In March 2026, the UK Government published the Fraud Strategy 2026-2029, backed by over £250 million in public investment and a new £30 million Online Crime Centre bringing together police, banks, telecoms firms and technology companies. It is the largest single investment in UK fraud prevention in a generation.
The strategy responds to a simple reality: fraud is now the most reported crime in the UK, accounting for around 40% of all crime by volume, and around 85% of it originates on tech platforms even though payment firms bear 100% of reimbursement liability. The strategy aims to rebalance this — though not fully.
Key components of the new strategy
| Component | Detail |
|---|---|
| Total investment | Over £250 million |
| Online Crime Centre | £30 million, multi-agency |
| Organisations involved | Police, banks, telecoms, tech companies |
| Primary fraud metric target | Reduce victim incidence and total value |
| Tech company accountability | Increased oversight; no direct reimbursement liability (yet) |
| Timeframe | 2026-2029 (three-year programme) |
The context — where fraud is now
UK Finance's Annual Fraud Report 2025 showed £451 million stolen through APP fraud in 2024, of which £267 million (59%) was returned to victims. Under the new mandatory reimbursement regime (in force since 7 October 2024), that reimbursement rate has since risen to 88%.
But the scale of fraud remains alarming:
- ~85% of APP fraud originates on tech platforms (social media, messaging apps, online marketplaces)
- Purchase fraud alone accounts for ~60% of victim cases
- Romance scam losses: £31m
- Impersonation scams (bank/police staff): £66m
- Investment scams: continuing rise in average loss per victim
- Deepfake AI-driven scams: a material new category in 2025-26, particularly impersonating public figures like Martin Lewis
The Online Crime Centre — what it does
The £30 million Online Crime Centre is the strategy's flagship. Its remit:
- Real-time intelligence sharing between police, banks, telecoms operators and major tech platforms
- Faster takedowns of fraudulent websites, social media adverts and fake marketplace listings
- Cross-sector investigations — following fraud money and victims across the full chain from initial contact to payout
- Victim support coordination — bringing together the previously fragmented victim support ecosystem
- Priority cases — focused work on organised fraud rings and deepfake-AI-enabled campaigns
Why tech companies are (mostly) spared direct liability — for now
Banking-sector lobby groups — UK Finance, TheCityUK — have pushed hard for tech companies to contribute financially to APP fraud reimbursement, arguing that the sector enabling the fraud should bear some of the cost. The Fraud Strategy 2026-2029 stops short of that:
- Tech companies are added to multi-agency coordination structures (Online Crime Centre, working groups).
- Increased oversight expectations through Ofcom via the Online Safety Act 2023 framework.
- Voluntary commitments around proactive takedowns and advertising verification.
- No mandatory cross-sector reimbursement.
The issue will return to the political agenda in Q2 2026 when the Frontier Economics independent review of the APP reimbursement regime reports. If the current single-sector liability model is found to be unsustainable, pressure for statutory cross-sector contributions will intensify.
What it means for regulated firms
Banks and payment institutions
- Data-sharing obligations will increase. Expect new reporting duties, particularly around fraud typology and victim demographics.
- Consumer Duty integration — fraud prevention measures will be increasingly assessed against the Good Outcomes standard.
- Partnership mandates — expect new expectations around working with tech platforms and telecoms operators on shared-customer fraud cases.
Mortgage brokers, IFAs and insurance intermediaries
- Impersonation scams affect the advised market — fraudsters pose as brokers or advisers. Firms should review their client communication protocols.
- FCA scrutiny on vulnerable customers — a core theme in the Fraud Strategy, aligning with Consumer Duty.
- Incoming rules on client money safeguarding (CASS 15 from 7 May 2026) add compliance overhead.
Tech companies and telcos
- New coordination expectations through the Online Crime Centre.
- Enhanced Ofcom and FCA liaison expected, particularly for platforms carrying financial promotions.
- Voluntary commitments may harden into statutory obligations if Q2 2026 review recommends change.
Consumer impact — what's new and what's changing
- Faster takedowns — fraudulent adverts on major platforms should be removed in hours, not days or weeks.
- Cross-platform victim support — a single point of contact regardless of where the fraud originated.
- Increased scam awareness — targeted public campaigns, particularly on deepfake AI impersonation.
- Reimbursement remains — the existing £85,000 cap and 5-day reimbursement deadline for APP fraud is unchanged.
- Report Fraud (Action Fraud) overhaul — improved intake system due in 2026-27 following years of complaints about poor service.
What consumers should do — regardless of the strategy
- Stop. Challenge. Protect. — the industry's "Take Five" framework remains the core guidance. Pause before acting on any urgent or unusual request.
- Never share one-time codes — your bank will never ask you for a one-time passcode or PIN over phone, text or email.
- Call your bank on a known number if asked to transfer money — do not use numbers supplied by the caller.
- Verify requests in person where significant amounts are involved, especially with "HMRC" or "police" impersonation.
- If scammed, report within 5 days to maximise recovery chances under the APP regime.
- Save evidence — screenshots, transaction references, caller numbers.
- Escalate to FOS if your bank declines reimbursement — free, independent, usually sides with consumers unless there is clear gross negligence.
The wider regulatory architecture
The Fraud Strategy sits alongside several other major UK initiatives:
- Online Safety Act 2023 — gives Ofcom powers over illegal content, including fraudulent advertising.
- FCA Consumer Duty — requires firms to prevent foreseeable harm, including fraud.
- PSR APP Fraud Reimbursement regime — mandatory reimbursement since 7 October 2024.
- FCA-PSR consolidation — HM Treasury's September 2025 consultation confirmed plans to abolish the PSR and transfer functions to the FCA. Fraud supervision will concentrate in one regulator during 2026-27.
- Fraud Respite scheme — extends Breathing Space protection to certain fraud victims.
Disclaimer
This article is for general information only and does not constitute legal, regulatory or financial advice. The Fraud Strategy 2026-2029 is a government strategy document and has been complemented by subsequent secondary legislation and regulatory guidance. Always refer to the latest GOV.UK, FCA and PSR publications for the most current rules and obligations.
FAQ
Does the new strategy change my reimbursement rights?
No. The £85,000 cap, the 5-day reimbursement deadline and the customer standard of caution exception remain in force. The strategy focuses on prevention, enforcement and coordination, not on the reimbursement mechanic itself.
Will tech companies be required to pay for fraud they enable?
Not yet. The strategy increases coordination and voluntary commitments but does not mandate cross-sector reimbursement. The Q2 2026 Frontier Economics review will revisit the liability model.
Can I sue a tech platform for hosting a fraudulent advert?
Direct consumer litigation against a platform for fraud loss is extremely difficult in UK law. Your primary remedy is APP reimbursement via your payment provider, with FOS escalation if needed.
