Skip to main content

      Trends to help financial institutions protect consumers

      Authorised push payment (APP) scams involve scammers convincing their victims to make payments they believe are legitimate, when in fact they're sending money directly to the fraudsters. The pattern and trends of APP Scams are consistent globally and our data shows the most popular typologies as well as how these are evolving.

      APP scams are global, transcend borders and affect all jurisdictions. The interconnected global economy and the ease with which information and money can be transferred across borders means one instance of an APP fraud can affect multiple financial institutions worldwide. It is estimated that global scam losses amount to billions each year.

      KPMG's Global Banking Scam Survey encompasses the views of 48 banks in 16 countries, across 5 continents to identify trends and best practice that helps these institutions to protect consumers.

      Download the report

      Download our report to read the responses and insights from survey participants.

      Download

      KPMG Global Banking Scam Survey 2025

      Insights from international banks on leading practices to manage authorised push payment fraud.
      Download

      Global banking scam survey insights

      gavel

      Governance

      Our survey highlighted how banks are positioning scam governance structures, either by integrating them with fraud prevention or by establishing dedicated scam strategies and policies.

      timeline

      Trends

      Our survey uncovered global trends in APP scams within the banking sector, aiming to highlight emerging patterns and new typologies that banks should be aware of.

      policy

      Brand protection

      We asked banks if they monitored the dark web and undertook other measures to protect their brands in the current digital landscape.

      front_hand

      Prevention

      We asked participants to rate the efficacy of the most popular APP scam protection measures to protect individuals and organisations from scams occurring and gained insight into how they protect vulnerable customers at risk of scams.

      beenhere

      Response

      We asked banks about the structure and responsibilities of their fraud operations teams and how they investigated and resolved scam alerts.

      view_in_ar

      Next-generation technology

      Banks were asked for their views on the use of orchestration layers and the next-generation anti-APP scam technologies to prevent, detect, and respond to APP scams.

      query_stats

      Detection

      Participants were asked to rate the efficacy of the most popular APP scam detection measures and provided insights into how they analyse customer data to detect potentially fraudulent activity.

      add_chart

      Intelligence

      We explored the different approaches that the banks take to data sharing, some of the limitations in place and why this was considered a priority.

      school

      Customer education

      We asked banks to rate the efficacy of popular customer education and awareness initiatives used by banks globally and other initiatives implemented by them.

      Contact KPMG's banking scam specialists

      To find out how KPMG can help you design, assess and implement your scam risk management framework, get in touch.

      Financial crime prevention and fraud risk management insights

      Building a trusted risk function to succeed in a riskier world.

      Future of risk

      Cyber risks and global compliance regulations are factors the financial services sector should consider to help combat evolving cyber threats.

      Cyber considerations

      Something went wrong

      Oops!! Something went wrong, please try again

      FAQs

      Our data found the most common APP Scams are:

      • e-commerce and purchase scams
      • investment scams
      • sophisticated impersonation scams (including bank employees, CEOs and authority figures).
      • romance scams.

      Our research found the best approach is a combination of several proactive and reactive methods. These may include pausing or blocking transactions and accounts, contacting customers, warning messages in the online or app banking experiences and real time monitoring of inbound customer activities.

      Fifty-nine percent of survey participants said their technology stack used an orchestration layer which integrates multiple data sources into a single system to allow faster and more accurate decision making as well as easier interrogation in the case of cyber incidents. Other next-generation technology in consideration included behavioural analytics, deepfake detection and generative AI-produced dynamic warnings.

      All our participants felt that education was a process of continual engagement across multiple platforms, rather than a single effort. A few banks said campaigns were effective for a short time. Some were considering other approaches, including:

      • industry partnerships and collaborations
      • tailored messages about fraud trend used on hold messages at contact centres
      • seasonal initiatives targeting holidays like Christmas or events like major concerts
      • compulsory e-learning modules about cryptocurrencies before they could open a digital wallet.