Fighting financial crime, including Authorised Push Payment (APP) fraud continues to be one of our strategic priorities. This is in line with the national system priorities, which include frauds that cause high levels of harm, such as romance fraud. We set out key findings from our review of how firms detect and prevent romance fraud, and the measures they take to protect their customers against it.
Who this review applies to
This multi-firm review will be of interest to UK Payment Service Providers (PSPs), including banks, building societies, and other businesses that provide payment accounts.
1. Introduction
Romance fraud involves people being convinced they are in a genuine relationship and deceived into sending money to criminals.
Romance fraud can result in a significant emotional, psychological and financial impact on those targeted. It is growing in scale and complexity. There was a 9% increase in romance fraud reports in the financial year 2024/2025, amounting to losses of over £106m. The City of London Police estimate victims sustain an average loss of £11,222 (2025). Victims often don’t report romance fraud due to shame and stigma, so the true scale is likely to be much greater.
We recognise the challenge for PSPs to tackle romance fraud effectively. Fraudsters have often developed a high-level working knowledge of the banking sector and how to circumvent anti-fraud systems and controls. Compounding this, victims may be deeply emotionally invested in the relationship and reluctant to accept they are being defrauded, making intervention and prevention even more difficult.
2. What we did
We reviewed 6 firms, including retail banks and payment firms: some well-established and others newer to the market. We focused on how firms detect and prevent romance fraud, and support victims.
We met with firms to understand their systems, governance, and investigative procedures for tackling this kind of fraud. We also reviewed relevant documentation such as policies, procedures, and internal guidance. These insights informed our assessment of 60 confirmed romance fraud cases, allowing us to evaluate how effectively firms applied their approaches in practice.
The losses in these cases ranged from £100 to £428,249. After the review, we gave firms individual feedback.
Our review focused specifically on cases where a victim was defrauded. We know firms do prevent many romance fraud cases through successful interventions using anti-fraud systems and controls.
This was a standalone review, but the findings should inform firms’ broader fraud strategies. Tackling fraud requires a whole-system approach, with firms, government, and law enforcement working together to reduce harm.
3. Key challenges firms face
A significant majority (85%) of the cases we examined originated from online platforms, including social media and dating websites. While customers must remain vigilant and take steps to protect themselves in an increasingly digital world, online platforms also have a critical role to play in preventing fraud and reducing harm. This includes raising user awareness, promoting safe online behaviours and implementing effective measures to detect and remove fraudulent content.
In many cases, fraudsters build a relationship with the victim over weeks or even months, gradually gaining their trust before requesting payments. Firms typically only have visibility once payments are made. Our review found fraudsters often began by requesting low-value payments, likely to reinforce trust and avoid detection. These transactions can appear consistent with a customer’s usual spending patterns, making them harder for firms to identify. Once a firm perceives a payee as trusted, subsequent payments are less likely to be flagged, increasing the risk of continued fraud.
In nearly half of the cases we reviewed, victims did not disclose the true purpose of the payment when questioned by their firm. This limits firms’ ability to detect and prevent fraud effectively.
Our review found that romance fraud cases include a wide variety of frauds ranging from traditional romance fraud to cases involving friendship, to the use of adult services. We also identified cases where the fraudster and the victim had met in person. These factors make it difficult for firms to identify the true nature of events, in distinguishing genuine romance fraud from civil disputes or complex relationship breakdowns.
Another key challenge firms face is that some victims begin sending payments from accounts held with other firms or open new accounts elsewhere. This limits visibility and makes it difficult for firms to know if funds have already been sent to fraudsters. This is a well-recognised gap across industry. Third-party solutions, such as Cifas APP Victim Check, may help address this issue by enabling firms to share data on known fraud victims. This has the potential to support more consistent and structured information-sharing between firms.
4. What we found
While challenges remain, our review found that some firms are leading the way in how they support victims of romance fraud, demonstrating that meaningful, tailored care is not only achievable but can play a vital role in reducing harm. The proactive engagement and compassionate support we saw in some cases reflect best practice and serve as strong examples of how firms can meet, and in some cases exceed, our expectations.
