BlogPayments

How open banking can help fight the UK’s £1 billion fraud problem

Author image
Bee Thakur, UK Public Policy Lead
12 May 2022
Charts and figures

In 2020, UK consumers suffered over £1 billion of financial fraud, made up of unauthorised card payments (£574.2m) and authorised push payment (APP) scams (£479m).  

Unauthorised payment fraud happens when money is taken from a person’s account without their authorisation. For example, their card details are stolen and used by someone else.

Authorised payment fraud is where a person is tricked into sending money from their account to an account controlled by the fraudster under false pretences. 

In this blog we explore how open banking payments, designed with online security in mind, can address both these types of fraud. 

What makes open banking payments safe?

Open banking payments have four characteristics which make them inherently safe:

  1. Every payment uses strong customer authentication (SCA)

  2. No sensitive details are shared

  3. Payment instructions are pre-populated

  4. Open banking providers onboard and carry out due diligence with merchants

Let's look at these in more detail.


Open banking always uses strong customer authentication

When a customer makes a payment using open banking, they are always sent to their bank’s app to strongly authenticate, usually with biometrics. This means their bank checks that they are who they say they are by checking a combination of: 

  • possession eg that they are paying from a phone or computer registered with their bank 

  • inherence eg their fingerprint, or facial features 

  • knowledge eg a password previously issued by their bank 

    Inbody image

Efforts to introduce strong customer authentication for cards have been delayed a number of times, only coming into force in the UK in March 2022.

The lack of SCA in cards has led to card-not-present (CNP) fraud, where stolen card details are used by fraudsters to make payments. Unauthorised card transactions including CNP fraud amounted to £574.2m in 2020.

While card issuers and merchants are now addressing this with SCA, there are still exemptions applicable to cards that could leave the door open to unauthorised payments. 

No card details are shared in open banking 

The prevalence of CNP fraud is due to the way card payments work – where customers are asked to share their ‘long card number’ and three digit ‘CVV’ with the business they are paying.

These details alone are enough to make a card payment, but they can be stolen, intercepted, or leaked (if stored incorrectly), and then used by fraudsters. 

Inbody image

With open banking payments, no sensitive details are shared with the merchant – there is nothing to intercept, steal or leak that could lead to unauthorised payments. 


Instead, open banking providers securely communicate with the customer’s bank to pass on payment instructions in the background and initiate the payment. 


Payment instructions are pre-populated in open banking 

Sometimes customers are asked to pay businesses by ‘manual bank’  transfer. This means noting down a sort code, account number and reference, and manually inputting all these details into online banking. 

Manual bank transfers are vulnerable to: 

  • Scams – where a customer is tricked into inputting the payee details of a fraudster instead of their intended recipient. There were £479m worth of these so called  ‘authorised push payment’ (APP) scams in 2020

  • Misdirected payments – where a customer mistypes the payee details and the money goes to the wrong place. Misdirected payments have long been an issue, with the UK Financial Ombudsman signalling its concerns back in 2014. 

Inbody image

When customers choose to pay a business using open banking, no payee details need to be entered by the customer. 

This removes human error, and the risk of customers being tricked into sending the money to a fraudster. The open banking provider controls where the money goes. 

Open banking providers onboard and carry out due diligence with merchants

When an open banking provider enables payments for a merchant or other business, they enter into a commercial contract with that business, and undertake due diligence on the business as part of that. This reduces the likelihood that bad actor merchants would use open banking to commit fraud. 

The way open banking payments are set up also means the open banking provider has a relationship with the consumer and obligations towards them, such as responding to any complaints, or payment issues that are raised. 

Inbody image
Relationships between parties in an open banking payment

Cards work differently because a card issuer will have no relationship with the merchant accepting a card. They rely on merchant acquirers to do due diligence on merchants – and there needs to be a scheme (like Visa and Mastercard) to reconcile issues between issuers, acquirers and merchants. 

Safer by design  

The features of open banking payments discussed above collectively protect the consumer against both unauthorised payments and fraud relating to authorised payments (APP scams).

Infographic
Common ‘vulnerability’ points in the payment journey where a customer can lose money to fraud, and how these are addressed by open banking.

Open banking provides an opportunity to fight fraud with its secure design features: 

  • embedded SCA

  • no card detail sharing 

  • pre-population of payment fields

  • merchant onboarding

These features have been built into open banking from the beginning, and are not all standard across other online payment methods such as cards or manual bank transfers. 

The more businesses choose open banking to enable payments, the safer consumers will be when paying online. 

Insights straight to your inbox
Join 10,000+ subscribers getting the latest open banking news.
Latest
Pay by bank phone
12 Jun 2025

Pay by Bank protections: a modern approach

15 million users milestone
10 Jun 2025

TrueLayer hits new industry milestone, surpassing 15 million consumers

Hey, I'm Andy from TrueLayer, and I'm going to try and tell you everything you need to know about Pay by Bank—in just ninety seconds. Let’s start the clock. Let’s keep it simple. What is Pay by Bank? It’s a payment method that lets you pay directly from your bank account via your banking app—with zero need for card networks. That could mean buying pizza, paying for flights, or just about anything in between. And it’s actually pretty easy—and very quick. It looks a bit like this: start by tapping the Pay by Bank button, then choose your bank from the list. If you’ve used it before, we can even preselect your preferred bank. You then review the payment, and you’re seamlessly redirected to your bank app to approve it using secure biometrics. That’s Face ID or a fingerprint, to you and me. And that’s it—success. But no time to relax—we're on the clock! Now, this might be the first time you’re hearing about it, but every month in the UK, 27 million payments are made using Pay by Bank. And most people who haven’t tried it yet say they’d be happy to—if given the option. On the merchant side, nine out of ten businesses are already planning to adopt it in one way or another. So what’s in it for businesses? Number one: more potential sales. No cards means no long card numbers, no clunky 3DS2—just a smoother experience from start to finish. And it converts. Number two: because payment details are pre-populated and verified with biometrics, things like card-not-present fraud, chargebacks, and authorized push payment fraud are virtually eliminated. Number three: lower costs. Without all the intermediaries and manual admin, the total cost of Pay by Bank is typically lower than card payments. I'm running out of time—one last benefit: instant refunds. And trust me, shoppers love instant refunds. And breathe. That was a lot to cram into ninety seconds. If you’d like to take your time and learn more about Pay by Bank—and why brands like Just Eat Takeaway, lastminute.com, Ryanair, and Papa John’s already offer it at checkout—you can read our in-depth guide. There should be a link on screen now. And that’s it. Thanks for watching.
9 Jun 2025

Pay by Bank explained in 90 seconds

Categories to explore