses and protect lenders and genuine customers. To understand why application fraud remains such a significant blind spot, we must first examine how it is evolving and why it so often appears legitimate.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
The state of application fraud today
Application fraud spans a wide spectrum. At one end is first-party fraud. This is when a genuine individual deliberately provides false information to obtain credit. Sophisticated third-party fraud lies at the other end, including identity theft, impersonation and synthetic identities. In both cases, false, manipulated or stolen information is submitted across products such as loans, motor finance, mortgages and credit cards.
Experian UK’s Fraud and FinCrime 2025 Report found that one-third of organisations experienced first-party (33%) or identity theft (34%) fraud, underscoring the prevalence of application-stage deception. Experian’s Fraud Index Q4 2025 further revealed a material shift towards first-party behaviour, which accounted for 29% of all cases in the quarter, rising across current accounts, cards, asset finance and loans. This trend highlights the need for more dynamic, behaviour-led controls.
Despite its scale, application fraud is exceptionally difficult to detect. Of the 33.6 million unique applications processed annually by National Hunter, only 0.44% (150,000) are fraudulent. Identifying these cases is akin to finding thousands of needles in a barn full of haystacks. And, when reviewed in isolation, these fraudulent applications often look plausible, leading to them being frequently dismissed as human error or low-risk anomalies.
Why application fraud often appears legitimate
Fraudulent applications increasingly mirror genuine customer behaviour. Criminals use stolen or synthetic identities, subtle data manipulation and manufactured personas to bypass automated checks. Many fraudulent applications contain only minor inconsistencies, just enough to avoid scrutiny, but not enough to trigger hard failures.
AI has accelerated this shift. It now enables criminals to generate highly convincing applications at scale, complete with realistic identity documents, digital signatures and behavioural patterns. Additionally, AI can produce hundreds of near-identical applications, each with slight variations that mimic natural customer behaviour.
The other benefit for criminals is that, when reviewed individually, it is impossible to spot patterns in inaccuracies or reused false identities. After all, the key indicators of fraud within this space are multiple applications from the same IP address or device, sudden changes in behaviour or payment method linked to that identity or information that appears to be “too good to be true”. When applications are reviewed in silos, these indicators are either not as effective or completely lost.
The issue with reviewing applications in isolation has been noted in the recently published UK Gov Fraud Strategy 2026-29, which highlights how fraud risk is compounded by the fragmented data landscape: “Partners across the public and private sector have their own unique insights, but there is currently no clear, shared and real-time picture of the fraud threat, meaning collective disruption is delayed or less effective”. Recognising the harm caused by operating in silos, the strategy also announced the upcoming launch of the Online Crime Centre (OCC), which will collect and analyse data to identify and disrupt criminals. This approach is particularly critical at the application stage, where early intervention prevents downstream losses.
Closing the gap between policy ambition and front-line decisions
The need for greater collaboration and intelligence sharing is widely recognised. But to be effective, it must begin at the earliest point in the customer journey. While confirmed and suspected application fraud volumes fell in Q4 2025, tactics continue to evolve, and criminals continue to improve their methods.
A proactive, intelligence-led approach at the application stage is essential. Only by sharing insights derived from comprehensive verification, behavioural analytics and device intelligence can the industry expose the patterns no single organisation can see alone. This is the most cost-effective and impactful moment to intervene before money is lost, customers are harmed or criminal networks become further entrenched.
Conclusion
Application fraud is the industry’s most persistent blind spot, not because it is invisible, but because it is rarely viewed in the right context. The application stage is the earliest and most cost-effective point to intervene, and criminals exploit fragmentation to operate undetected.
Only by sharing intelligence can patterns be revealed. To protect customers, reputations and financial stability, the industry must move from isolated reviews to collective insight. The fraud is already hiding in plain sight. The question is whether we are looking together.
Dave Rossi, Managing Director at National Hunter