However, these examples were not consistent across the industry. Victim support varied across firms. Most offered compassionate aftercare, including referrals to charities and reassurance to reduce self-blame. Staff played a critical role in these interventions, often building rapport, probing inconsistencies and delivering tailored education that helped victims recognise they were being defrauded. In contrast, some staff missed key opportunities. This included failing to identify red flags or challenge implausible customer explanations, which allowed fraudulent payments to continue.
In 15% of the cases reviewed, customers had previously been victims of fraud while banking with the same firm, highlighting the need for tailored protections and ongoing monitoring. These measures should be proportionate to the individual circumstances of each victim. It is equally important that customers remain vigilant, particularly when engaging in online relationships, and be cautious of any financial requests, no matter how small or well-intentioned they may appear.
In addition to how firms engage with and support victims, our review also examined the effectiveness of their systems and controls in detecting romance fraud.
We found multiple instances where firms’ systems and controls successfully identified suspicious transaction patterns using a wide range of data points. These detections provided vital opportunities to engage with customers and prevent fraud or limit further losses. However, across most firms, we also observed missed opportunities to detect suspicious activity, including transactions to overseas jurisdictions, multiple payments over a short period, and sudden increases in the value of funds being sent.
We explore these findings in greater detail in the sections that follow.
4.1. Detection and monitoring
Good practice
We found in some cases, firms’ detection systems had adequately deferred high-risk payments for manual intervention, accompanied by a temporary block to reduce potential risks. This involved requiring customers to interact with a staff member before the payment instruction was confirmed. Our work highlighted how this can create positive friction in the payment journey and help prevent fraud.
Examples of these interventions include proactively detecting and investigating a victim’s first-ever cryptocurrency payments. This can subsequently help in uncovering instances where victims were acting under a fraudster's influence and coercion.
In another instance, a victim attempted to make 5 payments to the same, new beneficiary on the same day. Although the payment values were relatively low, the firm’s transaction monitoring system was able to identify this as suspicious behaviour and deferred the last 2 transactions for a manual review. This led to the firm preventing further financial loss for the victim.
We found that some firms used various data points effectively to improve their ability to detect suspicious transactions. These data points include markers on the victim’s profile, such as previously being a victim of fraud and attempted payments to a high-risk beneficiary with a history of fraud concerns. It also included any spending on dating sites combined with other related transactions, such as funds being received from a loan provider and then promptly sent to money transfer services. This enabled firms to identify fraudulent payments sooner and prevent further harm, as long as staff responded effectively to the alert.
In one instance, a new device login alert, initially suspected as a case of account takeover, led to the discovery of a romance fraud case. This highlights how initial alerts may not reveal the whole story, but further investigation can reveal serious harm.
Areas for improvement
Despite these examples of good practice, our review identified multiple instances of firms missing opportunities to identify seemingly suspicious transactions. This suggests firms could calibrate their monitoring systems to be more effective.
In one instance, a firm failed to detect 6 high-value payments totalling over £131,000 sent to overseas jurisdictions, despite the victim having no prior history of such transactions. In another, the victim made 403 payments over the course of a year, resulting in losses of over £72,000. The firm’s investigation acknowledged that it had not identified the sustained, out-of-character activity.
In 25% of cases, victims were coerced into getting funds from various sources. This included new loans, borrowing from friends and family or liquidating their personal assets. We identified cases where victims were left in a financially vulnerable situation, with one entering an Individual Voluntary Arrangement (IVA). Firms should consider that financial distress or atypical borrowing activity may be one of several indicators of unusual account activity, which, when viewed alongside other risk factors, could help identify cases of romance fraud.
We also found cases where fraudsters directed victims to open accounts at specific firms. Victims then transferred funds from their main bank to the new account, followed by prompt dispersal to the fraudster. Receiving firms must recognise their role in preventing fraud by conducting due diligence on both inbound and outbound transactions. However, even the most advanced detection systems are only effective when supported by robust investigative processes and well-trained staff.
