The rapid expansion of instant payments across Europe has fundamentally altered the fraud landscape, with APP scams emerging as one of the most damaging by-products of real-time money movement.
According to Flagright, as SEPA Instant credit transfers have moved from niche to mainstream, fraudsters have adapted with alarming speed. By late 2024, roughly 16% of all SEPA credit transfers were processed in real time, compared with less than 10% only a few years earlier.
Over the same period, fraudulent instant payment transactions surged by around 175%, far outstripping the growth in transaction volumes. Total payment fraud losses across the EEA reached €4.2bn in 2024, with credit transfer fraud climbing sharply and APP scams accounting for a large share of the damage.
While the average fraudulent instant transfer is relatively modest at around €1.4k, the cumulative impact has been severe, particularly for consumers, who absorbed the vast majority of losses because the payments were technically authorised.
This shift has exposed structural weaknesses in traditional anti-money laundering controls. Legacy AML systems were designed for slower payment rails, relying on batch processing, retrospective pattern analysis and human review before funds could move onward. Instant payments compress that window to seconds. Funds can be dispersed across multiple accounts, institutions and jurisdictions almost immediately, often before a victim realises they have been scammed.
As a result, suspicion is frequently formed too late, turning SARs into historical records rather than actionable intelligence. Fragmented visibility compounds the problem, as no single institution typically sees the full flow of funds, especially when mule accounts receive numerous small credits from different victims spread across Europe.
These dynamics raise uncomfortable questions about whether existing SAR thresholds are fit for purpose. Many reporting frameworks still rely heavily on transaction values or cumulative balances as primary triggers.
APP scams deliberately exploit this by fragmenting flows into amounts that appear ordinary in isolation. Behaviour, not value, is the real signal: unusual payment velocity, new payees, vulnerable customer profiles or sudden convergence of funds from unrelated senders. Yet such indicators are often poorly captured by threshold-driven systems, allowing suspicious activity to go unreported until it becomes obvious and unrecoverable regarding APP.
European policymakers are increasingly signalling that this approach must change. Under AMLD6 and the forthcoming EU AML Regulation, firms are expected to adopt more proactive, typology-driven monitoring and to make greater use of technology to identify emerging risks.
The launch of the EU Anti-Money Laundering Authority will further sharpen supervisory expectations, particularly around instant payments and fraud-enabled laundering. Regulators have been explicit that fraud and AML risks now overlap in channels such as SEPA Instant, and that scam proceeds should be treated with the same urgency as traditional laundering cases.
Payments regulation is reinforcing this shift. The upcoming PSD3 framework strengthens fraud prevention obligations and clarifies the right of payment service providers to delay or block transactions where strong indicators of fraud exist.
This effectively lowers the operational bar for intervention and encourages earlier escalation. Where there is reasonable suspicion, even involving low-value transfers, institutions are increasingly expected to act and report rather than wait for certainty or scale.
For banks, PSPs and FinTechs, adapting to this environment means rethinking both technology and culture. Monitoring scenarios must prioritise behavioural patterns over static amounts, with real-time analytics capable of identifying mule activity and social engineering indicators as they emerge.
Fraud and AML teams need to operate as a single financial crime function, sharing intelligence and responding quickly. Lower-value alerts that match known scam typologies must be treated with urgency, not deprioritised. Investment in real-time, explainable analytics is becoming critical, enabling firms to act within the narrow intervention window of instant payments while still providing regulators with clear, auditable rationales for SAR decisions.
Looking ahead to 2026, the direction of travel is clear. Regulators are moving towards a “when in doubt, report” culture, where behaviour-based suspicion matters more than transaction size. Institutions that cling to high internal thresholds risk missing early warning signs and facing both regulatory and financial consequences. Those that adapt, lowering SAR triggers and embracing real-time, integrated financial crime controls, will be better placed to protect customers, support law enforcement and meet rising supervisory expectations in the instant payments era.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
