APP scams have rapidly become Europe’s most damaging form of payment fraud, overtaking traditional card fraud by total losses and forcing regulators to reassess how these crimes are treated.
According to Flagright, APP scams occur when victims are manipulated into authorising transfers themselves, often through impersonation or social engineering.
In 2024, the average fraudulent credit transfer exceeded €2,000, far higher than typical card fraud values, making each incident especially costly. According to European supervisory data, manipulation of the payer is now the dominant fraud type in credit transfers, responsible for more than half of all losses in that channel.
The rise of instant and online bank transfers has accelerated this trend. Faster payment rails give criminals immediate access to funds, helping credit-transfer fraud losses reach €2.5bn in 2024, around 60% of all EEA payment fraud by value. As a result, Europe’s fraud landscape has shifted decisively away from unauthorised transactions toward scams where customers themselves initiate the payment, often under extreme psychological pressure.
Historically, APP scams were treated primarily as consumer fraud. That view is changing as authorities increasingly recognise their close link to money laundering. Once funds are transferred, they are often rapidly moved across borders through mule accounts, mirroring classic layering techniques. A joint report from the European Banking Authority and the European Central Bank highlights how scam proceeds frequently flow overseas within minutes, significantly reducing recovery prospects.
This dynamic blurs the boundary between fraud and laundering. When an account suddenly receives multiple instant payments from unrelated individuals across Europe, it signals both an active scam and potential money-laundering activity. Regulators now expect such patterns to trigger suspicious activity monitoring and reporting, not just fraud controls. The fact that victims absorbed around 85% of credit-transfer fraud losses in 2024 has further intensified scrutiny, with authorities questioning whether payment service providers (PSPs) are doing enough to intercept these flows.
Total payment fraud losses in the EEA rose 17% year-on-year to €4.2bn in 2024. Credit transfers accounted for €2.5bn of this figure, compared with roughly €1.3bn from card fraud. Although credit-transfer scams occur less frequently, their high average value makes them disproportionately damaging. Recovery rates are also declining as criminals disperse funds immediately through mule networks or convert them into crypto assets.
Cross-border activity remains a defining feature. While most legitimate payments are domestic, a large share of fraud involves international transfers. For APP scams, victims often send funds abroad directly, or money is forwarded through several jurisdictions within hours. These patterns closely resemble traditional money-laundering typologies and complicate enforcement efforts.
Regulatory reforms now explicitly link fraud prevention with AML obligations. PSD3 and the accompanying Payment Services Regulation increase PSP liability for APP scams and mandate real-time intervention tools such as Confirmation of Payee checks and the ability to block suspicious payments.
At the same time, AMLD6 formally classifies fraud as a predicate offence for money laundering, removing any ambiguity around reporting obligations for scam-related flows.
Oversight will also intensify with the launch of the EU’s Anti-Money Laundering Authority (AMLA), which will supervise high-risk banks, fintechs and payment firms operating across borders. By 2026, expectations will be clear: institutions must demonstrate that their AML frameworks address fraud-driven activity, including mule networks and instant-payment abuse.
These developments require operational change. Fraud and AML teams can no longer operate independently. Effective responses depend on shared intelligence, unified case management and real-time analytics. Scam indicators identified by fraud teams must immediately inform AML monitoring, while suspicious inbound flows flagged by AML systems should feed back into fraud prevention.
RegTech providers such as Flagright argue that unified platforms are essential in an instant-payment world. By combining fraud and AML risk scoring in real time, PSPs can stop payments before funds disappear and meet tightening regulatory expectations.
As PSD3 takes effect and AMLA shapes supervisory standards, APP scams will no longer be viewed as a niche fraud problem. They sit squarely within the AML risk landscape. Institutions that fail to adapt face not only mounting losses but also regulatory consequences. Those that invest in integrated, real-time defences will be better positioned to protect customers, satisfy regulators and restore trust in Europe’s fast-moving payments ecosystem.
Read the daily RegTech news
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
