The UK’s new Fraud Strategy 2026–2029 is an important and overdue step – but on its current design it is unlikely to stop global scam networks on its own. From EFRI’s perspective, the core missing piece is a hard, enforceable “primary gatekeeper” regime for payment service providers and major online platforms, including real civil and even criminal accountability when they enable large‑scale fraud.
What the new Fraud Strategy actually does
In early March 2026, the UK Home Office published its Fraud Strategy 2026–2029: “Disrupting crime, supporting economic resilience and delivering justice”. The government explicitly recognises fraud as the most common crime in England and Wales, accounting for around 45 % of all crime and costing the economy over £14 billion in 2023–2024.
The strategy commits over £250 million between 2026 and 2029 and is built around three pillars: Disrupt, Safeguard, Respond.
Disrupt: cutting off tools and infrastructure
Under the Disrupt pillar, the UK plans to deny fraudsters access to the tools, technologies and platforms they rely on. Key measures include:
Launch of a new Online Crime Centre (OCC) in 2026, a £30 million specialist disruption unit bringing together police, intelligence agencies, banks, telecoms and tech firms to share data and dismantle scam infrastructure such as fraudulent websites, mule networks and fake online profiles.
Strengthened international partnerships and a planned Global Fraud Taskforce via INTERPOL to pursue overseas scam compounds that target UK victims.
Safeguard: building resilience
The Safeguard pillar aims to reduce vulnerabilities before harm occurs, for instance by:
Expanding the public awareness campaign “Stop! Think Fraud” to more types of scams.
Increasing data‑led proactive policing and targeted support for at‑risk groups and sectors.
Supporting cyber‑resilience centres that advise businesses on how to strengthen their defences.
Respond: victim support and justice
Finally, the Respond pillar focuses on a more coherent, victim‑centred response:
Operating Report Fraud, a new streamlined service to replace Action Fraud and feed higher‑quality intelligence into the Online Crime Centre.
Introducing a Fraud Victims Charter by 2027 with minimum standards of care across support providers.
Improving criminal and civil justice processes and exploring additional civil penalties to ensure fraudsters face consequences.
The strategy is explicitly framed as a “system‑wide” response that depends on collaboration between government, law enforcement, industry and civil society.
Why, despite all the new buzzwords, this Strategy will not cut fraud
Even if fully implemented, the 2026–2029 Strategy is unlikely on its own to dismantle global scam networks or close the payment‑protection gap identified in EFRI’s research.
First, fraud is inherently transnational. The new Online Crime Centre and the planned Global Fraud Taskforce are designed to coordinate international investigations and support action against overseas scam compounds. Yet experience from Europe, the UK and Asia shows that professional networks rapidly re‑route their operations when one channel closes – shifting to other PSPs, new jurisdictions, different intermediaries or crypto‑based payment rails.
Second, the plan still relies heavily on voluntary cooperation from technology platforms rather than setting clear liability rules where platforms repeatedly host or monetise scam advertising and fake accounts. As Which? points out, intelligence‑sharing and OCC‑led disruption are important, but if the front‑end “flood” of scams via social media and online ads is not addressed through enforceable duties, enforcement agencies will remain in a permanent state of catch‑up.
Third, the UK APP reimbursement regime, while crucial for victims, is compensatory rather than transformative. It gives banks stronger incentives to prevent APP fraud and ensures much better redress for many victims, but it does not itself redesign the deeper allocation of responsibilities between banks, platforms, telecoms and other critical gatekeepers. Without a shared‑liability model aligned with functional control across the entire scam chain – including telecoms and platforms – the underlying business model of global scam networks remains viable.
What EFRI believes is missing – and how the shared‑liability framework fills the gap
From EFRI’s perspective, the Strategy’s biggest weakness is that it still treats payment service providers and major platforms as policy partners rather than primary gatekeepers with hard, enforceable duties and serious consequences when they enable large‑scale fraud. This is exactly the gap Which? highlights when it says that “the most effective way to disrupt the fraudsters would be to make tech giants take responsibility and stop a flood of scams from appearing on their platforms in the first place – but this fraud strategy fails to do that.”
EFRI’s shared‑liability framework offers a concrete template for what is missing.
1. Strong civil liability tied to functional control
The party whose failure to discharge its regulatory and contractual duties (KYC/EDD, merchant monitoring, MCC governance, transaction monitoring, anomaly detection, blocking, recall) enabled the fraud should bear the loss by default.