4.2. Internal investigative approaches and staff capabilities
Good practice
Most firms adopted a victim-centred approach in their investigation processes. Investigators consistently captured detailed information about the fraud events, assessed the effectiveness of the firm’s interventions and considered any underlying factors that may have made customers more susceptible to fraud.
In confirmed cases, some firms obtained records of victim communications with fraudsters, where appropriate. This helped identify emerging fraud trends and informed improvements to anti-fraud systems and controls. We also observed timely sharing of information between sending and receiving firms in most cases, supporting efforts to recover funds and investigate fraud claims.
Additionally, several firms took proactive steps to prevent further harm by adding confirmed fraudulent beneficiary account details to internal blocklists. This measure helped protect other customers from transferring funds to accounts known to be associated with fraud.
Areas for improvement
While many firms demonstrated strong investigative practices, there were notable gaps in both payment analysis and staff capability, which limited their ability to identify and respond to romance fraud effectively.
Gaps in payment analysis and staff response:
One such gap was the inconsistent inclusion of payment types within fraud cases. In some cases, investigators did not account for transactions made via methods other than Faster Payments, such as cash withdrawals, card transactions and gift card purchases. This raises concerns that industry figures on romance fraud may be under-reported if based solely on Faster Payments, rather than total financial loss.
Reimbursement policies for these alternative payment types were often unclear to victims. Firms missed opportunities to educate victims about the risks associated with different payment methods and how to protect themselves. Without capturing and analysing the full spectrum of payment activity, they lacked a holistic view of romance fraud. This can limit the ability to detect emerging trends and shifts in fraudster tactics.
Another area needing improvement is the capability of staff to identify red flags and critically assess customer explanations. This was not consistent across all firms. Red flags may include unusual customer behaviour, sudden changes in personal circumstances or a desperate tone in communications. Strong detection systems must be supported by experienced staff who can intervene effectively. For example, in one case, a victim made 15 international payments via a branch, totalling £190,000. The victim claimed they were buying property in their country of origin, but staff did not seek documentation or question the use of multiple accounts in different names.
In another case, a victim told staff they intended to send cryptocurrency payments to Iraq, claiming it was the only method accepted by their 'partner' in the military. Despite clear indicators of romance fraud, including screenshots of conversations, staff approved the payment without challenge. Across 4 separate interventions, staff failed to identify the fraud, allowing payments to continue.
To enable effective engagement, in line with the Consumer Duty (PRIN 2A.5.6R), firms must ensure communications promote customer understanding and provide support that meets the needs of customers with characteristics of vulnerability. In-app chat functions can be valuable tools for gathering real-time information and making informed decisions. However, one firm relied heavily on standardised chat scripts throughout the customer journey, which led to missed opportunities and poor outcomes in nearly all cases reviewed.
Social Engineering:
Engaging with victims who have been socially engineered presents a particular challenge. Victims may intentionally give misleading explanations, often under the influence of the fraudster. This was evident in 42% of cases. In some instances, victims claimed to have met the fraudster in person or described long-term relationships. In one case, a victim provided fabricated documents to justify a payment.
We note an independent review is currently evaluating the Payment Systems Regulator’s (PSR) APP fraud reimbursement policy. This will include the effectiveness of the policy including considerations around the Consumer Standard of Caution. This will cover all APP fraud typologies.
To overcome these challenges, firms must ensure staff are equipped to probe customer responses when risk indicators are present. While customer explanations may not always clearly point to romance fraud, tailored engagement and critical questioning can reveal inconsistencies, highlight risks, and, crucially, help break the fraudster’s hold.
4.3. Customer engagement and support
Good practice
Effective engagement with victims was a consistent theme across firms demonstrating good practice. Staff played a pivotal role in helping victims recognise they were being defrauded, often through thoughtful questioning and tailored education. In one case, a staff member shared online resources and case studies about romance scams, encouraging the victim to reflect on similarities with their own experience. They later followed up with a call, during which the victim confirmed their suspicions, enabling the firm to intervene and prevent further loss. In other cases, staff supported victims in verifying fraudster claims, recommending reverse image searches and assisting with online checks that disproved false stories.
