by Joel Carvalhais
10 minutes • Fraud & Scams • June 30, 2025

7 Examples of Real-time Payment Frauds and How to Prevent Them

Would you rather get paid now or later? If you’re like most people, you probably prefer getting your funds as early as possible. The ability to move money in seconds instead of hours or days is what makes real-time payments so appealing. Unfortunately, it also comes with a risky side effect: the threat of real-time payments fraud and scam losses. Insights from the GASA Global State of Scams Report in 2024 found the rapid nature of payments fraud has already resulted in $1 trillion in losses by customers worldwide.

Key Takeaways

The speed of real-time payments fraud means fraud can occur in an instant with little chance of recovery.
The most serious types of real-time payments fraud include: authorized push payment (APP) fraud, account takeover (ATO), CEO fraud, mandate fraud, money mule fraud, payroll fraud, and phishing attacks.
According to the UK finance annual fraud report in 2025, Some of the heaviest real-time payment fraud losses include £450 million lost by UK consumers to APP fraud;¹ $15.6 billion lost to ATO fraud in the US;² and $55 billion lost to mandate fraud over 10 years.³
There are several key steps banks and businesses can take to protect themselves and customers from real-time payment fraud. This includes investing in data analytics, behavioral analysis, and real-time monitoring.

What is Real-Time Payments Fraud?

Real-time payments fraud, also called instant payment or transfer fraud, happens when money involved in frauds and scams immediately moves between accounts. Scammers frequently deceive victims into making payments or exploiting vulnerabilities in instant payment systems, many of which are easily completed using their smartphones or devices. The speed of real-time transactions means the fraud is immediate and results in instant, irreversible losses.

eBook

How Banks Can Embrace the Future of Faster Payments

Get your free guide to learn how to successfully navigate the complexities of real-time payments and combat authorized push payment (APP) fraud.

Learn More

7 Examples of Real-Time Payment Fraud

The following article outlines seven common types of real-time payments fraud, how they operate, and how AI and machine learning solutions can detect fraud and protect customers, employees, and businesses from falling victim to various scams.

1. Authorized Push Payment Fraud

In an authorized push payment (APP) fraud, customers are manipulated into transferring money under false pretenses. Fraudsters might pose as trusted authority figures like a bank representative. They then falsely claim a customer’s account has been compromised, pressuring them to transfer funds into a different account.

According to UK Finance, UK consumers lost £450 million to APP fraud in 2024 (a slight drop from the previous year).¹ Manipulations are made even more effective by advanced GenAI technologies like deepfakes, voice cloning, and SMS/phishing scams. The expansion of these technologies threatens to make common APP fraud tactics more realistic and puts consumers at risk.

How Banks Can Prevent APP Fraud

To fortify defenses against APP fraud, banks can take several proactive steps:

- Customer Education: Provide customers with comprehensive education on APP fraud methods, emphasizing the importance of verifying payment requests and being wary of social engineering.
- Stronger Verification: Implement multi-factor authentication and enhanced due diligence for high-risk transactions or changes to payee details.
- Real-Time Monitoring: Utilize real-time transaction monitoring systems to identify suspicious transactions and delay or block them when necessary.
- Confirmation Protocols: Establish protocols to confirm high-value or unusual transactions with customers through separate channels.
- Know Your Customers’ Normal Patterns: AI and machine learning can detect deviations like increased transfers to new accounts or unusually high amounts by analyzing transfer frequency, recipient history, and transaction values.
- Invest in GenAI-based Solutions: Banks shouldn’t cede ground to criminals on GenAI adoption. Invest in GenAI agents that can catch scams in progress and empower customers to recognize the warning signs for themselves.

2. Account Takeover Fraud

Account takeover (ATO) fraud involves a fraudster using stolen credentials to access someone else’s account. Email addresses, phone numbers, or other personally identifiable information can be compromised or purchased on the dark web to make this happen. With this information, fraudsters can gain access to bank, eCommerce, or social media accounts to make fraudulent purchases or steal or change information.