Joint and several liability applies where multiple actors on the sending and receiving side demonstrably breached duties, leaving cost allocation to recourse actions between them.
Where it is unclear which party failed, there should be a rebuttable presumption that both are liable unless they can show compliance with their obligations – ensuring that victims are not left uncompensated because of industry‑created opacity.
This model is stricter and more granular than the UK’s simple 50:50 APP reimbursement split, which divides liability equally between sending and receiving PSPs regardless of who actually failed. While the UK model is easy to administer, EFRI’s research shows that it weakens incentives to identify and to hold liable those actors within the scam chain who actually support and enabled the fraud. as cases like Payvision B.V. have already demonstrated.
2. The consumer’s PSP as reimbursement anchor – with industry recourse behind the scenes
In EFRI’s framework, the consumer‑facing PSP (the payer’s ASPSP) acts as the reimbursement anchor:
Victims receive swift reimbursement from their own PSP, which is accessible and responsible for the customer relationship.
The PSP then pursues recourse against the failing actor(s) in the chain – beneficiary institutions, acquirers, telecom operators, social‑media platforms – based on who had functional control and failed.
Where chain opacity or technical complexity make immediate attribution difficult, the reimbursement anchor remains the payer’s PSP; information deficits created within the industry are not converted into permanent consumer losses.
This mirrors the trust architecture of card schemes, where issuers reimburse cardholders and recover from acquirers/merchants, and it ensures that liability allocation happens behind the scenes, not at the expense of victims.
3. Extending liability beyond banks: telecoms and digital platforms
EFRI’s shared‑liability concept explicitly includes telecoms and digital platforms, reflecting the reality that modern scams exploit the whole digital ecosystem:
Caller‑ID spoofing, fraudulent SMS, messaging apps and social‑media advertising are critical first‑mile enablers of fraud.
Where telecom and platform providers fail to implement adequate preventive controls – sender‑ID verification, ad‑buyer screening, timely takedowns – they too should bear liability for resulting losses, under the same principle: control entails responsibility; failure entails liability.
Which?’s criticism of the UK Strategy is fully aligned with this: without legal responsibility and real financial exposure for Big Tech, the system will continue to reward platforms that allow scams to “run rampant” while earning advertising revenue from them.
4. Technology and data duties as part of liability, not PR
EFRI also argues that liability and enforcement mechanisms must be accompanied by binding technology obligations for PSPs and other actors:
Real‑time analytics and anomaly detection for fraud‑induced payments.
“Kill switches” to freeze and recall funds across providers when scam patterns are detected.
Cross‑sector intelligence sharing as part of a Union Fraud Data Framework, not just ad‑hoc voluntary pilots.
The UK’s Online Crime Centre and Report Fraud service go in this direction, but they are not yet embedded in a liability regime that forces all participants to invest in such tools and to share data in near real time
5. Why this matters for the UK Strategy
Viewed through EFRI’s shared‑liability lens, the UK Fraud Strategy 2026–2029 is a necessary but incomplete answer:
It improves architecture and funding – through the OCC, Global Fraud Taskforce, Report Fraud and APP reimbursement – but does not yet embed a control‑driven shared‑liability model across the entire scam chain.
It introduces better data‑sharing rhetoric and some practical mechanisms, but much still relies on voluntary cooperation, especially from digital platforms that sit at the front door of the fraud epidemic.
It recognises victims more clearly, but does not yet guarantee outcome‑based reimbursement rights for all fraud‑induced payments, coupled with industry‑level recourse.
As long as these structural issues remain unresolved, the Strategy – for all its new institutions and buzzwords – will mainly manage symptoms. It will not be enough to dismantle the global business models that continue to devastate consumers and small investors in the UK, across Europe and beyond.
Our summary
We may already be past the point where the global wave of online fraud can simply be “stopped”. Fraud is now woven into the fabric of our digital economy and supercharged by AI, instant payments and borderless platforms. But that makes it all the more dangerous to hide behind half‑measures and buzzwords. As long as strategies tiptoe around hard liability, real gatekeeping duties and personal consequences for institutions and executives who enable scams at scale, we will not bend the curve – we will merely document, in ever more sophisticated reports, how the problem continues to grow.
