Authorised push payment (APP) scams involve scammers convincing their victims to make payments they believe are legitimate, when in fact they're sending money directly to the fraudsters. The pattern and trends of APP Scams are consistent globally and our data shows the most popular typologies as well as how these are evolving.
APP scams are global, transcend borders and affect all jurisdictions. The interconnected global economy and the ease with which information and money can be transferred across borders means one instance of an APP fraud can affect multiple financial institutions worldwide. It is estimated that global scam losses amount to billions each year.
KPMG's Global Banking Scam Survey encompasses the views of 48 banks in 16 countries to identify trends and best practice that helps these institutions to protect consumers.
KPMG Global Banking Scam Survey 2025
Insights from international banks on leading practices to manage authorised push payment fraud.
Global banking scam
survey insights
Our survey highlighted how banks are positioning scam governance structures, either by integrating them with fraud prevention or by establishing dedicated scam strategies and policies.
We asked participants to rate the efficacy of the most popular APP scam protection measures implemented to protect individuals and organisations from scams occurring and gained insight into how they protect vulnerable customers at risk of scams.
Participants were asked to rate the efficacy of the most popular APP scam detection measures and provided insights into how they analyse customer data to detect potentially fraudulent activity.
Our survey uncovered global trends in APP scams within the banking sector, aiming to highlight emerging patterns and new typologies that banks should be aware of.
We asked banks about the structure and responsibilities of their fraud operations teams and how they investigated and resolved scam alerts.
We explored the different approaches that the banks take to data sharing, some of the limitations in place and why this was considered a priority.
We asked banks if they monitored the dark web and undertook other measures to protect their brands in the current digital landscape.
Banks were asked for their views on the use of orchestration layers and the next-generation anti-APP scam technologies to prevent, detect, and respond to APP scams.
We asked banks to rate the efficacy of popular customer education and awareness initiatives used by banks globally and other initiatives implemented by them.
Contact KPMG's banking scam specialists
To find out how KPMG can help you design, assess and implement your scam risk management framework, get in touch.
- Item 1
- Item 2
- Item 3
Discover KPMG's cyber services
and technology solutions
Read more about fraud risl management within financial services
FAQs
Our data found the most common APP Scams are:
- e-commerce and purchase scams
- investment scams
- sophisticated impersonation scams (including bank employees, CEOs and authority figures).
- romance scams.
Our research found the best approach is a combination of several proactive and reactive methods. These may include pausing or blocking transactions and accounts, contacting customers, warning messages in the online or app banking experiences and real time monitoring of inbound customer activities.
Fifty-nine percent of survey participants said their technology stack used an orchestration layer which integrates multiple data sources into a single system to allow faster and more accurate decision making as well as easier interrogation in the case of cyber incidents. Other next-generation technology in consideration included behavioural analytics, deepfake detection and generative AI-produced dynamic warnings.
All our participants felt that education was a process of continual engagement across multiple platforms, rather than a single effort. A few banks said campaigns were effective for a short time. Some were considering other approaches, including:
- industry partnerships and collaborations
- tailored messages about fraud trend used on hold messages at contact centres
- seasonal initiatives targeting holidays like Christmas or events like major concerts
- compulsory e-learning modules about cryptocurrencies before they could open a digital wallet.