Criminals can also make transfers from the compromised accounts with funds instantly moving to their own account. Because it appears to be executed by a legitimate account holder, the money can be transferred instantly.

As many as 20 million US adults have been impacted by account takeover fraud, according to Security.org.⁴ Recent data from Javelin shows losses from account takeover fraud reached $15.6 billion in the US in 2024.²

How Banks Can Prevent ATO Fraud

To combat account takeover fraud and secure customer accounts, banks can implement several robust strategies:

Multi-factor Authentication (MFA): Enhance security beyond passwords by implementing MFA, which requires users to verify their identity through multiple, distinct methods.
Behavioral Biometrics: Behavioral biometrics technology can catch anomalies by analyzing and reviewing typing speed, mouse movements, and other unique digital behaviors to build customer profiles. If anomalies are detected, the solutions can end sessions or halt transactions.
Device Fingerprinting: Track unique device characteristics (e.g., IP address, screen size) to flag logins from unfamiliar devices or new geographic locations.
Machine Learning and AI: Advanced technology like AI and machine learning can analyze vast datasets, detect subtle anomalies, and identify emerging fraud trends in real time, allowing banks and businesses to predict new trends and prepare swift responses.
Malware Detection: Implement advanced malware detection to quickly identify and neutralize malicious programs attempting to impersonate legitimate account holders.

3. CEO Fraud

Employees spring to action when they get a request from their boss. Fraudsters exploit this tendency by deceiving employees into making fraudulent transfers. CEO fraud typically involves a criminal impersonating the company’s top executive or another high-level figure through email, text, or phone calls, requesting an immediate action.

This scam often targets employees in accounting, finance, or payroll who have the authority to approve payments. To successfully execute CEO fraud, the criminal usually employs a business email compromise (BEC) attack, which may involve spear phishing, to steal the executive’s credentials. These stolen credentials can then be used to facilitate fraudulent transfers and other scams, such as account takeover ATO attacks. Once approved, the money is often lost and

In the UK, the UK Finance report shows losses from CEO fraud rose to £11.8 million in 2024 (although the volume of activity declined).¹ Meanwhile, data from the FBI shows US adults lost over $2.7 million to BEC fraud, which includes CEO fraud.⁵

How Banks Can Prevent CEO Fraud

To shield themselves from CEO fraud and show criminals who’s the boss, banks can implement these key strategies:

Employee Training: Educate employees about how CEO fraud works and the importance of verifying payment requests, especially those that are urgent or unusual.
Communication Verification: Establish protocols for verifying payment requests, especially those from executives, through multiple channels.
Email Authentication: Implement email authentication protocols to prevent email spoofing and phishing.
Transaction Monitoring: Monitor transactions for patterns indicative of CEO fraud, such as large, urgent transfers to new vendors, suppliers, or beneficiaries.
Behavioral Analysis: Analyze employee behavior for anomalies, such as changes in payment processing behavior.

4. Mandate Fraud

Mandate fraud is another form of BEC fraud that occurs when a company employee is manipulated into redirecting a legitimate payment like direct debits or bank transfers to a fraudster-controlled account. Having acquired personal details, such as a professional contact’s name or other information, a fraudster will impersonate the representative of a supplier or an executive that the employee already knows. Next, they convince the employee to alter their payment information to a different account, possibly offering an excuse like switching FIs as a reason for the change.

The scheme might not come to light until the legitimate supplier contacts the business to inquire about their missing payment. The FBI estimates that losses from BEC fraud (including mandate fraud) reached $55 billion over a 10-year period from 2013 to 2023.³

How Banks Can Prevent Mandate Fraud

Banks can combat mandate fraud by focusing on these critical actions:

Enhanced Verification for Changes: Implement stringent verification processes for any changes to payee or supplier details.
Regular Audits: Conduct regular audits of payment mandates and supplier details to detect any unauthorized changes.
Data Analytics: Use fraud data analytics to identify suspicious patterns in payment data, such as multiple changes to payee details within a short period.
Supplier Communication: Establish direct communication channels with suppliers to verify any changes to payment details.
Real-Time Alerts: Implement real-time alerts for any changes to payment mandates, enabling prompt investigation.

