David Geale, Managing Director of the Payment Systems Regulator, recently told the Treasury Select Committee there may be scope for a “more complex model” of reimbursement in future for authenticated push payment (APP) fraud, one that takes account of the origin of the fraud, rather than placing responsibility almost entirely on banks. This acknowledgment from the head of the regulator responsible for APP fraud reimbursement is suggestive of a reassessment of the UK’s approach to tackling APP scams.
The central question is straightforward: if a significant proportion of APP fraud emanates from social media, should platforms continue to be financially insulated from the harm they help facilitate?
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
The scale of the problem
The figures are stark: total gross fraud losses reached £629.3m for the first six months of 2025, a 3% increase on the same period in 2024, with APP fraud specifically climbing by 12%. Despite government awareness campaigns and the introduction of mandatory reimbursement rules in October 2024, criminals continue to exploit weak controls in the digital ecosystems of technology companies.
The connection between social media and APP fraud is now incontrovertible. UK Finance data consistently shows that 66% of APP scams originate online, with social media platforms and online marketplaces serving as the primary hunting grounds for fraudsters. Banks and non-bank payment service providers report that between 60% and 80% of APP frauds begin on one of Meta’s platforms alone. Research commissioned by Revolut found that social media platforms earned £430m in 2025 from scam advertisements targeting UK users — a 56% increase compared to 2022.
How fraud flourishes on social media
Social media platforms have become the ideal environment for fraudsters. Investment scams are advertised through targeted promotions. Romance fraudsters use messaging tools to cultivate victims over weeks or months. Impersonation schemes exploit the ease with which fake accounts can be created. Celebrity endorsement scams increasingly rely on convincing AI-generated images and deepfake videos. Purchase scams flourish on online marketplaces, where fake products range from holidays to concert tickets.
The typical UK social media user now encounters approximately 185 scam advertisements every month — a figure projected to rise to 242 by 2030 if current trends continue.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThe sophistication of these operations is remarkable. Criminals operating from fraud factories use platform features to identify victims, initiate contact, and engage them in communications while hiding their true identities – often flying beneath the radar of content detection systems. Yet to date there has been little incentive for the platforms to take a more active and aggressive role in policing this epidemic or put another way no disincentive to allowing it.
A structural imbalance
The current reimbursement framework places almost the entire financial burden on payment service providers (i.e. banks). Since October 2024, banks and payment firms have been required to reimburse victims of APP fraud under the mandatory reimbursement requirement, with a reimbursement rate of nearly 90% under the new rules. This represents meaningful progress in protecting consumers.
This progress comes at a price, however, and it is targeted at one sector only. Banks bear the financial and operational burden of stopping scams they did not create. They are, in effect, the last line of defence against fraud that originates elsewhere in the digital ecosystem. The institution that processes the payment — often in real time, as victims are being actively manipulated — is held responsible for harm that has already been set in motion by the time it reaches their systems.
Meanwhile, social media platforms continue to profit from the very activity that enables fraud. Scam advertisements generate revenue. Engagement with fraudulent content is packaged and sold to advertisers. The platforms suffer no direct financial consequence when a user is defrauded through a scheme that began on their services.
As David Geale accepted, “in principle… If you can identify a point of origination, you want some incentives in that area to act”. Though this may present complications in enforcement – as how does one meaningfully track fraud origination?
The case for platform liability
Requiring platforms to shoulder at least part of the cost would be both fairer to victims and the current compensators and, in our view, more effective in reducing fraud overall. Put simply – if platforms face financial consequences when fraud proliferates on their services, they will have stronger incentives to prevent it at source.
The European Union has moved decisively in this direction. Under new rules finalised in late 2025, social media platforms are required to compensate banks when users are defrauded and the platform failed to remove a reported scam. The legislation requires platforms to bolster advertiser verification, accelerate the removal of reported scams, and maintain auditable records of how they responded to alerts. Banks, for their part, must refund customers in cases of impersonation or unauthorised transactions.
This dual requirement addresses a gap that scammers have exploited. It forces platforms to prevent fraud at the outset, while banks remain obligated to protect customers when fraud slips through. A significantly more robust and sustainable solution.
What a reformed model might look like
Several options merit consideration. A graduated liability model could tie a platform’s financial responsibility to the adequacy of its preventative measures. Platforms that can demonstrate robust verification processes, rapid response to reported scams, and effective content moderation might face reduced liability, while those with lax controls would bear greater costs.
A mandatory data-sharing framework could require platforms to alert payment service providers when fraud attempts are identified, enabling faster intervention. A levy on platforms, proportionate to the volume of fraud originating on their services, could fund reimbursement pools or prevention initiatives.
What seems clear is that practical and collaborative measures must be prioritised.
Conclusion
The mandatory reimbursement regime has undoubtedly been a step forward for consumers, ensuring that victims of APP fraud are no longer left to bear the full cost of their losses. But it has created a structural imbalance. Payment service providers are held financially accountable for fraud they did not initiate, tolerate, and often could not prevent, while platforms profit from advertising and engagement that fuels the scam economy.
If we are serious about preventing APP fraud — not merely redistributing its costs, which is seemingly all that has been achieved so far — then incentives must be aligned at every point in the fraud chain. Platforms that host scam advertisements, enable impersonation, and provide the infrastructure through which criminals reach victims must face meaningful consequences when they fail to prevent harm.
Bella Henry is an associate at law firm Charles Russell Speechlys
