Skip to content
← All insights
Fraud & financial crimeJames Henderson — Diamond Intelligence

Nearly £1.3 billion stolen in 2025: what the UK Finance fraud report means for SMEs and charities

UK Finance published its Annual Fraud Report 2026 on 2 July, recording over four million fraud cases and almost £1.3 billion in losses during 2025. A factual summary for business owners and trustees, with practical verification checks before money moves.

This week in context

On 2 July 2026, UK Finance — the trade body for the UK banking and finance sector — published its Annual Fraud Report 2026, covering fraud against UK customers during 2025.

The headline figures are stark. More than four million confirmed fraud cases were recorded in 2025, an 11% increase on the previous year. Criminals stole almost £1.3 billion — roughly eight cases and £2,500 stolen every minute across the year.

This post summarises the findings most relevant to small and medium-sized businesses and charities, and sets out practical verification steps that reduce exposure. It is a factual summary, not legal or financial advice.

The numbers that matter

  • Total losses: £1.28 billion, up 4% year on year, across more than four million cases.
  • Unauthorised fraud (payments the victim never approved, such as stolen card details): 3.81 million cases and £703.4 million in losses — down 5% by value. Banks' controls prevented a further £1.68 billion, stopping roughly 70p of every £1 attempted.
  • Authorised push payment (APP) fraud (the victim is deceived into approving the payment themselves): 248,070 cases and £576.4 million in losses — up 19%.
  • Investment scams were the largest APP category by value at £221.5 million, up 40% in a year.
  • Purchase scams accounted for 71% of all APP cases.
  • 66% of APP cases originated online; telecoms channels (calls and texts) drove a disproportionate 28% of losses, reflecting their use in higher-value impersonation.
  • Of APP losses, £354.3 million (61%) was reimbursed to victims.

Two patterns sit behind the growth. First, criminals are using AI tools — deepfakes, cloned voices, and synthetic identities — to make impersonation more convincing and to industrialise attacks that once required manual effort. Second, fraud increasingly starts outside the banking system, on online platforms and phone networks, before any payment is made.

Why this matters for business owners and trustees

The unauthorised fraud numbers show bank controls working hard. The APP numbers show the harder problem: when an authorised person is deceived into approving a payment, most technical controls have already been passed.

For organisations, that deception typically looks like:

  • Supplier impersonation and invoice redirection — a convincing email, apparently from a known supplier, advising of new bank details.
  • Executive impersonation — an urgent payment request that appears to come from a director or CEO, increasingly supported by cloned voices or video.
  • Fake counterparties — a new supplier, customer, or partner that does not exist in the form presented, discovered only after money or goods have moved.

Charities face the same patterns, with an added dimension: trustees are personally accountable for safeguarding charity funds, and payment diversion losses are hard to explain to donors and to the Charity Commission. Reimbursement rules helped return 61% of APP losses in 2025, but they do not cover every situation — and recovering money is always harder than not sending it.

Five checks before money moves

None of these require specialist tools. They require the discipline to do them before payment, and a record of what was checked.

1. Verify the company, not the email. Check any new or changed counterparty against the Companies House register: is the company active, how long has it existed, do the directors and registered address match what you have been told? Since November 2025, directors and people with significant control must verify their identity with Companies House, which is steadily making the register a stronger verification source.

2. Verify the charity. If you are dealing with a charity — as a funder, partner, or supplier — check the Charity Commission register for registration status, trustees, and accounts filing history.

3. Confirm bank detail changes out-of-band. Any change to payment details should be confirmed through a channel you already trust — a known phone number, not the contact details in the email requesting the change. This single control defeats most invoice redirection.

4. Screen higher-risk relationships. For significant contracts, overseas counterparties, or unusual payment routes, check sanctions lists and look for adverse history — disqualified directors, dissolved predecessor companies, county court judgments.

5. Record what you checked. A dated note of what was verified, from which source, turns an informal habit into evidence of reasonable care — useful for insurers, auditors, boards, and trustees alike.

Where independent verification fits

Most of the checks above are free and take minutes. The harder cases are the ones that justify more depth: an acquisition, a major contract, a new key supplier, or a situation where something already feels wrong.

That is the space our Due Diligence & Vendor Analysis work covers — independent, evidence-led assessment of a counterparty before a major commitment, with every finding sourced and timestamped. Where a concern has already surfaced — suspected invoice fraud, financial irregularity, or a counterparty that does not add up — a scoped Investigation produces documented findings with provenance, suitable for boards, insurers, or legal advisers.

The principle in both cases matches the lesson of this week's report: the payment is the last step in the fraud, not the first. The earlier verification happens, the cheaper it is and the more options you have.

Sources and further reading

  • UK Finance, Annual Fraud Report 2026 (published 2 July 2026)
  • UK Finance press release: "Fraud remains a national security threat as criminals steal almost £1.3 billion"
  • Companies House identity verification rollout (mandatory since 18 November 2025, transition to 17 November 2026)
  • Charity Commission guidance on protecting charities from fraud

Organisations with specific concerns about a payment or counterparty should act quickly: contact your bank first, then seek appropriate professional advice.

This article is provided for general information. It does not constitute legal, financial, or regulatory advice. Intelligence outputs support business decisions; human judgement remains essential. Terms of Use

Next Step

Map your visibility gaps.

Book a consultation to understand how business data supports decisions across your organisation.