When the Payment Systems Regulator (PSR) published its final pre-reimbursement dataset on authorised push payment (APP) scams, it marked a turning point. The October 2024 reimbursement mandate, which splits liability 50:50 between sending and receiving firms and guarantees that most victims will get their money back, has reshaped incentives. Early data shows UK banks are now reimbursing 88% of in-scope losses — a significant rise from the 60% of reimbursed scam losses before the rule change took effect.

But buried within the rankings and league tables of the 2022, July 2024, and February 2026 publications is a deeper and more worrying pattern. The data shows not just variation in reimbursement rates or fraud incidence. It reveals a persistent asymmetry in the UK payments ecosystem: Large, established banks are disproportionately sending APP scam proceeds, while a longtail of smaller and non-directed payment service providers (PSPs) are disproportionately receiving them.

This is not simply a matter of performance optics. It is a structural imbalance that prompts questions about incentives, supervision, and the design of the Faster Payments System itself.

From reimbursement lottery to regulatory reset

Before October 2024, reimbursement outcomes were, bluntly, a postcode lottery by bank. In the final pre-mandate dataset, the reimbursement gap by value between the best and worst performers was 61 percentage points. Nationwide led with 85% refunded, while firms like AIB and Monzo refunded only a quarter of scam losses.

By overall volume, 73% of all cases were fully or partially reimbursed, but variability remained stark. Consumers’ chances of full reimbursement depended heavily on their bank’s brand.

The reimbursement mandate has significantly reduced this disparity. Post-October, 88% of in-scope money is returned, showing regulatory compulsion succeeded where voluntary codes failed. Victims now receive more consistent outcomes regardless of their sending bank.

That is genuine progress.

Reimbursement performance, however, tells only part of the story. To understand deeper dynamics, we must examine where fraudulent payments are sent and received.

Sending banks: Large institutions, uneven exposure

Metric B of the PSR’s dataset tracks the value and volume of APP scams sent per unit of transaction activity. Here, the rankings reveal that even among the 14 largest banking groups, fraud incidence varies considerably.

AIB recorded just £14 of APP scam losses per £1 million sent, a positive outlier. Metro Bank recorded £377 per £1 million, more than 25 times higher than that.

By volume, challenger and mid-tier banks like Starling and Monzo rank poorly on the number of scams per million transactions, while some traditional incumbents perform better.

Beyond firm-level differences, APP scams remain concentrated in major high street banks. In H1 2024, £145 million was lost across the 14 largest banks, an 18% year-on-year drop. These institutions, including Barclays, HSBC, Lloyds, NatWest, and Santander, handle most consumer Faster Payments by value and volume, making them the primary targets for scammers.

But where does the money go?

Receiving PSPs: The longtail problem

Metric C provides the most striking evidence of asymmetry.

Non-directed PSPs — smaller, specialist, fintech, or e-money firms outside the largest 14 banks — accounted for 34% of APP fraud value while handling only 19% of consumer Faster Payments by value. By volume, they accounted for 48% of fraudulent transactions despite processing just 10% of consumer payments.

The fraud rate by value for non-directed firms was 41 times higher than for the largest 14 banking groups.

Some names stand out sharply in the rankings of fraud received per £1 million of transactions. Prepay Technologies topped the list at £3,132 per £1 million received. Others near the top included GC Partners, Zempler Bank, PayrNet, Revolut, Wise, and Modulr. Meanwhile, the major-directed banks — the traditional incumbents — cluster far lower in the fraud-receiving rankings.

The implication is clear: APP scam funds flow from large established banks into a diverse ecosystem of smaller PSPs at rates far exceeding their transaction share.

This is the asymmetrical pattern of loss.

Why the asymmetry matters

It would be simplistic to frame this as a morality tale of “good banks” versus “bad fintechs.” The dynamics are more complex.

Large high street banks dominate retail deposits. Scammers persuade victims — often via investment, romance, impersonation, or purchase scams — to send funds from these accounts. Criminals then need landing zones that are:

• Quick to open
• Less restricted by legacy compliance processes
• More tolerant of high transaction velocity
• Embedded in cross-border or crypto-linked flows

Smaller PSPs, especially e-money institutions and specialist platforms, often meet these criteria by design. Many serve legitimate high-risk sectors or operate internationally. However, features that enable innovation (speed, openness, API-driven onboarding) can also facilitate mule accounts and rapid fund dispersal.

