£354 million refunded to scam victims last year – name-checking is now the cheapest insurance a bank can buy

In 2025, UK banks reimbursed £354.3 million to victims of authorised push payment (APP) fraud. That is not a compliance statistic. It is a line in the cost of fraud – money that left bank balance sheets because a payment reached an account it never should have. For fraud, risk and finance leads, the question is no longer whether to reimburse. The regime has settled that. The question is how to pay out less of it.

This is the case for treating name verification – Confirmation of Payee (CoP) and Verification of Payee (VoP) – not as a regulatory checkbox, but as the cheapest form of fraud insurance on the market.

The reimbursement bill, in numbers

The mandatory reimbursement regime that went live on 7 October 2024 has rewired the economics of APP fraud. The headline figures every risk and finance lead should have to hand:

• £576.4 million was lost to APP scams in the UK in 2025 – a 19% rise on the prior year (UK Finance).
• £354.3 million of that was reimbursed to victims by their banks – 61% of APP losses.
• Under the PSR’s mandatory Faster Payments regime specifically, 88% of in-scope losses (£173 million) were reimbursed in the first year – up from a 65% voluntary rate the year before.
• Each claim is capped at £85,000, and APP fraud now sits inside a £1.28 billion total UK fraud problem.

The direction of travel is unambiguous: more is being reimbursed, faster, and the cost is landing directly on payment service providers.

Why is this now a receiving-side problem

The most important design feature of the regime is the 50/50 liability split. The cost of reimbursing a victim is shared equally between the sending PSP (the victim’s bank) and the receiving PSP – the institution that provided the account the money was pushed into, very often a mule account.

That single rule turns fraud prevention into a balance-sheet issue for receiving institutions. Historically, the receiving side could treat someone else’s scam as someone else’s problem. Not any more: where a mule account features in a scam, the in-scope transaction is the payment from the victim into that account – and the firm that opened it now carries half the bill.

The exposure is not evenly spread. The PSR’s own performance data shows a striking structural imbalance: large, established banks disproportionately send scam proceeds, while a long tail of smaller and non-directed PSPs disproportionately receive them. In the final pre-mandate dataset, the gap between the best and worst performers reached 61 percentage points. The institutions with weak onboarding and monitoring are the ones absorbing the most receiving-side liability – and they are the ones with the most to gain from fixing it.

Where name verification cuts the cost

Name verification reduces reimbursement exposure at two points in the journey:

On the sending side, it stops the payment before it leaves. Confirmation of Payee checks the payee name against the account before a Faster Payment is authorised, returning a match, close match or no match. A clear, well-surfaced mismatch warning is one of the most effective interventions available for stopping an APP scam at the only moment it can be stopped for free – before the money moves.

On the receiving side, it keeps mule accounts out of the system. Rigorous name and identity verification at onboarding, and ongoing monitoring through the customer relationship, are exactly the controls the PSR expects receiving firms to apply. Strong account-name verification makes it materially harder for a fraudster to open and operate the accounts that scams depend on – directly reducing the receiving PSP’s share of claims.

obconnect provides both sides of this: CoP as both requester and responder, VoP for cross-border and EU-aligned name checking, and the underlying account and name verification that strengthens onboarding. Reducing successful scams and reducing usable mule accounts attack the reimbursement bill from both directions.

The economics – why it’s the cheapest insurance

Reframe the maths the way a finance lead would. Reimbursement is a variable, uncapped-in-aggregate cost that rises with every successful scam and every mule account on the books. Name verification is a fixed, predictable control cost that shrinks the variable exposure.

The asymmetry is the whole argument. A single avoided five-figure claim can outweigh the cost of name-checking at scale – and obconnect’s model carries no per-transaction or volume-based fees, so the cost base doesn’t climb as payment volumes grow. That turns name verification into something closer to a fixed insurance premium against a liability that would otherwise scale with the business. Few fraud controls offer that shape of return.

What fraud, risk and finance leads should do now

• Treat CoP responder accuracy as a liability control, not a service obligation – poor responses raise both fraud and reputational exposure.
• Add VoP where cross-border and EU-aligned name checking applies, ahead of wider name-verification expectations.
• Strengthen onboarding name and identity verification to cut the mule-account exposure that drives receiving-side claims.
• Benchmark against the PSR performance data and understand where the institution sits on the sending and receiving league tables.
• Model name verification as a fraud-cost lever in the budget, against reimbursement payouts – not as a compliance line item.

From compliance line item to fraud-cost lever

The reimbursement regime has done something no business case ever quite managed: it has put a hard, recurring price on every APP scam that succeeds, and split that price across both sides of the payment. Confirmation of Payee and Verification of Payee were once filed under compliance. Under a regime that reimbursed £354 million last year, they belong in a different column entirely – as the cheapest insurance a bank can buy against a cost that is only going up.

Talk to obconnect about CoP and VoP