5. Money Mule Fraud

Money mules act as a middleman for fraudsters by opening accounts and making transfers on criminals’ behalf. These players are critical in giving fraudsters and criminals access to legitimate financial services either by opening new accounts or agreeing to receive money on the fraudster’s behalf. This gives criminals an opportunity to turn real-time payments fraud into profits.

The UK’s National Crime Agency (NCA) estimates £10 billion in illicit funds are laundered each year through money mule activity.⁶

They fall into three categories.

Complicit Money Mules: These individuals knowingly participate in illegal activities by opening accounts for or recruiting others into money mule schemes.
Unwitting Money Mules: Individuals unknowingly involved in criminal schemes, often through fake job offers or romance scams.
Witting Money Mules: Witting money mules ignore manipulation warning signs, often in the hopes of reaping financial gain.

Criminals may use romance scams or fake job listings to recruit money mules. They may convince a deceived romantic partner to send them money for a medical emergency or instruct a candidate to receive and transfer money as part of their new job.

How Banks Can Uncover Money Mule Networks

If financial institutions can uncover and disrupt money mule activity, they can stop most fraud and financial crime. Here’s what they can do:

Inbound Payment Monitoring: Implement systems to monitor inbound payments for unusual patterns, such as large numbers of deposits from unrelated accounts, which could indicate money mule activity.
Enhanced Customer Due Diligence: Implement thorough customer due diligence processes to verify the identity and legitimacy of customers.
Transaction Monitoring: Monitor transactions for patterns indicative of money mule activity, such as frequent transfers between accounts with little or no apparent business relationship.
Network Analysis: Use network analysis to identify connections between accounts that may be involved in money mule schemes.
Behavioral Analysis: Analyze customer behavior for anomalies, such as sudden changes in transaction volume or velocity.
Collaboration: Share important insights with other financial institutions (and law enforcement agencies when necessary) to share intelligence and identify money mule networks without undermining customer privacy or data.

6. Payroll Scheme Fraud

There are multiple ways for bad actors to pull off a payroll scheme and even some big-name corporations have fallen prey to this type of activity. Data from the Chartered Institute of Payroll Professionals shows it can take roughly 18 months to uncover payroll fraud with median losses at $50,000.⁷

Payroll fraud can be an inside job where an employee deliberately inflates the hours they have worked on their timesheet or submits a false overtime payment claim. In another insider scenario, a payroll employee could redirect payments from a recently terminated employee to their own account.

In perhaps the spookiest example of payroll scheme fraud, companies are haunted by “ghost employees” — individuals who don’t actually work at the company but who collect a paycheck anyway. Even employers can commit payroll scheme fraud, such as intentionally misclassifying full-time employees as independent contractors to avoid payroll taxes. Fraudsters may even create fake employee profiles and onboard with companies using deepfake technology.

How Banks Can Prevent Payroll Scheme Fraud

To effectively prevent payroll scheme fraud, banks can employ the following measures:

Account Verification: Offer services that allow companies to verify the bank accounts of their employees.
Anomaly Detection: Implement systems to detect anomalies in payroll deposits, such as deposits to unusual accounts or sudden changes in deposit amounts.
Transaction Monitoring: Monitor transactions for patterns that may indicate payroll fraud, such as transfers from payroll accounts to personal accounts.
Collaboration with Businesses: Work closely with business clients to identify and address potential payroll fraud risks.
Employee Education: Educate business clients on how to detect and prevent payroll fraud.

