The headline from Open Banking Limited's June 2026 Payments & Fraud Monitor is a genuinely strong one: around one in 6,000 open banking payments were fraudulent in 2025, against roughly one in 2,500 across the wider payments industry. Open banking is, by rate, more than twice as safe as the payments landscape it sits inside.
That statistic is interesting - as is the context.
Open banking is scaling fast: more than 19 million active user connections and over 40 million payments every month in the UK. And fraud volumes turned back up in Q1 2026, returning towards historic levels after a low point a year earlier – growth that is happening alongside, not despite, the continued growth in payment volumes. A favourable rate on a rapidly expanding base does not mean falling exposure. It means the absolute number of fraud events is climbing while the percentage looks fine. Both things are true at once.
Authorised Push Payment (APP) fraud is not a minor category here – it accounts for more than two-thirds of reported open banking related fraud cases, with investment fraud standing out as one of the largest by value. APP fraud is structurally the hardest fraud type to resolve cleanly, because the customer did authorise the payment. The dispute that follows is about where the failure sat in the chain: the bank, the intermediary that routed the journey, the third-party provider on the receiving end. That question can take months to answer. The customer is left waiting through all of it.
Layered on top of that: the fraud itself is getting harder to catch early. Account providers are reporting increasingly complex scam techniques – impersonation, phishing and smishing, fake refund scams, and new fraud journeys built to exploit emerging digital payment methods. None of these stay still long enough for a single institution's fraud rules to keep pace on its own.
Two data points in the report are easy to skip past. Variable Recurring Payments show lower fraud rates than single immediate payments. App-authenticated journeys show lower fraud rates than browser-authenticated ones. Both are, in effect, cases with more continuous visibility built into the relationship – VRPs are pre-authorised and monitored over time, app authentication carries more context than a browser redirect. Where the industry already has better visibility, fraud is already lower.
The report's own recommendation follows the same logic to its conclusion: collaboration and data sharing remain central to fraud prevention, with tools such as Transaction Risk Indicators showing real potential to improve detection while reducing friction for genuine payments. That is the open banking standards body making the case, unprompted, for shared, continuous, cross-participant visibility – not better perimeter defence at each individual institution.
Invela is the infrastructure layer that makes open finance trustworthy – accrediting who's in the network, monitoring risk in near real-time, and ensuring liability lands in the right place.
Each piece answers a specific gap in the numbers above. Invela Accreditation establishes which third-party providers and intermediaries are genuinely who they claim to be, which is the direct counter to impersonation and fake-refund scams that work by mimicking a legitimate participant in the chain. Invela Risk Indicator monitors those participants continuously, so a new scam pattern surfacing at one account-accessing organisation doesn't have to be independently rediscovered by every other one before the network responds. And Invela Warranty – in development – is designed to shift economic responsibility to the parties introducing risk, so the liability question stops compounding into a second harm on top of the fraud itself.
None of this claims to stop the moment a customer is persuaded to authorise a fraudulent payment. That moment is human, not technical, and no accreditation framework reaches it. What continuous, network-level infrastructure changes is everything downstream of it: how fast a new pattern is recognised, and how quickly the liability question gets resolved instead of dragged out across however many parties touched the transaction.
The open banking fraud rate is a good number. The question worth thinking through is whether the industry is tracking it because the rate is genuinely being maintained – or because most institutions still can't see far enough through the open finance chain to know for certain either way.
Invela is the infrastructure layer that makes open finance trustworthy - accrediting who's in the network, monitoring risk in real time, and ensuring liability lands in the right place.