Once red flags were identified or fraud was confirmed, staff often demonstrated proactive engagement. This included follow-up calls, requests for documentation and in-branch meetings. One firm used in-branch meetings to deliver tailored education, including videos. Notably, these interventions were made even for low-value payments, reflecting firms’ understanding that early action can prevent escalation.
Compassionate care was evident across most firms. Staff built rapport with victims and dedicated time to investigate cases and provide aftercare. In one instance, a firm made 11 calls over a 6-week period to support a victim, demonstrating a commitment to breaking the fraudster’s hold and restoring customer confidence. Firms also responded sensitively when victims expressed guilt or self-blame.
We also observed clear and empathetic communication of fraud claim outcomes. Firms followed up with letters and verbal explanations, reinforced fraud awareness, signposted victims to relevant charities and informed them of the firm’s complaints process.
Areas for improvement
While many firms demonstrated strong engagement and compassionate care, there were cases where safeguarding concerns were not escalated appropriately. The Consumer Duty (PRIN 2A.9.9R), requires firms to monitor whether customers receive the support they need, and PRIN 2A.2.8R, which obliges firms to avoid causing foreseeable harm. Failure to act on warning signs or escalate concerns in a timely manner may result in missed opportunities to prevent fraud and protect vulnerable customers.
4.4. Treatment of customers in vulnerable circumstances
Good practice
Once fraud was confirmed, many firms took proactive steps to understand the personal circumstances contributing to customer vulnerability, such as emotional distress, social isolation or lack of support. By recognising these broader contexts, staff were able to tailor their support and reduce the risk of re-victimisation.
Some firms added vulnerability markers to victim accounts, enabling more tailored monitoring and engagement. When applied appropriately, these markers help staff identify customers who may be at heightened risk of fraud, allowing for earlier intervention, enhanced safeguards and more compassionate support.
Some firms have also established specialist teams, ensuring that support is aligned with the customer’s specific needs and circumstances. For example, one firm responded with care and diligence to a victim who had recently divorced and was supporting a child undergoing cancer treatment. The firm implemented enhanced monitoring of the victim’s account, including weekly reviews over a 2-month period.
In another case, a firm’s investigation revealed that the victim had long-term mental health conditions, including depression and anxiety, and was neurodiverse, with dyslexia and ADHD. These circumstances were compounded by a recent family bereavement. The firm’s vulnerable customer team offered compassionate support, factoring these circumstances into their reimbursement decision. They also referred the victim to relevant charities, including one supporting people with anxiety and another for those with learning disabilities.
Preventing repeat victimisation:
Repeat victimisation occurs when an individual is a victim of the same type of crime on separate occasions. In 15% of the cases reviewed, the customer had previously been a victim of romance fraud, or other types of APP fraud while with the same firm.
While education and awareness are important, our review identified cases where firms took additional steps to reduce the risk of re-victimisation. These included regular check-ins following the closure of a fraud case, adding markers to accounts to highlight past fraud concerns, implementing enhanced monitoring and making appropriate safeguarding referrals.
In cases of significant concern, firms applied temporary account restrictions. These included limiting the ability to add new beneficiaries, setting daily transfer limits, issuing new security credentials (for example, new cards or login details), and temporarily blocking online banking access, requiring the customer to call the firm to complete transactions. We recognise the balance firms must strike between safeguarding customers and avoiding undue disruption to their financial lives.
In rare instances, where multiple interventions failed to break the fraudster’s hold, one firm closed a victim’s account. This decision was made only after all other avenues to educate and safeguard the customer had been exhausted. Before proceeding, the firm evaluated the potential impact of account closure and considered the customer’s vulnerability to ensure the action would not cause further harm.
