As of July 2025
Real-time payments solved for speed and quietly removed the thing that prevented massive losses: friction. Authorized push payment fraud is the bill for that trade.
Banks cheered when RTP limits jumped to $10 million and FedNow launched - instant, 24/7, streamlined. Almost nobody named the architectural choice that makes those same systems ideal for fraud.
The old rails had friction that doubled as protection. ACH takes days to settle. Wires need approval steps. Cards can be disputed and reversed. Real-time payments strip every one of those recovery mechanisms in the name of speed - and that is exactly where authorized push payment (APP) fraud lives. The victim is tricked into authorizing a real payment to a fraudulent account; once it hits the rail, it is gone. No dispute, no reversal, no recovery window.
US RTP fraud
$2.06B
projected US real-time-payment fraud losses by 2028, up from $865M (ACI ScamScope, November 2024).
UK response
GBP 85,000
mandatory per-incident APP-fraud reimbursement, effective October 2024 (UK Payment Systems Regulator).
The catch
No reversal
once an authorized push payment hits a real-time rail it is final - no chargeback, no recall window.

Why the usual defenses miss
Multi-factor authentication cannot stop APP fraud, because the customer is authenticating correctly - they are authorizing the payment themselves. Every technical control built to stop unauthorized access is irrelevant the moment social engineering convinces a legitimate user to push the button.
What regulators already did
The UK decided the losses were severe enough to mandate it: as of October 2024, banks must reimburse APP-fraud victims up to GBP 85,000 per incident, with the cost split between sending and receiving institutions. The economics of “build it safe” changed overnight.
The banks that come through this will treat it as an architecture problem, not a fraud-rules problem: behavioral pattern analysis that flags transactions inconsistent with a customer’s history, strategic delays with educational warnings on high-risk transfers, real-time fraud-intelligence sharing between institutions, and confirmation flows designed to make a customer slow down on a suspicious payment.
Sometimes the best fraud prevention is a system smart enough to recognize when a customer needs protecting from themselves. Speed without intelligent safeguards is not innovation.