7. Phishing

In a phishing attack, fraudsters will use a variety of tactics to deceive an individual into revealing personal information. These types of attacks could involve fraudsters using emails, phone calls, and websites and pretending to be legitimate businesses in order to deceive their target. Research from Feedzai and the Global Anti-Scams Alliance (GASA) shows scammers are most likely to use text/SMS messaging to contact their targets. The FTC reports that US consumers lost $470 million to text-based scams alone in 2024.⁸

Fraudsters often use an urgent tone of voice to convince their target to move quickly and transfer their money. These communications could contain links to fraudulent websites that have been designed to look like recognizable organizations (like eBay, for example). When the recipient clicks on the link, they can disclose their personal and payment information.

How Banks Can Prevent Phishing Scams

Advancements in GenAI are making phishing attacks more convincing and effective for criminals as common red flags like typos and grammatical errors become less common. Banks can take the following measures to protect customers and mitigate phishing risks:

Customer Education: Educate customers on identifying and preventing phishing attacks across various digital platforms such as email, messaging, and websites.
Email Authentication: Implement email authentication protocols to reduce the likelihood of phishing emails reaching customers.
Website Security: Ensure the security and authenticity of their websites to prevent customers from being tricked into entering information on fake sites.
Link Analysis: Implement systems to analyze links in electronic communications and detect suspicious or malicious links.
Real-Time Monitoring: Monitor customer activity for signs that an account may have been compromised through phishing, such as unusual login activity or transactions.

Final Thoughts on Real-time Payments Fraud

The era of instant payments and transfers requires the ability to avoid fraud and scam losses in the first place. Fraudsters are adept at exploiting the speed of real-time payments, making it crucial for banks and businesses to adopt advanced and adaptive security measures to avoid real-time payments fraud losses.

A multi-layered approach combining customer education, robust authentication, behavioral analytics, behavioral biometrics, and real-time monitoring is essential. While rules-based systems provide a solid foundation, integrating AI, machine learning, and behavioral biometrics enhances fraud detection and prevention. These technologies enable financial institutions to identify subtle anomalies, predict emerging threats, and respond swiftly to protect customers and assets in the fast-paced landscape of real-time payments.

Additional Resources

Blog: How Behavioral Biometrics Secures Real-time Payments
Report: 2025 AI Trends in Fraud and Financial Crime Prevention
eBook: How Banks Can Embrace the Future of Faster Payments
Solution: Scam Detection & Prevention Solutions

Frequently Asked Questions About Real-time Payments Fraud

Fraudsters exploit the speed of real-time payments, making it tough to catch scams before funds disappear.
They often use tricks like social engineering, phishing, or account takeovers to get their hands on your money.
The instant nature of these payments gives banks little time to intervene once a fraudulent transaction is initiated.

Banks can use super-smart AI and machine learning to spot suspicious activity right away.
They also beef up security with multi-factor authentication and real-time monitoring to keep your accounts safe.
Continuous monitoring and adaptive fraud models are crucial for staying ahead of new fraud patterns.

You’ll often see authorized push payment (APP) fraud, where you’re tricked into sending money yourself.
Other common scams include imposter scams, invoice fraud, and tech support scams, all designed to get you to willingly transfer funds.
These scams rely heavily on deception and psychological manipulation to bypass traditional security measures.

Footnotes

¹ UK Finance Annual Fraud Report 2025

² 2025 Identity Theft Study: Breaking Barriers to Innovation

³ IC3

⁴ Account Takeover Incidents are Rising: How to Protect Yourself

⁵ Federal Bureau of Investigation: Internet Crime Report 2024

⁶ Biggest ever crackdown on money mules in the UK

⁷ Occupational Fraud report 2024

⁸ New FTC Data Show Top Text Message Scams of 2024

All expertise and insights are from human Feedzaians, but we may leverage AI to enhance phrasing or efficiency. Welcome to the future.

ScamAlert Generative AI agent to better equip customers to spot scams

Discover How Feedzai and Form3 Improved APP Fraud Detection

Feedzai is a Leader in the IDC MarketScape for Enterprise Fraud Solutions 2024

The State of Anti-Money Laundering 2025

2025 AI Trends in Fraud and Financial Crime Prevention

Feedzai and Form3 Win Datos Insights 2024 Impact Award for Best Scam/APP Prevention Innovation