How to Modernize Fraud Investigations for APP Fraud and Scam Claims

Fraud Prevention

June 30th, 2026

Why-Scam-and-Fraud-Claims-Are-Breaking-Investigations-682x325-1

Fraud investigations weren't built for the work they're now doing. The operating model most institutions run today was designed for a binary question: was this transaction authorized? If yes, no claim. If no, reimburse. That model is efficient when criminals steal access. It breaks when criminals steal trust.

Authorized push payment (APP) fraud has changed investigations entirely. Victims send the money themselves, under manipulation or coercion they often can't fully articulate. The investigator's task is no longer authentication. It's adjudication: who influenced this person, what did the institution know and does the evidence meet a defensible standard under a regulatory clock? UK APP losses ran to just over £450 million in 2024 across cases that were, on average, harder and higher-stakes than the year before. In the US, fraud-related suspicious activity reports tied to check, ACH and wire rose 489% from 2014 to 2024. Volume is part of the problem. Complexity is the bigger one.

The gap between what investigation functions were built for and what they are now being asked to do is where the strain lives.  Closing that gap requires a fundamental rethink of how investigations are designed and executed.

Rebuild Around Decision Quality, Not Case Throughput

Most investigation teams measure what is easy to count: cases closed, average handle time, SLA adherence. These metrics made sense when cases were discrete and decisions were binary. They are the wrong instrument for scam adjudication, where the quality of a decision matters more than the speed of closure.

A decision-quality model asks different questions.  Did we make a consistent, defensible decision? Would we reach the same conclusion if the case were reviewed? Did we apply the same standard to a vulnerable 70-year-old as we did to a sophisticated investor? Did we identify warning signals before the payment left, or only after the claim was filed?

Practically, this means tiering cases by judgment complexity rather than loss value. Low-complexity claims, where the authorization question is clear and the pattern is recognizable, should move fast and largely automated. High-complexity claims, where victim circumstances, warning effectiveness or receiving-account behavior are in dispute, need dedicated investigator time, structured decision frameworks and explicit documentation of reasoning. Most institutions currently run both through the same queue at roughly the same pace. That is where quality erodes and complaints accumulate.

The UK Financial Ombudsman Service recorded a 28% rise in fraud and scam complaints to 35,416 in 2024/25 and flagged delays when firms failed to provide information promptly. The Payment Systems Regulator's data shows 82% of claims closed within five business days, which looks like a throughput success. But throughput and defensibility are not the same thing. The complaints migrating to the Ombudsman are the evidence.

Treat Cross-Institution Coordination as Infrastructure, Not Exception Handling

Scam claims rarely stay within one institution. The victim's account is at one bank. The receiving account, often a money mule account opened weeks earlier, is at another. The evidence that would resolve the claim fastest is spread across both. Today, most institutions handle this through manual outreach: phone calls to correspondent teams, secure message exchanges, information requests that can take days. That is not a process problem. It is an infrastructure gap.

Europol's analysis of money mule networks illustrates the scale of the dependency. Mule accounts spread across jurisdictions and institutions deliberately, exploiting the coordination lag between them. Institutions frequently discover mule activity only after receiving alerts from other banks, and often after the funds are gone. The investigation is already behind before it starts.

Closing this gap requires bilateral data-sharing agreements, shared typology libraries for known mule patterns and, over time, industry-level infrastructure that enables institutions to exchange signals about in-flight fraud before payments settle rather than after claims are filed. Several markets are already moving in this direction. The UK's fraud intelligence-sharing frameworks among major banks have reduced friction on high-value cases. In the US, the 2025 interagency request for information on noncard payment fraud signals growing regulatory interest in similar capabilities. Institutions that build coordination capabilities now will be better positioned for what’s ahead, rather than scrambling to meet future requirements.

Recognize That Investigator Capacity is a Decision-Quality Variable

Investigation quality degrades when investigators are overloaded. This is not simply a management observation. It is a cognitive one. The work requires sustained attention, consistent judgment and enough empathy to handle distressed victims without that distress contaminating their analysis. All three erode under volume pressure.

Scam investigations are also emotionally heavier than most financial crime work. Investigators regularly manage victims who have lost savings accumulated over decades, who feel shame alongside the financial loss, and who sometimes arrive in acute distress. The FBI's Internet Crime Complaint Center has noted that some scam victim cases require suicide intervention referrals. That represents an extreme of what investigators absorb routinely. Research on high-exposure roles with repeated contact with trauma points to burnout, impaired judgment and turnover as predictable outcomes when that load is unmanaged.

The practical implication is that staffing models for scam investigation units need to account for cognitive load, not just case volume. That means realistic caps on daily caseloads for high-complexity adjudication work, structured rotation between case types and access to support when the human cost of the work accumulates. Institutions that treat this as an HR concern rather than an operational one will see it show up in decision quality, complaint rates and staff attrition before they connect the cause.

The real challenge is sustaining the quality of judgment as case volumes continue to rise.

Raising the Investigation Operating Model to Meet Regulatory Expectations

The UK's APP reimbursement regime, in force since October 2024, and the CFPB's enforcement action against CashApp for failures to open required investigations both signal the same thing: how an institution investigates is now a compliance matter, not just an operational one. The standard being applied is no longer whether claims are closed. It is whether the process is defensible, documented and fair.

Institutions that redesign investigation functions around decision quality, cross-institution coordination and investigator capacity will meet that standard as a natural consequence of doing the work well. Those that respond to regulatory pressure by adding headcount to existing queues will continue to generate the complaint volumes and escalations that indicate the underlying model is not fit for purpose.

Scam investigations have become the point at which an institution demonstrates, at scale, what it believes fairness looks like. Building investigation functions to carry that responsibility is not optional. It is the new standard.

    Speak to an Expert