Some firms used the Banking Protocol, a UK-wide initiative enabling firms to alert police to suspected fraud, to protect vulnerable customers and prevent further losses. However, firms noted that the Protocol is not always effective when the customer remains under the fraudster’s influence and police intervention does not break it. This presents a challenge, as firms must carefully consider how to manage ongoing risk while continuing to support affected individuals. Despite these complexities, the Protocol remains a valuable tool in high-risk cases.
Areas for improvement
Despite these examples of good practice, our review found that many firms were unaware of key customer vulnerabilities, until after the fraud had occurred. This limited their ability to apply protective measures earlier. We do not expect firms to identify every customer with characteristics of vulnerability where there has been no reasonable opportunity to do so, particularly in cases with limited customer engagement. We do, however, expect firms to support their staff to identify signs of vulnerability, for instance through training and resources. Strengthening staff awareness and improving frontline engagement is essential to ensuring signs of vulnerability are not missed.
In some instances, firms did not take appropriate safeguarding steps even after fraud was confirmed, despite clear signs of vulnerability and reasonable grounds for concern. For example, one victim expressed suicidal thoughts and another received threats of violence from the fraudster. Once fraud has taken place, under the Consumer Duty (PRIN 2A.6.2R), firms must ensure they deliver appropriate support to affected customers, particularly where characteristics of vulnerability are present or can reasonably be assumed.
Under the Consumer Duty (PRIN 2A.2.1R and PRIN 2A.2.5R), firms are expected to act in good faith and avoid causing foreseeable harm. Where such risks are identified, firms should ensure their systems, processes, and staff are equipped to respond appropriately, including considering whether it is necessary to inform relevant authorities.
Firms should also set up systems and processes in ways that support and enable vulnerable customers to disclose their needs. One firm allowed customers to disclose vulnerabilities via its mobile banking app. In other cases, family members reported both the fraud and the customer’s vulnerabilities, but firms were reluctant to act, citing the individuals as non-authorised third parties. In one example, a victim’s father reported the fraud and underlying vulnerabilities to a local branch, but no action was taken. The fraud continued for nearly 18 months, resulting in a total loss of £121,000.
In line with our Guidance for firms on their fair treatment of vulnerable customers (PDF) (4.54), firms should consider the heightened fraud risk in situations where vulnerabilities are disclosed indirectly, such as through family members. Where formal third-party access measures (for example Third-Party Mandates or Power of Attorney) are not in place and if there are concerns about a customer’s understanding, decision-making capacity or signs of coercion or fraud, it may be appropriate to engage with a family member, friends or other third party, even without formal authorisation. In doing so, firms must ensure their safeguarding processes are robust and that any action taken complies with applicable data protection obligations.
4.5. Education and awareness
Good practice
Customer education and awareness are essential tools in preventing romance fraud and reducing the risk of re-victimisation. Most firms demonstrated meaningful efforts to help customers recognise and avoid fraud, particularly through targeted campaigns and educational resources.
One firm developed an optional fraud learning module within its mobile banking app, allowing customers to engage with educational content at their own pace. Another firm conducted a public research survey to better understand customer perceptions and behaviours, using the findings to strengthen customer warnings and improve its systems and controls.
Firms also used real-life examples to highlight the risks of online relationships and financial requests. These resources helped customers identify red flags and encouraged them to seek support when something felt wrong.
Areas for improvement
While most firms had education initiatives in place, the reach and consistency of these efforts varied. Some firms relied heavily on passive messaging, such as website content, which may not be sufficient to engage customers at risk.
5. Next steps
This review highlights the critical importance of both effective transaction monitoring systems and skilled, well-trained staff in tackling romance fraud. Firms must continue to ensure their systems can detect relevant risk indicators and that staff are equipped to engage meaningfully with customers, identify red flags and respond appropriately, particularly where customers show signs of vulnerability.
We have engaged directly with the firms in this review to provide detailed feedback. However, we expect all firms to consider these findings and assess whether their own systems, controls and customer engagement practices are sufficient to prevent and respond to romance fraud.