The result is a payments ecosystem where fraud risk is structurally channelled rather than evenly distributed.

Large banks bear the brunt of customer harm and brand damage as the sending institutions. Smaller PSPs appear disproportionately as the receiving institutions where funds are ultimately parked or laundered onward.

Before October 2024, this asymmetry created perverse incentives. Sending banks often voluntarily bore reimbursement costs, while receiving PSPs faced limited financial consequences. The 50:50 reimbursement mandate aimed to correct this imbalance. However, rankings suggest that despite cost-sharing, the underlying flow architecture remains unchanged.

The network effect

APP scams exploit the design of Faster Payments: near-instant, irrevocable transfers. Once funds move, recovery is contingent on speed, coordination, and the receiving firm’s controls.

If a small PSP experiences fraud at a rate 41 times higher than a large banks (adjusted for transaction value), the issue is systemic, not marginal.

Three further observations stand out from the datasets:

1. Fraud is concentrated: The top three non-directed firms account for 15% of APP scam losses while handling just 3% of consumer Faster Payments.
2. There is a divergence between value and volume: Purchase scams dominate by volume but not value. Investment scams, though fewer in number, account for a quarter of losses. High-value scams may route through specific PSP types.
3. Persistent variation over reporting cycles: Across the 2022, 2024, and 2026 publications, the pattern of smaller PSPs appearing prominently in receiving rankings is consistent, even as reimbursement metrics improve.

This demonstrates that while the reimbursement rule has addressed consumer redress, it has not yet fully neutralised the asymmetry in the flow of funds.

A question of incentives
The reimbursement mandate changes incentives. With receiving firms sharing 50% of costs, they have stronger financial reasons to improve onboarding, transaction monitoring, and mule detection.

But incentives operate within business models.

For large high street banks, fraud prevention is existential, threatening brand trust across millions of customers. For smaller PSPs in niche markets, the cost-benefit calculus differs, especially if fraud losses are a small fraction of high-margin cross-border or specialist flows.

Enforcement complexity also differs. Supervising 14 major banks is one challenge. Overseeing dozens or hundreds of smaller PSPs with varied risk appetites and international footprints is another.

The PSR’s data highlights this imbalance. The next policy steps may include tightening Faster Payments gateway standards or imposing graduated safeguards based on fraud incidence.

Beyond blame: Toward system design reform

It would be easy and politically convenient to blame fintechs for the asymmetry. That would be a mistake.

Innovation has brought competition, lower costs, and better user experience. Firms like Revolut and Wise have expanded consumer choice and driven digital transformation across the sector.

The challenge lies not in innovation itself but in network design.

Faster Payments was designed for speed and not adversarial resilience. APP scams exploit human psychology and the immediacy of technology. Data shows fraud moves along predictable corridors, from mainstream deposit banks to more lightly concentrated receiving hubs.

The regulatory task now is to reduce that asymmetry without impeding competition. Possible approaches include:

• Enhanced real-time information sharing between sending and receiving PSPs (as is the case in Australia)
• Tiered access conditions tied to fraud performance
• Stronger onboarding verification standards for high-risk PSP segments
• Public transparency that persists beyond reimbursement metrics

Crucially, transparency must remain central. Publishing the rankings, though uncomfortable, has changed behavior. No firm wants to rank at the bottom of a fraud league table.

The post-October landscape

Early post-mandate signs are encouraging. Reimbursement rates have increased, banks process claims faster, and consumer confidence may gradually recover.

However, the asymmetrical pattern remains. Large established banks continue to disproportionately send substantial APP scam flows, while smaller PSPs disproportionately receive them.

The reimbursement rule addresses payment after harm. The deeper question is how to prevent the network from initially channelling harm.

To remain a global leader in payment innovation and consumer protection, the UK must shift from redress reform to structural rebalancing.

The rankings show where the money went. The next policy chapter must ensure it does not continue flowing there.