Payment fraud is the use of illegal or deceptive means to make, receive, redirect, or obtain a payment for personal or criminal gain. U.S. federal banking agencies recently described payments fraud as the use of illegal means to make or receive payments for personal gain, including scams, while the FCA treats fraudulent payments as a broad consumer and financial crime issue that includes unauthorized card and account activity as well as authorized push payment scams.
In the financial crime environment, payment fraud is significant because it sits at the point where deception is converted into the movement of money. It is not limited to one payment rail or one fraud type. It can involve cards, bank transfers, ACH, wires, checks, e-money, instant payments, mobile payments, and other payment instruments. The Federal Reserve’s payment fraud work describes payments fraud as involving stolen credentials or exploitation of vulnerabilities in a payment network or system, and the FCA’s consumer material shows that fraudulent payments can arise through direct transfer, card payments, and wider payment-service misuse.
From a professional perspective, payment fraud is best understood as a family of typologies rather than a single event type. It includes unauthorized transactions, account takeover, card fraud, check fraud, payment-instruction fraud, business email compromise, mandate fraud, APP fraud, and scams that induce customers or businesses to authorize transfers themselves. The FCA’s guidance on fraudulent payments distinguishes APP fraud from other unauthorized transactions, while U.S. banking agencies now treat scams as part of the broader payments-fraud landscape.
This breadth matters because the control challenge changes depending on whether the payment is unauthorized, technically authorized but fraud-induced, or processed through a compromised or false identity. In unauthorized fraud, the issue is often theft of credentials or compromise of access. In scam-based or APP fraud, the customer may authorize the payment themselves after being deceived. In other forms, the payment may be initiated through a mule account, a falsified application, or a compromised business process. FATF’s recent cyber-enabled fraud work is especially relevant here because it treats fraud as an evolving digital threat that increasingly exploits fast and digital payment methods.
A key reason payment fraud is so important in the financial crime environment is that it rarely ends with the initial loss event. Once a fraudulent payment is made, the funds often move rapidly through receiving accounts, money mules, intermediaries, or other payment channels to reduce the chance of recovery and obscure the link to the original deception. FATF’s cyber-enabled fraud report highlights payment transparency as an important tool for increasing traceability of fraud proceeds and notes that digitalization and faster payments have increased opportunities for fraudsters.
This means payment fraud sits very close to AML and proceeds-of-crime risk. A scam payment into a receiving account is not only a customer-protection issue; it may also be the first point at which illicit proceeds are placed into a mule network or laundering chain. For firms, that means payment fraud controls should not be isolated from transaction monitoring, beneficiary-risk review, account-behavior analysis, and suspicious activity escalation. This is an inference supported by FATF’s treatment of cyber-enabled fraud as connected to illicit financial flows and by the FCA’s wider financial crime framing of fraud.
Operationally, payment fraud is especially challenging because payment systems are designed for speed, convenience, and scale. Those same characteristics create pressure on control design. A firm must reduce fraud without making legitimate payments unusably slow or burdensome. The FCA’s finalized 2024 guidance on a risk-based approach to payments was issued specifically to support firms in balancing payment execution with fraud prevention, particularly for APP fraud.
A mature payment-fraud framework therefore depends on layered controls. These typically include identity and authentication controls, device and access monitoring, beneficiary and account-risk assessment, payment-behavior analytics, scam warnings, customer communications, fraud-intelligence sharing, receiving-account monitoring, and effective response and recovery processes. The Federal Reserve’s FraudClassifier work also reflects the importance of common fraud typologies across ACH, wire, and check payments, which supports more consistent control and analysis across payment types.
Customer outcomes are also central. Payment fraud can cause immediate financial loss, emotional distress, service disruption, and reduced trust in the banking and payments system. The FCA has emphasized protections and reimbursement developments for APP fraud victims, while older FCA thematic work on unauthorized transactions focused on maintaining confidence in the security of everyday banking.
Ultimately, payment fraud is a core financial crime risk because it is the practical mechanism through which criminals extract and move money. Whether the payment is stolen, induced, manipulated, or redirected, the objective is the same: to turn trust in payment systems into criminal gain. For that reason, payment fraud should be understood not just as a payments problem, but as a major control issue spanning fraud prevention, customer protection, AML, operations, and financial crime governance.
